amazon.aws.iam_role: EntityAlreadyExists after 7.3.0 collection

Summary

I have been using 7.3.0 collection for some time, but it stopped working with upgrade to 7.5.0. amazon.aws.iam_role is no longer able to ignore already existing entries and it fails with

fatal: [ae1ascs -> localhost]: FAILED! => {
    "boto3_version": "1.34.97",
    "botocore_version": "1.34.97",
    "changed": false,
    "error": {
        "code": "EntityAlreadyExists",
        "message": "Instance Profile HA-Role-Pacemaker already exists.",
        "type": "Sender"

Traceback (most recent call last):
  File "/tmp/ansible_amazon.aws.iam_role_payload_olpq3tet/ansible_amazon.aws.iam_role_payload.zip/ansible_collections/amazon/aws/plugins/modules/iam_role.py", line 685, in main
    create_or_update_role(module, client)
  File "/tmp/ansible_amazon.aws.iam_role_payload_olpq3tet/ansible_amazon.aws.iam_role_payload.zip/ansible_collections/amazon/aws/plugins/modules/iam_role.py", line 496, in create_or_update_role
    changed |= create_instance_profiles(client, check_mode, role_name, path)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_amazon.aws.iam_role_payload_olpq3tet/ansible_amazon.aws.iam_role_payload.zip/ansible_collections/amazon/aws/plugins/modules/iam_role.py", line 523, in create_instance_profiles
    create_iam_instance_profile(client, role_name, path, {})
  File "/tmp/ansible_amazon.aws.iam_role_payload_olpq3tet/ansible_amazon.aws.iam_role_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/errors.py", line 46, in handler
    raise cls._CUSTOM_EXCEPTION(message=f"Failed to {description}", exception=e) from e
ansible_collections.amazon.aws.plugins.module_utils.iam.AnsibleIAMError: Failed to create instance profile: An error occurred (EntityAlreadyExists) when calling the CreateInstanceProfile operation: Instance Profile HA-Role-Pacemaker already exists.

Issue Type

Bug Report

Component Name

amazon.aws.iam_role

Ansible Version

$ ansible --version
ansible [core 2.16.6]
  config file = None
  configured module search path = ['/home/mmamula/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/mmamula/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.9 (main, Apr 08 2024, 06:18:15) [GCC] (/usr/bin/python3.11)
  jinja version = 3.1.3
  libyaml = True

Collection Versions

$ ansible-galaxy collection list
Collection                               Version
---------------------------------------- -------
amazon.aws                               7.5.0
ansible.netcommon                        5.3.0
ansible.posix                            1.5.4
ansible.utils                            2.12.0
ansible.windows                          2.3.0
arista.eos                               6.2.2
awx.awx                                  23.9.0
azure.azcollection                       1.19.0
check_point.mgmt                         5.2.3
chocolatey.chocolatey                    1.5.1
cisco.aci                                2.9.0
cisco.asa                                4.0.3
cisco.dnac                               6.13.3
cisco.intersight                         2.0.8
cisco.ios                                5.3.0
cisco.iosxr                              6.1.1
cisco.ise                                2.8.1
cisco.meraki                             2.18.0
cisco.mso                                2.6.0
cisco.nxos                               5.3.0
cisco.ucs                                1.10.0
cloud.common                             2.1.4
cloudscale_ch.cloud                      2.3.1
community.aws                            7.2.0
community.azure                          2.0.0
community.ciscosmb                       1.0.7
community.crypto                         2.19.0
community.digitalocean                   1.26.0
community.dns                            2.9.0
community.docker                         3.9.0
community.general                        8.6.0
community.grafana                        1.8.0
community.hashi_vault                    6.2.0
community.hrobot                         1.9.2
community.library_inventory_filtering_v1 1.0.1
community.libvirt                        1.3.0
community.mongodb                        1.7.3
community.mysql                          3.9.0
community.network                        5.0.2
community.okd                            2.3.0
community.postgresql                     3.4.0
community.proxysql                       1.5.1
community.rabbitmq                       1.3.0
community.routeros                       2.15.0
community.sap                            2.0.0
community.sap_libs                       1.4.2
community.sops                           1.6.7
community.vmware                         4.3.0
community.windows                        2.2.0
community.zabbix                         2.3.1
containers.podman                        1.13.0
cyberark.conjur                          1.2.2
cyberark.pas                             1.0.25
dellemc.enterprise_sonic                 2.4.0
dellemc.openmanage                       8.7.0
dellemc.powerflex                        2.3.0
dellemc.unity                            1.7.1
f5networks.f5_modules                    1.28.0
fortinet.fortimanager                    2.4.0
fortinet.fortios                         2.3.6
frr.frr                                  2.0.2
gluster.gluster                          1.0.2
google.cloud                             1.3.0
grafana.grafana                          2.2.5
hetzner.hcloud                           2.5.0
hpe.nimble                               1.1.4
ibm.qradar                               2.1.0
ibm.spectrum_virtualize                  2.0.0
ibm.storage_virtualize                   2.3.1
infinidat.infinibox                      1.4.5
infoblox.nios_modules                    1.6.1
inspur.ispim                             2.2.0
inspur.sm                                2.3.0
junipernetworks.junos                    5.3.1
kubernetes.core                          2.4.2
lowlydba.sqlserver                       2.3.2
microsoft.ad                             1.5.0
netapp.aws                               21.7.1
netapp.azure                             21.10.1
netapp.cloudmanager                      21.22.1
netapp.elementsw                         21.7.0
netapp.ontap                             22.11.0
netapp.storagegrid                       21.12.0
netapp.um_info                           21.8.1
netapp_eseries.santricity                1.4.0
netbox.netbox                            3.17.0
ngine_io.cloudstack                      2.3.0
ngine_io.exoscale                        1.1.0
openstack.cloud                          2.2.0
openvswitch.openvswitch                  2.1.1
ovirt.ovirt                              3.2.0
purestorage.flasharray                   1.27.0
purestorage.flashblade                   1.17.0
purestorage.fusion                       1.6.1
sensu.sensu_go                           1.14.0
splunk.es                                2.1.2
t_systems_mms.icinga_director            2.0.1
telekom_mms.icinga_director              1.35.0
theforeman.foreman                       3.15.0
vmware.vmware_rest                       2.3.1
vultr.cloud                              1.12.1
vyos.vyos                                4.1.0
wti.remote                               1.0.5

