Closed kunleoladimeji closed 5 months ago
Voting for Prioritization
Volunteering to Work on This Issue
This is not a provider issue but an usage issue with SSM. The automation runbook/document AWS-StopEC2Instance
requires two parameters - InstanceId
and AutomationAssumeRole
, the former of which is the subject of the error message you are seeing.
Since the association is many-to-one, you'll need to specify a parameters from the runbook/document to branch off of (what to iterate against), which in this case is InstanceId
. Thus you'll need to add the following to your aws_ssm_assoication
resource definition like so:
resource "aws_ssm_association" "shutdown_ec2_instances" {
name = "AWS-StopEC2Instance"
schedule_expression = "cron(0 21 ? * MON*)"
targets {
key = "tag:StopNightly"
values = ["true"]
}
automation_target_parameter_name = "InstanceId"
parameters = {
AutomationAssumeRole = "arn:aws:iam::<redacted>:role/MySSMAutomationRole"
}
}
Note: I am not able to use InstanceIds
as a target - it doesn't seem to be supported and is not available in State Manager. I can only use tag - even so the UI complains, but Terraform doesn't. Your cron schedule also doesn't work - for some reason it's not accepting MON-FRI
even though the documentation seems to say otherwise. I am not sure if that means having to create 5 associations - one per day of week. So you'll have to experiment and figure this part out yourself or open an AWS Support Ticket.
Perhaps This AWS blog post can give you some ideas on different configurations you can apply in AWS Management Console, which you can then translate to Terraform.
Since this is probably not an issue with the Terraform AWS Provider, please feel free to close the ticket and report back any findings you have for the benefit of other users. Thank you.
With the above in mind, closing.
[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.
Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Core Version
1.7.3
AWS Provider Version
5.37.0
Affected Resource(s)
aws_ssm_association
Expected Behavior
Applying the resource should create an AWS SSM Association
Actual Behavior
Resource could not be created due to error.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
Debug Output
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None