Cloud9 failing with "Instance profile AWSCloud9SSMInstanceProfile does not exist in account" using terraform

Question

I am trying to create a Cloud9 environment using Terraform. I have also added a `depends_on` clause like so:

`resource "aws_cloud9_environment_ec2" "cloud9_env" {
  instance_type                   = "t2.micro"
  name                            = "${var.target_infra}-${var.app_name}-admin"
  subnet_id                       = local.cloud9_subnet
  connection_type                 = "CONNECT_SSM"
  automatic_stop_time_minutes     = 30
  depends_on = [ aws_iam_instance_profile.AWSCloud9SSMInstanceProfile ]
  tags = local.common_tags
}
`
I can see from the logs that the instance profile is indeed getting created:
![Enter image description here](/media/postImages/original/IM9tIg9VASQgqteu-8feHoAg)
Even verified the same with the AWS CLI.

But, I still get this error :

![Enter image description here](/media/postImages/original/IMk4sbh7WdSRuqLL0QgL4e4w)

Accepted Answer

Hi,
Go to these pages;
1.  https://docs.aws.amazon.com/cloud9/latest/user-guide/troubleshooting.html
2. https://docs.aws.amazon.com/cloud9/latest/user-guide/ec2-ssm.html#cfn-role-and-permissions

and create the role suggested by those pages manually to see if it helps

Excerpt from 1st page above
```
Error message reporting "Instance profile AWSCloud9SSMInstanceProfile
does not exist in account" when creating EC2 environment using AWS 
CloudFormation

Issue: When using the AWS::Cloud9::EnvironmentEC2 AWS CloudFormation 
resource to create an EC2 environment, users receive an error message that
 Instance profile AWSCloud9SSMInstanceProfile does not exist in account.

Cause: When creating a no-ingress EC2 environment, you must create the 
service role AWSCloud9SSMAccessRole and the instance profile 
AWSCloud9SSMInstanceProfile. These IAM resources enable Systems Manager 
to manage the EC2 instance that backs your development environment.

If you create a no-ingress environment with the console, AWSCloud9SSMAccessRole 
and AWSCloud9SSMInstanceProfile are created automatically. But when using 
AWS CloudFormation or AWS CLI to create your first no-ingress environment, you 
must create these IAM resources manually.

Recommended solution: For information about editing your AWS CloudFormation 
template and updating IAM permissions, see Using AWS CloudFormation to create 
no-ingress EC2 environments
```

Hope it helps

Didier

Cloud9 failing with "Instance profile AWSCloud9SSMInstanceProfile does not exist in account" using terraform

관련 콘텐츠