Skip to content

Missing IAM permission when using machine instance profile

When specifying the machine_iam_instance_profile, the runner needs to have the permission for iam:PassRole for the role behind the instance profile.

Proposed Solution

If the machine_iam_instance_profile variable is set:

  1. Use a data source to load additional details about the profile
  2. Create a new IAM policy that grants the iam:PassRole to the role's ARN loaded by #1 (closed)
  3. Attach the new policy to aws_iam_role.role (the one defined for the runner machine)

Merge request incoming