Add support for new IAM roles on Auto Scaling groups

[johncrenshaw]

Amazon added support for an IAM service role to EC2 Auto Scaling on February 20, 2018. Over the next few weeks they will be migrating all existing accounts to add the role to existing ASGs, and from then on the role will be required in order for ASGs to function. It is not clear yet whether this role will be applied automatically to new ASGs, but if not, ASGs in terraform may fail to create following the transition.

Affected Resource(s)

Please list the resources as a list, for example:

• aws_autoscaling_group

Important Factoids

At the moment this is a feature request with minor usefulness, but if the update causes ASGs to require that the IAM role be indicated explicitly, this could suddenly evolve into a critical bug blocking all new ASG creation via Terraform.

[swestcott]

AWS say they will automating apply the default service-linked role, however if you have encrypted volumes (like us), new EC2 hosts will fail to launch.

After March 26, 2018, any Auto Scaling groups without an EC2 Auto Scaling service-linked role will be updated to use the default EC2 Auto Scaling service-linked role. This will result in instances failing to launch if your Auto Scaling group is using a CMK and no action is taken.

This relates to #921 as Terraform currently can't create service-linked roles either.

[bflad]

This support has been merged into master via #3812 and will release with v1.12.0 of the AWS provider, likely today or Monday.

[bflad]

This has been released in version 1.12.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!