From 81afbfcfcfc0207021311c878360c2b7e74b547d Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Tue, 21 Jul 2020 01:03:33 -0400 Subject: [PATCH] resource/aws_ssm_activation: Only retry CreateActivation on IAM eventual consistency error, allow retries for standard 2 minutes Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409 API does not seem to validate IAM Role permissions on creation. Output from acceptance testing: ``` --- PASS: TestAccAWSSSMActivation_expirationDate (19.17s) --- PASS: TestAccAWSSSMActivation_disappears (25.22s) --- PASS: TestAccAWSSSMActivation_basic (27.39s) --- PASS: TestAccAWSSSMActivation_update (37.23s) ``` --- aws/resource_aws_ssm_activation.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_ssm_activation.go b/aws/resource_aws_ssm_activation.go index 36c6d49a70b..a6c666dc33c 100644 --- a/aws/resource_aws_ssm_activation.go +++ b/aws/resource_aws_ssm_activation.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" + iamwaiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter" ) func resourceAwsSsmActivation() *schema.Resource { @@ -102,15 +103,19 @@ func resourceAwsSsmActivationCreate(d *schema.ResourceData, meta interface{}) er // Retry to allow iam_role to be created and policy attachment to take place var resp *ssm.CreateActivationOutput - err := resource.Retry(30*time.Second, func() *resource.RetryError { + err := resource.Retry(iamwaiter.PropagationTimeout, func() *resource.RetryError { var err error resp, err = ssmconn.CreateActivation(activationInput) - if err != nil { + if isAWSErr(err, "ValidationException", "Not existing role") { return resource.RetryableError(err) } + if err != nil { + return resource.NonRetryableError(err) + } + return nil })