i ran into the same problem. this helped. Thank you.
here's my snippet, if it helps anyone else.
/*
create BaseIAMRole for instances deployed by spinnaker
*/
resource "aws_iam_role" "BaseIAMRole" {
name = "BaseIAMRole"
path = "/devops/deployment/spinnaker/"
description = "instances deployed with Spinnaker will assume this role"
assume_role_policy = "${data.aws_iam_policy_document.policy_instance_assumerole.json}"
}
data "aws_iam_policy_document" "policy_instance_assumerole" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
}
}
}
resource "aws_iam_instance_profile" "BaseIAMRole" {
name = "BaseIAMRole"
role = "${aws_iam_role.BaseIAMRole.name}"
}