I am using Crossplane with Kubernetes as a means of provisioning AWS infrastucture. Deployment of the resources is automated using ArgoCD. AWS resources are being provisioned with provider-aws@v0.40.0.
The issue that I am facing is that when I attempt to create any IAM resources, such as Role, RolePolicyAttachment, Policy or OpenIDConnectProvider, the creation of the resources fails and the reason cited is because of a lack of region being provided.
Below is a message that has come from a failure to create a Role:
failed to get Role with name: operation error IAM: GetRole, failed to resolve service endpoint, an AWS region is required, but was not found
Using this manifest:
apiVersion: iam.aws.crossplane.io/v1beta1
kind: Role
metadata:
name: test-role
spec:
providerConfigRef:
name: aws
forProvider:
assumeRolePolicyDocument: |
{
// redacted
}
Note that there is no way to pass a region into the Role chart, as documented here. Nor is there a way to provide a region in the ProviderConfig.
The service endpoint for IAM also does not contain a region, as it is global.
The AWS API docs also suggest that there is no need for a region to be provided in order to make a GetRole call.
The error suggests that a region is required, however it seems as if it is not needed in order to provision the resource, and that there is no way for me to provide one to Crossplane. I would expect that what I have should work. Note that other resources that have region fields are able to be provisioned using the Crossplane setup that I am working with.
