Create EC2 with no ssm permission with cause error 400.

[shawnsavour]

Description

Create an ec2 instance without ssm permission with cause error.

This account or role can still create an instance in console.

The root cause is because this line of code in main.tf in line 9:

data "aws_ssm_parameter" "this" {
  count = local.create ? 1 : 0

  name = var.ami_ssm_parameter
}

Request to make the call data aws_ssm_parameter optional, something like when ami is specified, then no need to call ssm parameter to get the ami id:

#main.tf
  ami                  = try(coalesce(var.ami, nonsensitive(data.aws_ssm_parameter.this[0].value)), null)

Because it coalesce the var.ami and the nonsensitive(data.aws_ssm_parameter.this[0].value)), so we only need it when var.ami is not specified. So it should be check for null when use data to call to ssm.

data "aws_ssm_parameter" "this" {
  count = local.create && var.ami == null ? 1 : 0

  name = var.ami_ssm_parameter
}

⚠️ Note

Versions

• Module version [Required]: 5.2.1

• Terraform version: any version

• Provider version(s): any version

Reproduction Code [Required]

Steps to reproduce the behavior:

• Create an account or role with ec2 permission only
• Use terraform to plan resource with "terraform-aws-modules/ec2-instance/aws" module
• Error!

Expected behavior

Create an instance without ssm parameter permission

Actual behavior

Cannot create instance because missing permission

[shawnsavour]

I created a PR for this issue #351

[shawnsavour]

Closed, added in version 5.3.0

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.