Creating IAM instance profile: The given key does not identify an element in this collection value: the collection has no elements.

[allexivan]

Description

When setting create_iam_instance_profile, the module fails.

If your request is for a new feature, please use the Feature request template.

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 7.4.1

• Terraform version:
  v1.7.4

• Provider version(s):

• provider registry.terraform.io/hashicorp/aws v5.48.0
• provider registry.terraform.io/hashicorp/null v3.2.2
• provider registry.terraform.io/hashicorp/random v3.6.2

Reproduction Code [Required]

data "aws_ssm_parameter" "ecs_optimized_ami" {
  name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended"
}

module "autoscaling" {
  source  = "terraform-aws-modules/autoscaling/aws"
  version = "~> 7.4.1"

  create                 = var.asg_create
  create_launch_template = var.asg_create_launch_template

  for_each = {
    # On-demand instances
    asg_1 = {
      instance_type              = var.asg_instance_type
      use_mixed_instances_policy = false
      mixed_instances_policy     = {}
      user_data                  = <<-EOT
        #!/bin/bash

        cat <<'EOF' >> /etc/ecs/ecs.config
        ECS_CLUSTER=${module.ecs_cluster.name}
        ECS_LOGLEVEL=debug
        ECS_CONTAINER_INSTANCE_TAGS=${jsonencode(var.resource_tags)}
        ECS_ENABLE_TASK_IAM_ROLE=true
        EOF
      EOT
    }
  }

  name                            = "${var.prefix}-${var.environment}-${var.cluster_name}-${each.key}"
  image_id                        = jsondecode(data.aws_ssm_parameter.ecs_optimized_ami.value)["image_id"]
  instance_type                   = each.value.instance_type
  enable_monitoring               = true
  security_groups                 = var.asg_security_groups
  user_data                       = base64encode(each.value.user_data)
  ignore_desired_capacity_changes = true
  create_iam_instance_profile     = true
  iam_role_name                   = "${var.prefix}-${var.environment}-${var.cluster_name}-asg-role"
  iam_role_description            = "ECS ASG role for ${var.prefix}-${var.environment}-${var.cluster_name}"
  iam_role_tags                   = merge(var.tags, var.resource_tags)
  iam_role_policies = {
    AmazonEC2ContainerServiceforEC2Role = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
    AmazonSSMManagedInstanceCore        = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
  }
  vpc_zone_identifier = var.asg_private_subnets
  health_check_type   = "EC2"
  min_size            = var.asg_min_size
  max_size            = var.asg_max_size
  desired_capacity    = var.asg_desired_capacity

  # https://github.com/hashicorp/terraform-provider-aws/issues/12582
  autoscaling_group_tags = {
    AmazonECSManaged = true
  }

  # Required for  managed_termination_protection = "ENABLED"
  protect_from_scale_in = false

  # Spot instances
  use_mixed_instances_policy = each.value.use_mixed_instances_policy
  mixed_instances_policy     = each.value.mixed_instances_policy

  tags = merge(var.tags, var.resource_tags)
}

vars:

    asg_create                            = true
    asg_create_launch_template            = true
    asg_instance_type                     = "t2.micro"
    asg_min_size                          = 0
    asg_max_size                          = 10
    asg_desired_capacity                  = 0
    asg_security_groups                   = ["asg-sg"]

Steps to reproduce the behavior:

Expected behavior

To create IAM Instance role

Actual behavior

│ Error: Invalid index
│ 
│   on .terraform/modules/ecs_cluster.autoscaling/main.tf line 22, in locals:
│   22:   iam_instance_profile_arn  = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].arn : var.iam_instance_profile_arn
│     ├────────────────
│     │ aws_iam_instance_profile.this is empty tuple
│ 
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/ecs_cluster.autoscaling/main.tf line 22, in locals:
│   22:   iam_instance_profile_arn  = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].arn : var.iam_instance_profile_arn
│     ├────────────────
│     │ aws_iam_instance_profile.this is empty tuple
│ 
│ The given key does not identify an element in this collection value: the collection has no elements.

[bryantbiggs]

just on a cursory glance, your code looks incorrect with the for_each loop. I would recommend removing this

[allexivan]

@bryantbiggs Yes, probably. It was from example from here:

https://github.com/terraform-aws-modules/terraform-aws-ecs/blob/84cf54a603c9d976a150ec6aea4ab63eb0efd773/examples/ec2-autoscaling/main.tf#L237

Anyway, it works if I create the instance profile outside of the module and link it with iam_instance_profile_arn = aws_iam_instance_profile.ssm

I will test it without for_each

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days