-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Organizations throws ConcurrentModificationException when terraform applies concurrent modification with more than one aws_organizations_policy_attachment resource #5073
Comments
Hello, I have the same issue ( in my case I was creating 2 aws_cognito_identity_pool_roles_attachment separately Error: Error applying plan:
1 error(s) occurred:
* aws_cognito_identity_pool_roles_attachment.xxxx_role_attachment: 1 error(s) occurred:
* aws_cognito_identity_pool_roles_attachment.xxxx_role_attachment: Error creating Cognito Identity Pool Roles Association: ConcurrentModificationException: Only one request to update resource type Identity Pool can be processed at a time
status code: 400, request id: 86ffa926-8506-11e8-b6d9-43fe79929033 |
Any update on this issue? Just ran into it today, when deleting SCPs from accounts/organizations... Thanks. |
Workaround:
Will be a bit slower than usual, but appears to avoid this particular error. |
…ificationException Reference: #5073 Previous output from the new acceptance testing before migrating the testing to the serialized Organizations testing: ``` --- FAIL: TestAccAwsOrganizationsPolicy_concurrent (6.73s) testing.go:568: Step 0 error: errors during apply: Error: error creating Organizations Policy: AWSOrganizationsNotInUseException: Your account is not a member of an organization. ``` Previous output from the new acceptance testing before adding the service client retry logic: ``` --- FAIL: TestAccAWSOrganizations/Policy/concurrent (16.40s) testing.go:629: Error destroying resource! WARNING: Dangling resources may exist. The full state and error is shown below. Error: errors during apply: ConcurrentModificationException: AWS Organizations can't complete your request because it conflicts with another attempt to modify the same entity. Try again later. ``` Output from acceptance testing: ``` --- PASS: TestAccAWSOrganizations (246.04s) --- PASS: TestAccAWSOrganizations/Organization (87.29s) --- PASS: TestAccAWSOrganizations/Organization/AwsServiceAccessPrincipals (25.19s) --- PASS: TestAccAWSOrganizations/Organization/EnabledPolicyTypes (33.61s) --- PASS: TestAccAWSOrganizations/Organization/FeatureSet (10.42s) --- PASS: TestAccAWSOrganizations/Organization/basic (18.07s) --- PASS: TestAccAWSOrganizations/Account (0.00s) --- SKIP: TestAccAWSOrganizations/Account/basic (0.00s) resource_aws_organizations_account_test.go:15: AWS Organizations Account testing is not currently automated due to manual account deletion steps. --- SKIP: TestAccAWSOrganizations/Account/ParentId (0.00s) resource_aws_organizations_account_test.go:57: AWS Organizations Account testing is not currently automated due to manual account deletion steps. --- PASS: TestAccAWSOrganizations/OrganizationalUnit (36.87s) --- PASS: TestAccAWSOrganizations/OrganizationalUnit/basic (14.79s) --- PASS: TestAccAWSOrganizations/OrganizationalUnit/Name (22.08s) --- PASS: TestAccAWSOrganizations/Policy (63.90s) --- PASS: TestAccAWSOrganizations/Policy/concurrent (18.56s) --- PASS: TestAccAWSOrganizations/Policy/Description (21.93s) --- PASS: TestAccAWSOrganizations/Policy/basic (23.41s) --- PASS: TestAccAWSOrganizations/PolicyAttachment (57.98s) --- PASS: TestAccAWSOrganizations/PolicyAttachment/Account (17.75s) --- PASS: TestAccAWSOrganizations/PolicyAttachment/OrganizationalUnit (21.75s) --- PASS: TestAccAWSOrganizations/PolicyAttachment/Root (18.48s) PASS ```
Fix submitted: #9195 |
The fix to have the Organizations service client within the Terraform AWS Provider automatically retry requests on this error has been merged and will release with version 2.19.0, likely later this week. 👍 |
This has been released in version 2.19.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
Terraform v0.11.3
provider.aws v1.24.0
Currently blocked from upgrading past v0.11.3 due to proxy error
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
Account created. SCPs created. All SCP attached to account.
Actual Behavior
Account created. SCPs created. 1 x SCP attached to account.
2nd, 3rd, etc SCP attachments error with ConcurrentModificationException
E.g. with organization, account, SCPs and 1 out of 3 attachment in state already:
Steps to Reproduce
terraform apply
Important Factoids
Also happens
Workarounds:
The text was updated successfully, but these errors were encountered: