Unable to provision RKE Cluster on EC2

I am seeing the following during initial cluster provision

Error creating machine: Error in driver during machine creation: Error launching instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message:

Any tips on how to debug this?

I have followed the guidance at Rancher Docs IAM PassRole

My individual instances I have given an instance profile with permissions as listed Node IAM Profile

I think the issue comes down to the role I am passing.

From the docs it indicates we need to pass a role as such


It is not obvious to me, what role we are passing here. Is it the Service Account Role doing the cluster creation, is the instance profile roles, or is it some other role?

I see there is a documentation issue related to this.