By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cloud9 failing with "Instance profile AWSCloud9SSMInstanceProfile does not exist in account" using terraform

0

I am trying to create a Cloud9 environment using Terraform. I have also added a depends_on clause like so:

resource "aws_cloud9_environment_ec2" "cloud9_env" { instance_type = "t2.micro" name = "${var.target_infra}-${var.app_name}-admin" subnet_id = local.cloud9_subnet connection_type = "CONNECT_SSM" automatic_stop_time_minutes = 30 depends_on = [ aws_iam_instance_profile.AWSCloud9SSMInstanceProfile ] tags = local.common_tags } I can see from the logs that the instance profile is indeed getting created: Enter image description here Even verified the same with the AWS CLI.

But, I still get this error :

Enter image description here

Topics
Developer ToolsCompute
Tags
AWS Cloud9Amazon EC2Terraform
Language
English
Dev-TVX
asked 10 months ago520 views
1 Answer
1
Accepted Answer

Hi, Go to these pages;

  1. https://docs.aws.amazon.com/cloud9/latest/user-guide/troubleshooting.html
  2. https://docs.aws.amazon.com/cloud9/latest/user-guide/ec2-ssm.html#cfn-role-and-permissions

and create the role suggested by those pages manually to see if it helps

Excerpt from 1st page above

Error message reporting "Instance profile AWSCloud9SSMInstanceProfile
does not exist in account" when creating EC2 environment using AWS 
CloudFormation

Issue: When using the AWS::Cloud9::EnvironmentEC2 AWS CloudFormation 
resource to create an EC2 environment, users receive an error message that
 Instance profile AWSCloud9SSMInstanceProfile does not exist in account.

Cause: When creating a no-ingress EC2 environment, you must create the 
service role AWSCloud9SSMAccessRole and the instance profile 
AWSCloud9SSMInstanceProfile. These IAM resources enable Systems Manager 
to manage the EC2 instance that backs your development environment.

If you create a no-ingress environment with the console, AWSCloud9SSMAccessRole 
and AWSCloud9SSMInstanceProfile are created automatically. But when using 
AWS CloudFormation or AWS CLI to create your first no-ingress environment, you 
must create these IAM resources manually.

Recommended solution: For information about editing your AWS CloudFormation 
template and updating IAM permissions, see Using AWS CloudFormation to create 
no-ingress EC2 environments

Hope it helps

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content