ORION-3647: sleep after IAM role creation to avoid AccessDenied error (…

…#2) Avoid this issue: hashicorp/terraform-provider-aws#6566
doublecloud · Sep 29, 2023 · 07e3191 · 07e3191
1 parent 8051e80
commit 07e3191
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -36,6 +36,7 @@ resource "doublecloud_network" "aws" {
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.51.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | n/a |
 
 ## Modules
 
@@ -48,6 +49,7 @@ No modules.
 | [aws_iam_policy.doublecloud](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.doublecloud](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_vpc.doublecloud](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
+| [time_sleep.sleep_to_avoid_iam_race](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.doublecloud_permissions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.trusted_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

diff --git a/iam.tf b/iam.tf
@@ -321,3 +321,11 @@ data "aws_iam_policy_document" "doublecloud_permissions" {
     }
   }
 }
+
+# AWS IAM returns AccessDenied error right after Role creation.
+# We have to wait some time to make this role assumable.
+# https://github.com/hashicorp/terraform-provider-aws/issues/6566
+resource "time_sleep" "sleep_to_avoid_iam_race" {
+  depends_on      = [aws_iam_role.doublecloud]
+  create_duration = "30s"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -6,6 +6,8 @@ output "vpc_id" {
 output "iam_role_arn" {
   value       = aws_iam_role.doublecloud.arn
   description = "ARN of the IAM Role that has permissions to create resources in the VPC."
+
+  depends_on = [time_sleep.sleep_to_avoid_iam_race]
 }
 
 output "region_id" {

diff --git a/versions.tf b/versions.tf
@@ -5,5 +5,8 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 4.51.0"
     }
+    time = {
+      source = "hashicorp/time"
+    }
   }
 }