Is there a preferred way to handle delays, like wh...
# general
Is there a preferred way to handle delays, like when waiting for permissions to propagate, other than setTimeout()?
The resources providers themselves generally handle this automatically with retries, etc. Are you seeing otherwise? We've certainly seen bugs in the past around this behavior. (*assuming, by the way, that permissions in this case are IAM permissions?)
Well I'm getting this error and am trying to track down the cause:
Unable to assume role and validate the listeners configured on your load balancer. Please verify that the ECS service role being passed has the proper permissions.
yea, IAM
I'm assuming I've misconfigured something because I keep getting it
but the ecsServiceRole looks right
frustrating thing is I had it working at some point but tried to genericize to add more services and somehow busted it
It's possible this is a bug in the provider, where it isn't waiting/retrying properly. (The AWS errors aren't always so good here so it's hard to tell.) That might explain why it used to work but now doesn't. Curious if @stocky-spoon-28903 or @white-balloon-205 have any thoughts on this.
Likely we should retry there
Or it may already retry but need a bump in the timeout.
In the very short term setTimeout may be a workable solution, but we’ll look to see if that can be integrated into the provider
Which resource is failing? An ECS
? Are you sure that it is configured correctly and will eventually succeed to create?
If you retry the
pulumi update
does it work?
Right, the above is all predicated on the service role being correct and the deployment eventually succeeding
If the deployment eventually succceds (wait a few mins and then run
pulumi update
again) it is likely retry timeout needs to be increased, otherwise it might be that the role isn’t correct for this casee
@white-balloon-205 no, it continually fails. And no, I'm not 100% sure that it's configured correctly but I've migrated my working terraform config so I believe it should
However I'm kind of a newbie when it comes to AWS so I've probably done something wrong
The AWS docs are really unclear about what roles and policy attachment needs to be on the instance profile for your autoscaling group
I've tried it both ways that appear in the docs and neither is working atm
feel like I need to rip the guts out and start over, which is a bummer
Got it! I was assigning the ec2 instance IAM role to the ecs service
Ah! I guess the error message here could be made clearer
Hmm, maybe not. Can you think of any wording that might have made the issue more diagnosable?
Great question, not sure either
The error makes sense for what I did