Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Support Level RP runs into AWS Organizations API Limits #100

Open
aaronosb opened this issue Jan 26, 2022 · 4 comments
Open

Bug: Support Level RP runs into AWS Organizations API Limits #100

aaronosb opened this issue Jan 26, 2022 · 4 comments

Comments

@aaronosb
Copy link

I would like to be able to use the Community::Support::SupportLevel resource provider to set all accounts in my org's support level, but if your organization includes more than a handful of accounts then you will run into CREATE_FAILED errors like the following:

image

Note that this is the org master account, and previous support cases succeeded before this one hit. Looks like it could use some retry with backoff logic here

aws-resource-providers/support/support-level/src/handlers.ts

Line 35 in 8f4afe2

throw new exceptions.InvalidRequest(`Account does not seem to be the master account of an AWS Organization.\n${err}`);

Additional Context:
The task I am looking to be able to run is the following.

AWSTemplateFormatVersion: "2010-09-09-OC"
OrganizationBindings:
  ManagementBinding:
    Account: !Ref MasterAccount
    IncludeMasterAccount: true
  
  SupportBinding:
    Account: "*"

Resources:
  SupportLevel:
    Type: Community::Support::SupportLevel
    OrganizationBinding: !Ref ManagementBinding
    ForeachAccount: !Ref SupportBinding
    Properties:
      AccountId: !Sub "${CurrentAccount.AccountId}"
      SupportLevel: 'enterprise'
@OlafConijn OlafConijn mentioned this issue Jan 26, 2022
Merged
@OlafConijn
Copy link
Member

published a fix to: s3://community-resource-provider-catalog/community-support-supportlevel-0.3.0.zip (details in the PR)

@aaronosb
Copy link
Author

Nice, worked like a charm. Thanks for the help @OlafConijn

image

@aaronosb
Copy link
Author

Spoke too soon, new annoying AWS limit "Resource handler returned message: "You have exceeded your limit of 10 cases per hour." (RequestToken: 3db10518-06ca-44ce-dc71-0e4ae6cdb3aa, HandlerErrorCode: InternalFailure)". I will look into seeing if this is a limit that can be raised, otherwise will need to try and manually apply the generated template with the --disable-rollback flag set a number of times until it has been caught up

@OlafConijn
Copy link
Member

yes, for this we need to return something like "throttled". for 100 accounts this would, however, take 10 hours? 😬

I'll give this some thought tomorrow. thanks for letting me know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OlafConijn @aaronosb