Anthos on AWS Terraform Apply giving an error creating KMS Key: MalformedPolicyDocumentException

Question

Anthos on AWS Terraform Apply giving an error creating KMS Key: MalformedPolicyDocumentException

sir-rob opened this issue 2 years ago · 1 comments

Following the instructions here: https://github.com/GoogleCloudPlatform/anthos-samples/tree/main/anthos-multi-cloud/AWS

Working on setting up Anthos on AWS and getting the following error:

module.kms.aws_kms_key.node_pool_root_volume_encryption_kms_key: Still creating... [1m50s elapsed]
╷
│ Error: error creating KMS Key: MalformedPolicyDocumentException: Policy contains a statement with one or more invalid principals.
│
│   with module.kms.aws_kms_key.control_plane_root_volume_encryption_kms_key,
│   on modules/kms/main.tf line 57, in resource "aws_kms_key" "control_plane_root_volume_encryption_kms_key":
│   57: resource "aws_kms_key" "control_plane_root_volume_encryption_kms_key" {
│
╵
╷
│ Error: error creating KMS Key: MalformedPolicyDocumentException: Policy contains a statement with one or more invalid principals.
│
│   with module.kms.aws_kms_key.node_pool_root_volume_encryption_kms_key,
│   on modules/kms/main.tf line 141, in resource "aws_kms_key" "node_pool_root_volume_encryption_kms_key":
│  141: resource "aws_kms_key" "node_pool_root_volume_encryption_kms_key" {
│

Your help is greatly appreciated!

Answer 1 · 2022-08-09T18:14:37.000Z

I was able to get past this error by creating a missing Role in AWS IAM (AWSServiceRoleForAutoScaling). Here are the steps I followed:

I went to IAM -> Roles -> Create Role
Then selected AWS Service, Searched in "Use cases for other AWS services" for "EC2 Auto Scaling", Select it
Click Next, Next, and then click "Create Role"