Terraform unable to create role and assign it for AWS spot fleet resource
Question
When launching spot fleet using terraform example here I need to provide the required value.
iam_fleet_role = "arn:aws:iam::12345678:role/spot-fleet"
However, I do not want to provide the account number so I want to create a role and attach the "AmazonEC2SpotFleetTaggingRole" policy so I wrote the code below, but I'm getting the error:
* aws_spot_fleet_request.cheap_compute: "iam_fleet_role" doesn't look like a valid ARN ("^arn:[\\w-]+:([a-zA-Z0-9\\-])+:([a-z]{2}-(gov-)?[a-z]+-\\d{1})?:(\\d{12})?:(.*)$"): "test_role"
What am I doing wrong or should I be doing it some other way?
resource "aws_iam_role" "test_role" {
name = "test_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
role = "${aws_iam_role.test_role.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}
# Request a Spot fleet
resource "a`enter code here`ws_spot_fleet_request" "cheap_compute" {
iam_fleet_role = "${aws_iam_role_policy_attachment.AmazonEC2SpotFleetTaggingRole-policy-attachment.role}"
spot_price = "0.77"
allocation_strategy = "diversified"
target_capacity = 2
valid_until = "2018-06-11T20:44:20Z"
launch_specification {
instance_type = "t2.micro"
ami = "ami-1853ac65"
spot_price = "0.777"
availability_zone = "us-east-1a"
tags {
Name = "spot-fleet-example"
}
}
}
1 answers
solution1
3 2018-06-04 10:30:57
You have a couple issues here:
- Spot Fleet role require that you have a trust relationship set for
spotfleet.amazonaws.com - You are referencing the created role incorrectly, you need to reference the
arnattribute of youraws_iam_roleresource
Example
Create your Spot Fleet role as referenced above:
resource "aws_iam_role" "example" {
name = "example-fleet-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "spotfleet.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
Attach the AWS managed policy to the role
resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
role = "${aws_iam_role.example.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}
Use the role with a spot fleet request by using the arn attribute from aws_iam_role
resource "aws_spot_fleet_request" "cheap_compute" {
iam_fleet_role = "${aws_iam_role.example.arn}"
spot_price = "0.77"
allocation_strategy = "diversified"
target_capacity = 2
valid_until = "2018-06-11T20:44:20Z"
launch_specification {
instance_type = "t2.micro"
ami = "ami-1853ac65"
spot_price = "0.777"
availability_zone = "us-east-1a"
tags {
Name = "spot-fleet-example"
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Setting AWS on-demand instances using Terraform aws_spot_fleet_request resource using a launch_template?
Terraform aws_spot_fleet_request iam_instance_profile
unable to create aws spot instance using terraform - Error: “MaxSpotInstanceCountExceeded”
Serverless: [AWS] Unable to create role resource with policy
When terraform applies aws_spot_fleet_request, how can I retrieve the private ip addresses?
Terraform aws_spot_fleet_request public_ip attribute not found
Can my AWS CloudFormation stack's Spot Fleet resource be a “request” instead of “maintain”-ed?
Assign user to aws iam role with terraform?
How create Spot instances with request type of fleet using boto3 and AWS Lambda
Create an AWS Resource Group with Terraform
Related Tags