spot instance request fails with Invalid IAM Instance Profile name

[richardbowden]

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

0.7.1

Affected Resource(s)

may effect one of these

• aws_spot_instance_request
• aws_instance
• aws_iam_role
• aws_iam_instance_profile

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

provider "aws" {
  region = "${var.aws_region}"
}

variable "aws_region" {
    default = "eu-central-1"
}

variable "keypair" {
    default = "terratest"
}

variable "vpc_id" {
    default = "vpc-4005ea29"
}

data "aws_ami" "ubuntu" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
  owners = ["099720109477"] # Canonical
}

resource "aws_spot_instance_request" "consul_cluster" {
  ami                    = "${data.aws_ami.ubuntu.id}"
  count                  = 1
  spot_price             = "0.04"
  instance_type          = "m4.xlarge"

  iam_instance_profile   = "${aws_iam_instance_profile.consul_instance_profile.name}"

  vpc_security_group_ids = ["${aws_security_group.access.id}"]
  key_name               = "${var.keypair}"
  wait_for_fulfillment   = true

  tags {
    Name = "consul_srv_${count.index}"
  }
}

resource "aws_security_group" "access" {
  name = "consul_access"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"] //only for this example
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  vpc_id = "${var.vpc_id}"
}

resource "aws_iam_instance_profile" "consul_instance_profile" {
  name  = "consul_instance_profile"
  roles = ["${aws_iam_role.consul_iam_role.name}"]
}

// IAM Stuff
resource "aws_iam_role" "consul_iam_role" {
  name = "consul_iam_role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

Debug Output

first run : https://gist.github.com/richardbowden/9221914de9d541f314addc9d2f1a5496
second run: https://gist.github.com/richardbowden/d5b7d22eff89ed375314d7d54dcb0325

Panic Output

n/a

Expected Behaviour

the spot request should finish without error "Invalid IAM Instance Profile name"

Actual Behaviour

on the first run (see debug output called first run), everything gets created, including iam_role and instance_profile, when the spot instance is requested, an error is produced as follows:

Error applying plan:

1 error(s) occurred:

* aws_spot_instance_request.consul_cluster: Error requesting spot instances: InvalidParameterValue: Value (consul_instance_profile) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
        status code: 400, request id: ce73435e-5018-4798-8942-6b47ec013d19

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

However, this is not the case, when checking the iam_role and instance_profile using the aws cli tools, both are present and correct.

On running terraform apply a second time, the spot request is created with no errors, the iam_role and instance_profile are used from the previous run

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. change vars vpc_id and keypair in the config above
2. terraform apply we get a failure (debug run 1)
3. terraform apply the second time it works (debug run 2)

Important Factoids

n/a

References

N/A

[richardbowden]

I believe I have a fix for this in my fork, i have wrapped the spot request with resource.retry, now spot requests with IAM Roles now work as expected, i have tested a number of times, works each time, the fix is here, richardbowden@687fdb8 i can make a pull request if someone is happy ?

[kbarek]

Ran into this bug with terraform 0.7.0 and 0.7.1. It doesn't happen on every apply, but when it does a second apply always succeeds.

[realflash]

Probably hashicorp/terraform-provider-aws#838

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.