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: mitch@garnaat.com
License: MIT
Location: /home/mmamula/.local/lib/python3.11/site-packages
Requires:
Required-by:
---
Name: boto3
Version: 1.34.97
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/mmamula/.local/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.34.97
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/mmamula/.local/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = None
PAGER(env: PAGER) = less

OS / Environment

SLES for SAP 15 SP3 SLES for SAP 15 SP5 openSUSE Tumbleweed

Steps to Reproduce

- name: AWS IAM Role - HA-Role-Pacemaker
  register: __sap_vm_provision_task_aws_iam_role_ha_pacemaker
  no_log: "{{ __sap_vm_provision_no_log }}"
  amazon.aws.iam_role:
    name: "HA-Role-Pacemaker"
    assume_role_policy_document: |
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": "sts:AssumeRole",
                  "Sid": "",
                  "Principal": {
                      "Service": "ec2.amazonaws.com"
                  }
              }
          ]
      }
    access_key: "{{ sap_vm_provision_aws_access_key }}"
    secret_key: "{{ sap_vm_provision_aws_secret_access_key }}"

https://github.com/sap-linuxlab/community.sap_infrastructure/blob/0e67afc14738c8731192ef9f5040496c4a96e9b1/roles/sap_vm_provision/tasks/platform_ansible/aws_ec2_vs/execute_setup_ha.yml#L257

Expected Results

IAM role HA-Role-Pacemaker is created.

Actual Results

fatal: [ae1ascs -> localhost]: FAILED! => {
    "boto3_version": "1.34.97",
    "botocore_version": "1.34.97",
    "changed": false,
    "error": {
        "code": "EntityAlreadyExists",
        "message": "Instance Profile HA-Role-Pacemaker already exists.",
        "type": "Sender"
    },
    "invocation": {
        "module_args": {
            "access_key": "XXX",
            "assume_role_policy_document": "{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Effect\": \"Allow\",\n            \"Action\": \"sts:AssumeRole\",\n            \"Sid\": \"\",\n            \"Principal\": {\n                \"Service\": \"ec2.amazonaws.com\"\n            }\n        }\n    ]\n}",
            "aws_ca_bundle": null,
            "aws_config": null,
            "boundary": null,
            "create_instance_profile": true,
            "debug_botocore_endpoint_logs": false,
            "delete_instance_profile": false,
            "description": null,
            "endpoint_url": null,
            "managed_policies": null,
            "max_session_duration": null,
            "name": "HA-Role-Pacemaker",
            "path": null,
            "profile": null,
            "purge_policies": true,
            "purge_tags": true,
            "region": "eu-central-1",
            "secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "session_token": null,
            "state": "present",
            "tags": null,
            "validate_certs": true,
            "wait": true,
            "wait_timeout": 120
        }
    },
    "msg": "Failed to create instance profile: An error occurred (EntityAlreadyExists) when calling the CreateInstanceProfile operation: Instance Profile HA-Role-Pacemaker already exists.",
    "response_metadata": {
        "http_headers": {
            "content-length": "301",
            "content-type": "text/xml",
            "date": "Fri, 03 May 2024 08:20:06 GMT",
            "x-amzn-requestid": "922e49ae-286c-4c03-b673-ed8a22bb13d1"
        },
        "http_status_code": 409,
        "request_id": "933e49ae-286c-4c03-b673-ed8a66bb13d1",
        "retry_attempts": 0
    }
}

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

ansible-collections / amazon.aws

amazon.aws.iam_role: EntityAlreadyExists after 7.3.0 collection #2102