search

NetApp / terraform-provider-netapp-cloudmanager

Terraform provider to create NetAPP OCCM instances, CVO resources, volumes, snapshots, ... in Azure, AWS, GCP.
Mozilla Public License 2.0
17 stars 27 forks source link

Error: InvalidParameterValue: Value (OCCM_AUTOMATION) for parameter iamInstanceProfile.name is invalid. #15

Closed pl1ght closed 4 years ago

pl1ght commented 4 years ago

AWS -Creating Cloud Connector- I have successfully generated Cloud.netapp.com refresh token, created AWS IAM Role/Policies, kept default naming convention of OCCM_AUTOMATION. Definitely getting to AWS as it validates my VPC and SGs, but fails when trying to find the IAM Policy OCCM_AUTOMATION with Error: InvalidParameterValue: Value (OCCM_AUTOMATION) for parameter iamInstanceProfile.name is invalid. I am aware there is a time frame after creating AWS Policy before it may show active, but it has been 12 hours. Terraform apply bombs out after inserting refresh token and saying Yes that it can't find the above IAM Policy. Hopefully just doing something dumb. I can aws iam list-policies to validate that my policy does exist.

pl1ght commented 4 years ago

AWS -Creating Cloud Connector- I have successfully generated Cloud.netapp.com refresh token, created AWS IAM Role/Policies, kept default naming convention of OCCM_AUTOMATION. Definitely getting to AWS as it validates my VPC and SGs, but fails when trying to find the IAM Policy OCCM_AUTOMATION with Error: InvalidParameterValue: Value (OCCM_AUTOMATION) for parameter iamInstanceProfile.name is invalid. I am aware there is a time frame after creating AWS Policy before it may show active, but it has been 12 hours. Terraform apply bombs out after inserting refresh token and saying Yes that it can't find the above IAM Policy. Hopefully just doing something dumb. I can aws iam list-policies to validate that my policy does exist.

resource "netapp-cloudmanager_connector_aws" "cl-occm-aws" { provider = netapp-cloudmanager name = "TF-ConnectorAWS" region = "us-east-1" key_name = "automation_key" company = "NetApp" instance_type = "t3.xlarge" subnet_id = "subnet-XXXXXXX" security_group_id = "sg-XXXXX" iam_instance_profile_name = "OCCM_AUTOMATION" account_id = "account-XXXXX"

edarzi commented 4 years ago

Did you create policy and role which use that policy? You should provide the name of the role

pl1ght commented 4 years ago

Yes, created IAM policy, in AWS using cloud manager example, attached EC2 role to that policy. Is there a var in that config to add the role as well? I worked off of the default example just to validate auth/aws side was correct. If there is a more indepth documenation on this I would be happy to dig in further. Appreciate the quick response.

edarzi commented 4 years ago

And the name of the role is OCCM_AUTOMATION?

From: Dave Withers notifications@github.com Sent: Thursday, November 12, 2020 6:54:18 PM To: NetApp/terraform-provider-netapp-cloudmanager terraform-provider-netapp-cloudmanager@noreply.github.com Cc: Darzi, Eran Eran.Darzi@netapp.com; Comment comment@noreply.github.com Subject: Re: [NetApp/terraform-provider-netapp-cloudmanager] Error: InvalidParameterValue: Value (OCCM_AUTOMATION) for parameter iamInstanceProfile.name is invalid. (#15)

NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Yes, created IAM policy, in AWS using cloud manager example, attached EC2 role to that policy. Is there a var in that config to add the role as well? I worked off of the default example just to validate auth/aws side was correct. If there is a more indepth documenation on this I would be happy to dig in further. Appreciate the quick response.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/NetApp/terraform-provider-netapp-cloudmanager/issues/15#issuecomment-726202605, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALB4HM67INWLXG5PVA6IYGLSPQHLVANCNFSM4TTQUHSQ.

pl1ght commented 4 years ago

yes,correct. I just used all of the example config name defaults in my AWS account IAM roles.

avivdeg commented 4 years ago

Here is the direct link to the relevant policies: https://mysupport.netapp.com/site/info/cloud-manager-policies

From: Dave Withers notifications@github.com Date: Thursday, 12 November 2020 at 19:10 To: NetApp/terraform-provider-netapp-cloudmanager terraform-provider-netapp-cloudmanager@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: Re: [NetApp/terraform-provider-netapp-cloudmanager] Error: InvalidParameterValue: Value (OCCM_AUTOMATION) for parameter iamInstanceProfile.name is invalid. (#15)

yes,correct. I just used all of the example configs defaults in my AWS account IAM roles.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/NetApp/terraform-provider-netapp-cloudmanager/issues/15#issuecomment-726212411, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AHCEHVVOKQZUGVWKH7WG42DSPQJIVANCNFSM4TTQUHSQ.

edarzi commented 4 years ago

Just to verify the required steps:

  1. create policy with the following permissions: https://occm-sample-policies.s3.amazonaws.com/Policy_for_Cloud_Manager_3.8.7.json (names it: OCCM_AUTOMATION )
  2. Create role of type ec2 which used the created policy (OCCM_AUTOMATION) from the previous step and name it also: OCCM_AUTOMATION
pl1ght commented 4 years ago

Cheers! I had missed one role, looking good now. Thank you for the very quick responses folks!