https://pulumi.com logo
Title
p

plain-hydrogen-8103

02/06/2023, 9:37 PM
Hello, I’m struggling with async nature of pulumi , it’s a great feature but in my case I’m creating some roles in AWS and attaching policies after that I’m creating some environment which require the role with the policies .. the policy attached is happening only after the failure of the environment creation which depends on it .. used depends on and put some delays .. still no luck .. any one here have solved anything similar?
e

echoing-dinner-19531

02/06/2023, 9:56 PM
This isn't really a Pulumi specific issue, it's just that policy attachement is slow in aws. We have tests that just are calling the aws api directly to set up policies and they just have to spin wait for about 10 seconds until the policy starts to work.
p

plain-hydrogen-8103

02/06/2023, 9:59 PM
Added a wait time of 60 seconds and more .. still no luck .. and attachment is happening immediately after the error .. if I retry the run , it’s runs smooth ,with out an error .
e

echoing-dinner-19531

02/06/2023, 10:00 PM
creating some environment which require the role with the policies
Are you trying to change the role pulumi uses to create aws resources halfway through the program?
p

plain-hydrogen-8103

02/06/2023, 10:01 PM
Yes , creating it
e

echoing-dinner-19531

02/06/2023, 10:03 PM
What language?
p

plain-hydrogen-8103

02/06/2023, 10:03 PM
Python
e

echoing-dinner-19531

02/06/2023, 10:04 PM
Are you making a new aws.Provider with configuration for the role?
p

plain-hydrogen-8103

02/06/2023, 10:05 PM
Nope , will try that ..I was using rolepolicyattachment
e

echoing-dinner-19531

02/06/2023, 10:07 PM
Try making a new provider, that will tell pulumi to use those credentials instead
p

plain-hydrogen-8103

02/07/2023, 1:54 AM
Provider didn’t solve the problem
e

echoing-dinner-19531

02/07/2023, 9:09 AM
You might need to put a sleep in, I'm not sure the aws provider will retry on credential failure