Wait for en external instance profile to be created before attempting to read it using data source (#73)

* Wait for en external instance profile to be created before attempting to read it using data source

* Wait for en external instance profile to be created before attempting to read it using data source

* Wait for en external instance profile to be created before attempting to read it using data source

* Wait for en external instance profile to be created before attempting to read it using data source

Author: aknysh

.github/workflows/auto-release.yml

@@ -3,17 +3,17 @@ name: auto-release
 on:
   push:
     branches:
-      - master
+    - master
 
 jobs:
   semver:
     runs-on: ubuntu-latest
     steps:
-      # Drafts your next Release notes as Pull Requests are merged into "master"
-      - uses: release-drafter/release-drafter@v5
-        with:
-          publish: true
-          prerelease: false
-          config-name: auto-release.yml
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    # Drafts your next Release notes as Pull Requests are merged into "master"
+    - uses: release-drafter/release-drafter@v5
+      with:
+        publish: true
+        prerelease: false
+        config-name: auto-release.yml
+      env:
+        GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}

cloud_watch_alarm.tf renamed to cloudwatch-alarm.tf

@@ -33,6 +33,41 @@ module "subnets" {
   context = module.this.context
 }
 
+module "instance_profile_label" {
+  source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2"
+
+  attributes = distinct(compact(concat(module.this.attributes, ["profile"])))
+
+  context = module.this.context
+}
+
+data "aws_iam_policy_document" "test" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "sts:AssumeRole"
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "test" {
+  name               = module.instance_profile_label.id
+  assume_role_policy = data.aws_iam_policy_document.test.json
+  tags               = module.instance_profile_label.tags
+}
+
+# https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.13-examples/module-depends-on
+resource "aws_iam_instance_profile" "test" {
+  name = module.instance_profile_label.id
+  role = aws_iam_role.test.name
+}
+
 module "ec2_instance" {
   source = "../../"
 
@@ -45,6 +80,7 @@ module "ec2_instance" {
   instance_type               = var.instance_type
   allowed_ports               = var.allowed_ports
   allowed_ports_udp           = var.allowed_ports_udp
+  instance_profile            = aws_iam_instance_profile.test.name
 
   context = module.this.context
 }

examples/complete/main.tf

@@ -70,9 +70,18 @@ data "aws_ami" "info" {
   owners = [local.ami_owner]
 }
 
-data "aws_iam_instance_profile" "given" {
+# https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.13-examples/module-depends-on
+resource "null_resource" "instance_profile_dependency" {
   count = module.this.enabled && length(var.instance_profile) > 0 ? 1 : 0
-  name  = var.instance_profile
+  triggers = {
+    dependency_id = var.instance_profile
+  }
+}
+
+data "aws_iam_instance_profile" "given" {
+  count      = module.this.enabled && length(var.instance_profile) > 0 ? 1 : 0
+  name       = var.instance_profile
+  depends_on = [null_resource.instance_profile_dependency]
 }
 
 resource "aws_iam_instance_profile" "default" {

main.tf

@@ -64,5 +64,5 @@ func TestExamplesComplete(t *testing.T) {
 	// Run `terraform output` to get the value of an output variable
 	role := terraform.Output(t, terraformOptions, "role")
 	// Verify we're getting back the outputs we expect
-	assert.Equal(t, "eg-test-ec2-instance-"+randId, role)
+	assert.Equal(t, "eg-test-ec2-instance-"+randId+"-profile", role)
 }