amazon-web-serviceskubernetesterraformterraform-provider-awskarpenter

Error Attaching IAM Role to an Instance Profile


I am trying to attach an IAM role to an instance profile for aws karpenter to be able to provision nodes on my behalf. I have already created the role, role-karpenter, from the console.

Below is the terraform script:

data "aws_iam_role" "karpenter_node_group_role" {
  name = "role-karpenter"
}

resource "aws_iam_instance_profile" "karpenter" {
  name = "KarpenterNodeInstanceProfile"
  role = data.aws_iam_role.karpenter_node_group_role.name
}

This is the Error I am getting:

removing role arn:aws:iam::xxxx:role/role-karpenter from IAM instance profile KarpenterNodeInstanceProfile-cluster: ValidationError: The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
│   status code: 400, request id: 7e631745-e7cb-4542-b19f-2b3872c8cbc3

Options I have tried: I have used all these different terraform attribute references for the role

# name attribute
role = data.aws_iam_role.karpenter_node_group_role.name

# id attribute
role = data.aws_iam_role.karpenter_node_group_role.id

# arn attribute
role = data.aws_iam_role.karpenter_node_group_role.arn

Solution

  • The fix for me was to remove the resource from the state file and rerun it again

    terraform state rm module.eks.aws_iam_instance_profile.karpenter
    

    Then

    terraform plan && terraform apply