diff --git a/controllers/providers/aws/iam.go b/controllers/providers/aws/iam.go
index 1cbeebb4..c94a490b 100644
--- a/controllers/providers/aws/iam.go
+++ b/controllers/providers/aws/iam.go
@@ -214,7 +214,12 @@ func (w *AwsWorker) CreateScalingGroupRole(name string) (*iam.Role, *iam.Instanc
 		createdProfile = out.InstanceProfile
 		time.Sleep(DefaultInstanceProfilePropagationDelay)
 
-		_, err = w.IamClient.AddRoleToInstanceProfile(&iam.AddRoleToInstanceProfileInput{
+	} else {
+		createdProfile = instanceProfile
+	}
+
+	if createdProfile != nil && len(createdProfile.Roles) == 0 {
+		_, err := w.IamClient.AddRoleToInstanceProfile(&iam.AddRoleToInstanceProfileInput{
 			InstanceProfileName: aws.String(name),
 			RoleName:            aws.String(name),
 		})
@@ -224,10 +229,9 @@ func (w *AwsWorker) CreateScalingGroupRole(name string) (*iam.Role, *iam.Instanc
 					return createdRole, createdProfile, errors.Wrap(err, "failed to attach instance-profile")
 				}
 			}
+		} else {
+			createdProfile.Roles = append(createdProfile.Roles, createdRole)
 		}
-
-	} else {
-		createdProfile = instanceProfile
 	}
 
 	return createdRole, createdProfile, nil
diff --git a/controllers/provisioners/eks/create_test.go b/controllers/provisioners/eks/create_test.go
index 56a680e3..9b4d03c0 100644
--- a/controllers/provisioners/eks/create_test.go
+++ b/controllers/provisioners/eks/create_test.go
@@ -264,6 +264,7 @@ func TestCreateManagedRoleNegative(t *testing.T) {
 	g.Expect(ctx.GetState()).To(gomega.Equal(v1alpha1.ReconcileModifying))
 	iamMock.WaitUntilInstanceProfileExistsErr = nil
 	iamMock.CreateInstanceProfileErr = nil
+	iamMock.InstanceProfile = &iam.InstanceProfile{}
 
 	iamMock.AddRoleToInstanceProfileErr = awserr.New(iam.ErrCodeNoSuchEntityException, "", errors.New("some-error"))
 	err = ctx.Create()