I have an issue where I am not getting the instance-profile in the ARN path. Code snippet:
resource "aws_launch_template" "launch-template" {
image_id = data.aws_ami.ecs.id
instance_type = "c5.large"
iam_instance_profile {
arn = aws_iam_role.ecsInstanceRole.arn
}
}
resource "aws_iam_role" "ecsInstanceRole" {
name = "assess-instance-role"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
I get the following error:
Error: error creating EC2 Launch Template (lt-12344444444444) Version: InvalidIamInstanceProfileArn.Malformed: The ARN ‘arn:aws:iam::1234444444444:role/assess-instance-role’ is not valid. The expected format is arn:aws:iam:::instance-profile/ (this is followed by < instance-profile-name > but the formatting it not letting me write it.
I am on the following version:
Terraform v1.2.3
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v3.75.2
As Jordanm pointed out in the comment, you can't attach a role to an ec2, you must create an instance profile from the role: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile