provider/aws: aws_spot_fleet_request was leaving orphaned instances

running Each nightly build was leaving multiple instances running. The issue is that the IAM role we were using didn't have access to Terminate the EC2 instances The role was missing the ec2 principle
2025-02-25 18:45:20 -06:00 · 2016-08-31 11:25:08 +01:00 · 2016-08-31 11:25:08 +01:00 · 4d2b9cb167
commit 4d2b9cb167
parent b709d27cf7
1 changed files with 36 additions and 9 deletions
--- a/builtin/providers/aws/resource_aws_spot_fleet_request_test.go
+++ b/builtin/providers/aws/resource_aws_spot_fleet_request_test.go
@ -403,7 +403,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -451,7 +454,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -499,7 +505,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -554,7 +563,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -625,7 +637,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -680,7 +695,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -745,7 +763,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -801,7 +822,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }
@ -863,7 +887,10 @@ resource "aws_iam_role" "test-role" {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
-        "Service": "spotfleet.amazonaws.com"
+        "Service": [
+          "spotfleet.amazonaws.com",
+          "ec2.amazonaws.com"
+        ]
      },
      "Action": "sts:AssumeRole"
    }