[Bug]: ECS was unable to assume the configured ECS Infrastructure Role

[mickeyr]

Terraform Core Version

1.9.1

AWS Provider Version

5.59.0

Affected Resource(s)

aws_ecs_service

Expected Behavior

Able to create an ECS service with an EBS volume attached

Actual Behavior

Occasional errors on initial creation due to not being able to assume the volume role due to a trust relationship issue.

Relevant Error/Panic Output Snippet

│ Error: creating ECS Service (YYYYYY): InvalidParameterException: ECS was unable to assume the configured ECS Infrastructure Role 'arn:aws:iam::XXXXX:role/ZZZZZZ'. Please verify that the role being passed has the proper trust relationship with Amazon ECS.
│ 
│   with aws_ecs_service.resource_name,
│   on ecs.tf line 21, in resource "aws_ecs_service" "resource_name":
│   21: resource "aws_ecs_service" "resource_name" {
│

Terraform Configuration Files

resource "aws_ecs_service" "new_service" {
  name            = "service_name"
  cluster         = var.cluster.ecs_cluster_arn
  task_definition = aws_ecs_task_definition.any_definition.arn
  desired_count   = 1
  launch_type     = "FARGATE"

  volume_configuration {
    name = "data"
    managed_ebs_volume {
      role_arn    = aws_iam_role.volumes_role.arn
      encrypted   = true
      size_in_gb  = 5
      volume_type = "gp3"
      iops        = 3000
    }
  }

  depends_on = [
    aws_iam_role_policy.task_execution_role,
    aws_iam_role_policy.volumes_role
  ]
}

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

A second run creates the resource correctly. It appears to be an eventual consistency bug. There are current timeouts built into the provider for some errors, but this error does not match the checked errors

See: https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ecs/service.go#L1569

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.