consistently having timing issues w/ IAM Instance Profile and EC2 creation...
358 views
Skip to first unread message
Timothy Kimball
Mar 16, 2016, 10:16:47 AM3/16/16
to Terraform
I have:
* A module which creates an EC2 instance
* A module which creates an IAM instance profile that I use a machine role for the EC2 instance.
* I have a top level main.tf which takes the output of the IAM module and passes it as input into the EC2 module
I consistently see an error of the form:
"* aws_instance.ec2: Error launching source instance: InvalidParameterValue: IAM Instance Profile "arn:aws:iam::<deleted>:instance-profile/<deleted>" has no associated IAM Roles"
If I immediately re-run terraform, it starts to create the EC2 instance - which suggests a timing problem?
Do I need to an explicit 'depends_on'?
I have seen this pretty consistently and across different terraform configurations.
I am running v0.16.12 of terraform.
As always: you are awesome and I love your product :D
Thanks!
Tim
Joe Franklin
Apr 21, 2016, 7:29:33 PM4/21/16
to Terraform
Tim,
I'm having the same issue. Were you able to figure it out?
joe
Stuart Wong
Apr 26, 2016, 6:45:23 PM4/26/16
to Terraform
I had similar issue and used a local-exec command with a sleep to resolve:
provisioner "local-exec" {
command = "sleep 15"
}
My understanding is that the IAM component is not actually ready and hence when the next dependent component tries to access the resource it's not available. Don't know whether it's Terraform or AWS but since Cloudformation gets it right and Terraform doesn't...
Anyway, hope this helps.
Regards.
On Wednesday, March 16, 2016 at 9:16:47 AM UTC-5, Timothy Kimball wrote:
Ethan Edwards
Apr 27, 2016, 12:10:14 PM4/27/16
to Terraform
It's definitely AWS. There is a propagation delay with IAM. I suspect they have serious caching in front of it.
Timothy Kimball
Apr 27, 2016, 12:27:23 PM4/27/16
to Terraform
Some sort of polling by terraform here would go a long way to fix. Polling is not great - but without notifications or a blocking call from AWS or even atlas (hint hint :)) - not sure what the alternatives are...
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/c941943f-3150-4f78-b1c8-25c43e46d705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Igor Cicimov
Apr 27, 2016, 8:29:27 PM4/27/16
to Terraform
Strange, I'm heavily using IAM role policies for absolutely every instance I launch and have never seen this issue, at least in the regions of AU and UK. Although I usually launch them via aws_launch_configuration referencing with iam_instance_profile which might be a slower operation that permits the IAM to finish what it is doing in time.
Is this happening for specific region or all of them?
Is this happening for specific region or all of them?
Stuart Wong
Apr 27, 2016, 8:44:47 PM4/27/16
to Terraform
For me it's been us-east-1 and us-west-1. Haven't tried the rest.
Timothy Kimball
Apr 28, 2016, 10:29:07 AM4/28/16
to Terraform
I have had the problem in eu-west-1.
I suspect the aws_launch_configuration is creating delays.
On Thu, Apr 28, 2016 at 1:44 AM Stuart Wong <cgs....@gmail.com> wrote:
For me it's been us-east-1 and us-west-1. Haven't tried the rest.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/f6e927ac-944b-4977-ada7-5d0953e7b913%40googlegroups.com.
Igor Cicimov
May 3, 2016, 3:12:08 AM5/3/16
to Terraform
Well maybe spoke too soon. Today I updated to v0.6.15 and got the following error:
* aws_launch_configuration.mylc: Error creating launch configuration: ValidationError: You are not authorized to perform this operation.
status code: 400, request id: xxxxxxxxxxxxxxxxx
After replaying all was fine though. Not sure if related but looks like timing issue with the IAM roles.
Cheers,
Igor
* aws_launch_configuration.mylc: Error creating launch configuration: ValidationError: You are not authorized to perform this operation.
status code: 400, request id: xxxxxxxxxxxxxxxxx
After replaying all was fine though. Not sure if related but looks like timing issue with the IAM roles.
Cheers,
Igor
Reply all
Reply to author
Forward
0 new messages