Stuck in Provisioning while configuring AWS cluster from on-prem Rancher

I’m having issues with the new Amazon EC2 cluster with cloud provider configuration; I’ve read the docs at this link: https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/aws/#iam-requirements

-I’ve created the Cloud Credential with my access key and secret, and selected in my node template
-I’ve set up the IAM Role and Policy as described, and listed the Policy on my node template (instance options page)
-I’ve set up and tagged VPC/subnet as described, and listed on my node template

The cluster remains in a “Provisioning” state, no EC2 instances are visible in Amazon console for the correct region, other than the security group, which does show up. Even viewed in API, the only “transitioningMessage”: “waiting for etcd and controlplane nodes to be registered”

Creating AWS cluster worked while I was still on 2.1.x… help?

Update: if I ignore “cloud provider” settings altogether, the instances launch without issue; however, if I do it this way, my provisioning of a LoadBalancer type service remains in pending status and a load balancer is never created on the AWS account.

Update: so I’ve figured out that Rancher “IAM Instance Profile Name” equals the AWS “IAM Role Name”, so I can now provision cluster and instances.

However: I still can’t create a loadbalancer. I ran the following kubectl commands, and have load balancer pending but no load balancer is created.

kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.4 --replicas=1 --port=8080
kubectl expose deployment echoheaders --type=LoadBalancer --port=80 --target-port=8080 --name=echoheaders-public