Technical Tip: Receiving error message 'Invalid IAM Instance Profile name' while deploying a FortiGate VM in AWS using Terraform

amatos · ‎12-16-2024

Description

This article describes an issue users may receive while trying to deploy a FortiGate VM (Mainly cluster) in AWS using Terraform. Some users while deploying via Terraform, may encounter the following error when submitting the command 'terraform apply' while deploying the FortiGate cluster:

Error: creating EC2 Instance: operation error EC2: RunInstances, https response error StatusCode: 400, RequestID: <REQUEST CODE>, api error InvalidParameterValue: Value (<AWS IAM ROLE NAME>) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name

Scope

FortiGate, AWS, HA.

Solution

This issue is related to the IAM role included in the variables.tf file, under the deployment folder. The name needs to match exactly the IAM role created in AWS.

For example, if a user uses the 'copy' button in the ARN or Instance Profile ARN, the user would copy the whole information. In the below example, it would be copied either 'arn:aws:iam::<ID>:role/Alan-HA-Failover-Role' or 'arn:aws:iam::<ID>:instance-profile/Alan-HA-Failover-Role', thus the deployment would fail with the 'Invalid IAM Instance Profile name' message.

The user who will carry the deployment should use the exact IAM role name, in this case, 'Alan-HA-Failover-Role' as present above on top of the IAM -> Roles page in the AWS portal. In the 'variables.tf' file, the user should include it in the variable 'iam' parameter, as below, and then the deployment should work properly, if no other variables are missing or incorrect.

Technical Tip: Receiving error message 'Invalid IAM Instance Profile name' while deploying a FortiGate VM in AWS using Terraform

You are leaving our website