Is there a preferred way to handle delays like when waiting

Question

Is there a preferred way to handle delays like when waiting for permissions to propagate other than setTimeout

big-piano-35669 · Answer

The resources providers themselves generally handle this automatically with retries etc Are you seeing otherwise We ve certainly seen bugs in the past around this behavior assuming by the way that permissions in this case are IAM permissions

quick-action-34599 · Answer

Well I m getting this error and am trying to track down the cause `Unable to assume role and validate the listeners configured on your load balancer Please verify that the ECS service role being passed has the proper permissions `

quick-action-34599 · Answer

yea IAM

quick-action-34599 · Answer

I m assuming I ve misconfigured something because I keep getting it

quick-action-34599 · Answer

but the ecsServiceRole looks right

quick-action-34599 · Answer

frustrating thing is I had it working at some point but tried to genericize to add more services and somehow busted it

big-piano-35669 · Answer

It s possible this is a bug in the provider where it isn t waiting retrying properly The AWS errors aren t always so good here so it s hard to tell That might explain why it used to work but now doesn t Curious if < stocky spoon 28903> or < white balloon 205> have any thoughts on this

big-piano-35669 · Answer

For instance I know the AWS Lambda resource retries on a similar error <https github com terraform providers terraform provider aws blob 72e8bb4fc26feac0f06860453e931972d6eb2528 aws resource aws lambda function go L377>

stocky-spoon-28903 · Answer

Likely we should retry there

stocky-spoon-28903 · Answer

Or it may already retry but need a bump in the timeout

stocky-spoon-28903 · Answer

In the very short term setTimeout may be a workable solution but we ll look to see if that can be integrated into the provider

white-balloon-205 · Answer

Which resource is failing An ECS `Service` Are you sure that it is configured correctly and will eventually succeed to create

white-balloon-205 · Answer

If you retry the `pulumi update` does it work

stocky-spoon-28903 · Answer

Right the above is all predicated on the service role being correct and the deployment eventually succeeding

stocky-spoon-28903 · Answer

It turns out it already does get retried for a while <https github com pulumi terraform provider aws blob pulumi master aws resource aws ecs service go L443 L457>

stocky-spoon-28903 · Answer

If the deployment eventually succceds wait a few mins and then run `pulumi update` again it is likely retry timeout needs to be increased otherwise it might be that the role isn t correct for this casee

quick-action-34599 · Answer

< white balloon 205> no it continually fails And no I m not 100 sure that it s configured correctly but I ve migrated my working terraform config so I believe it should

quick-action-34599 · Answer

However I m kind of a newbie when it comes to AWS so I ve probably done something wrong

quick-action-34599 · Answer

The AWS docs are really unclear about what roles and policy attachment needs to be on the instance profile for your autoscaling group

quick-action-34599 · Answer

I ve tried it both ways that appear in the docs and neither is working atm

quick-action-34599 · Answer

feel like I need to rip the guts out and start over which is a bummer

quick-action-34599 · Answer

Got it I was assigning the ec2 instance IAM role to the ecs service

stocky-spoon-28903 · Answer

Ah I guess the error message here could be made clearer

stocky-spoon-28903 · Answer

Hmm maybe not Can you think of any wording that might have made the issue more diagnosable

quick-action-34599 · Answer

Great question not sure either

quick-action-34599 · Answer

The error makes sense for what I did