resource/aws_ssm_activation: Only retry CreateActivation on IAM event…

…ual consistency error, allow retries for standard 2 minutes Reference: #13409 API does not seem to validate IAM Role permissions on creation. Output from acceptance testing: ``` --- PASS: TestAccAWSSSMActivation_expirationDate (19.17s) --- PASS: TestAccAWSSSMActivation_disappears (25.22s) --- PASS: TestAccAWSSSMActivation_basic (27.39s) --- PASS: TestAccAWSSSMActivation_update (37.23s) ```
hashicorp · Jul 21, 2020 · 81afbfc · 81afbfc
1 parent 2228798
commit 81afbfc
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/aws/resource_aws_ssm_activation.go b/aws/resource_aws_ssm_activation.go
@@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
+	iamwaiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter"
 )
 
 func resourceAwsSsmActivation() *schema.Resource {
@@ -102,15 +103,19 @@ func resourceAwsSsmActivationCreate(d *schema.ResourceData, meta interface{}) er
 
 	// Retry to allow iam_role to be created and policy attachment to take place
 	var resp *ssm.CreateActivationOutput
-	err := resource.Retry(30*time.Second, func() *resource.RetryError {
+	err := resource.Retry(iamwaiter.PropagationTimeout, func() *resource.RetryError {
 		var err error
 
 		resp, err = ssmconn.CreateActivation(activationInput)
 
-		if err != nil {
+		if isAWSErr(err, "ValidationException", "Not existing role") {
 			return resource.RetryableError(err)
 		}
 
+		if err != nil {
+			return resource.NonRetryableError(err)
+		}
+
 		return nil
 	})