Add a sleep to cover-up the race condition between s3, iam, and cloud…

…trail hashicorp/terraform#13631
qualimente · Oct 3, 2017 · b37371b · b37371b
1 parent dd1d982
commit b37371b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/cloudtrail/aws_cloudtrail.tf b/cloudtrail/aws_cloudtrail.tf
@@ -43,5 +43,5 @@ resource "aws_cloudtrail" "ct" {
   is_multi_region_trail         = "${var.is_multi_region_trail}"
   cloud_watch_logs_group_arn    = "${aws_cloudwatch_log_group.ct.arn}"
   cloud_watch_logs_role_arn     = "${aws_iam_role.ct.arn}"
-  depends_on                    = ["aws_s3_bucket_policy.bucket"]
+  depends_on                    = ["aws_s3_bucket.bucket", "aws_s3_bucket_policy.bucket", "aws_iam_role.ct"]
 }
diff --git a/cloudtrail/aws_s3_bucket.tf b/cloudtrail/aws_s3_bucket.tf
@@ -22,6 +22,13 @@ resource "aws_s3_bucket" "bucket" {
   tags = {
     terraform = "true"
   }
+
+  // https://github.com/hashicorp/terraform/issues/13631
+  // There is a race condition between creation of IAM/S3 resources and when they are visible to Cloudtrail
+  // sleep a bit during IAM role creation to enable the change to propagate at AWS
+  provisioner "local-exec" {
+    command = "sleep 10"
+  }
 }
 
 resource "aws_s3_bucket_policy" "bucket" {