botocore waiters-like handler

[leventyalcin]

Hi there,

As you may know, there are a couple of issues with creating some sort of resources on AWS.

For instance, If you are creating an IAM role and if you want to assign that role to some resources during the same terraform apply, it fails and it runs at the second run.

It's ok and it is the nature of IAM which is explained in here

So, to be able to automate or control the stuff properly AWS and boto implemented WaitCondition&WaitConditionHandle and Waiters into their stuff.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waitcondition.html
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waitconditionhandle.html
http://botocore.readthedocs.io/en/latest/reference/services/iam.html#waiters

My proposal is having some wait property on the resources and linking any other resources by depends_on. With that way, we can create and use that kind of resources in same terraform apply.

resource "aws_iam_role" "role" {
    name               = "${var.role_name}"
    assume_role_policy = "${data.template_file.role_template.rendered}"
}

resource "aws_iam_role_policy" "policy" {
    name       = "${var.role_name}"
    role       = "${aws_iam_role.role.id}"
    policy     = "${data.template_file.policy_template.rendered}"
    depends_on = ["aws_iam_role.role"]
    wait_after = 30
}

resource "aws_iam_instance_profile" "test_profile" {
    name       = "test_profile"
    roles      = ["${aws_iam_role.role.name}"]
    depends_on = ["aws_iam_role_policy.policy"]
}

It is also a problem if you are creating role(s) and try to associate to a CMK.

References

#6136
#2349
#5862
#5863

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.