Aws-cdk: [iam] The value supplied for parameter 'instanceProfileName' is not valid.

Created on 12 Nov 2020 · 9Comments · Source: aws/aws-cdk

Question

Running cdk deploy I receive the following error message:

CREATE_FAILED | AWS::ImageBuilder::InfrastructureConfiguration | TestInfrastructureConfiguration The value supplied for parameter 'instanceProfileName' is not valid. The provided instance profile does not exist. Please specify a different instance profile and try again. (Service: Imagebuilder, Status Code: 400, Request ID: 41f431d7-8544-48e9-9faf-a870b83b0100, Extended Request ID: null)

The C# code looks like this:

var instanceProfile = new CfnInstanceProfile(this, "TestInstanceProfile", new CfnInstanceProfileProps {
  InstanceProfileName = "test-instance-profile",
  Roles = new string[] { "TestServiceRoleForImageBuilder" }
});

var infrastructureConfiguration = new CfnInfrastructureConfiguration(this, "TestInfrastructureConfiguration", new CfnInfrastructureConfigurationProps {
  Name = "test-infrastructure-configuration",
  InstanceProfileName = instanceProfile.InstanceProfileName,
  InstanceTypes = new string[] { "t2.medium" },
  Logging = new CfnInfrastructureConfiguration.LoggingProperty {
    S3Logs = new CfnInfrastructureConfiguration.S3LogsProperty {
      S3BucketName = "s3-test-assets",
      S3KeyPrefix = "ImageBuilder/Logs"
    }
  },
  SubnetId = "subnet-12f3456f",
  SecurityGroupIds = new string[] { "sg-12b3e4e5b67f8900f" }
});

The TestServiceRoleForImageBuilder exists and was working previously. Same code was running successfully about a month ago. Any suggestions?

If I remove the CfninfrastructureConfiguration creation part, deployment runs successfully:, but takes at least 2 minutes to complete.

AwsImageBuilderStack: deploying...
AwsImageBuilderStack: creating CloudFormation changeset...
0/3 | 14:24:37 | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | AwsImageBuilderStack User Initiated
0/3 | 14:24:43 | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | AwsImageBuilderStack User Initiated
0/3 | 14:24:47 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
0/3 | 14:24:47 | CREATE_IN_PROGRESS | AWS::IAM::InstanceProfile | TestInstanceProfile
0/3 | 14:24:47 | CREATE_IN_PROGRESS | AWS::IAM::InstanceProfile | TestInstanceProfile Resource creation Initiated
1/3 | 14:24:48 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
1/3 | 14:24:48 | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
1/3 Currently in progress: AwsImageBuilderStack, TestInstanceProfile
3/3 | 14:26:48 | CREATE_COMPLETE | AWS::IAM::InstanceProfile | TestInstanceProfile
3/3 | 14:26:49 | CREATE_COMPLETE | AWS::CloudFormation::Stack | AwsImageBuilderStack

Is it probably some race condition? Should I use multiple stacks to achieve my goal?

Environment

CDK CLI Version: 1.73.0
Node.js Version: 14.13.0
OS: Windows 10
Language (Version): C# (.NET Core 3.1)

@aws-cdaws-iam causl1-name-instead-of-ref guidance languagdotnet needs-triage

Source

dign17

All 9 comments

Should it be possible to use a wait condition (AWS::CloudFormation::WaitCondition) to bypass the 2 minutes of creation time in case it is intended (AWS::IAM::InstanceProfile resources always take exactly 2 minutes to create)?

dign17 on 16 Nov 2020

Since the cause seems to be AWS internal, I used a pre-created instance profile as a workaround. The profile can be either created through IAM Management Console or CLI. However it would be nice to have a proper solution.

dign17 on 17 Nov 2020

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] on 17 Nov 2020

  InstanceProfileName = instanceProfile.InstanceProfileName,

Needs to use AttrInstanceProfileName, otherwise there is no dependency between the two resources and deployment results in a race condition that sometimes works and sometimes doesn't (depending on which resource gets created first).

rix0rrr on 23 Nov 2020

👍1

⚠️COMMENT VISIBILITY WARNING⚠️

github-actions[bot] on 23 Nov 2020

@rix0rrr: Could you further explain what you mean? In my example I have the same code snippet you show (a dependency between the resources in my opinion). So should this approach work or is it unstable due to the race condition?

dign17 on 23 Nov 2020

👍1

I will repeat:

Needs to use AttrInstanceProfileName

rix0rrr on 24 Nov 2020

@rix0rrr: I can't find this property, can you point me at the right place in .Net documentation?

dign17 on 24 Nov 2020

I will repeat:

Needs to use AttrInstanceProfileName

How to make the own blog post about "A story of horrible customer support" to the reality for other peoples.
"I already descriped the solution with 4 words. As you didn't understand, I repeat the 4 words again, so we are in an endless horror support loop together now.". Just think about that @rix0rrr