Skip to main content

Failed to create AWS Cluster - Invalid IAM Instance Profile name

Alex Christopher Ramos
  • Updated

Issue

We've encountered some issues wherein customer's cannot create an AWS cluster. With the following error logs in the capa-controller.

kubectl logs -n capa-system -l=control-plane=capa-controller-manager
I0426 05:00:22.180343       1 awsmachine_controller.go:636]  "msg"="Creating EC2 instance"  
E0426 05:00:22.983051       1 awsmachine_controller.go:497]  "msg"="unable to create instance" "error"="failed to create AWSMachine instance: failed to run instance: InvalidParameterValue: Value (control-plane.cluster-api-provider-aws.sigs.k8s.io) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name\n\tstatus code: 400, request id: c635a90c-810f-4444-b387-ef130248bdbd"  
E0426 05:00:23.029415       1 controller.go:317] controller/awsmachine "msg"="Reconciler error" "error"="failed to create AWSMachine instance: failed to run instance: InvalidParameterValue: Value (control-plane.cluster-api-provider-aws.sigs.k8s.io) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name\n\tstatus code: 400, request id: c635a90c-810f-4444-b387-ef130248bdbd" "name"="d2iq-k8s-management-cluster-control-plane-wzf42" "namespace"="default" "reconciler group"="infrastructure.cluster.x-k8s.io" "reconciler kind"="AWSMachine"

Solution

The error means that the IAM Instance Profile given is missing. That's why the controller cannot assign this IAM Role into the instance. Therefore, failing to create the EC2 instance altogether.

It is a prerequisite to create the necessary IAM artifacts in AWS prior to creating a cluster. Please follow the documentation for creating these artifacts.

Additionally, when creating the IAM artifacts. If a different InstanceProfileName has been used instead of the default control-plane.cluster-api-provider-aws.sigs.k8s.io and nodes.cluster-api-provider-aws.sigs.k8s.io, then this name has to be specified during the cluster creation, via the flag

dkp create cluster aws ...... --control-plane-iam-instance-profile <CP_InstanceProfileName> --worker-iam-instance-profile <Worker_InstanceProfileName>