worried-engineer-33884
06/12/2019, 2:29 PMdependsOn
relationship?
We believe we are encountering an issue creating a resource that depends on an IAM RolePolicyAttachment that isn't quite ready when the dependent resource starts to create.
https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistencywhite-balloon-205
worried-engineer-33884
06/12/2019, 2:34 PMconst dmsRole = new aws.iam.Role("dms-vpc-role", {
name: "dms-vpc-role",
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "<http://dms.amazonaws.com|dms.amazonaws.com>"
},
"Action": "sts:AssumeRole"
}
]
}`,
permissionsBoundary: config.require("iamPermissionsBoundaryArn"),
});
const dmsRolePolicy = new aws.iam.RolePolicyAttachment("dms-vpc-role-policy", {
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole",
role: dmsRole
})
const dmsSubnetGroup = new aws.dms.ReplicationSubnetGroup("dms", {
replicationSubnetGroupDescription: "Test replication subnet group",
replicationSubnetGroupId: "test-dms-replication-subnet-group",
subnetIds: [
config.require("az0SubnetPrivateId"),
config.require("az1SubnetPrivateId"),
],
}, {
dependsOn: dmsRolePolicy
});
pulumi up
again, it succeeds — i am guessing this is because of the eventual consistency issue, but have not proven thatstocky-spoon-28903
06/12/2019, 3:19 PMworried-engineer-33884
06/12/2019, 3:20 PM