Allow configurable timeout when reading security group rule

When being throttled on AWS requests, read requests are the first ones
to be throttled, and reading security group rules can take longer than
5m to complete. Transform the hard timeout of 5m with a configurable
timeout to avoid this problem.

Fixes part of hashicorp#3128

aws/resource_aws_security_group_rule.go

@@ -44,6 +44,10 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
  SchemaVersion: 2,
  MigrateState: resourceAwsSecurityGroupRuleMigrateState,
 
+ Timeouts: &schema.ResourceTimeout{
+ Read: schema.DefaultTimeout(5 * time.Minute),
+ },
+
  Schema: map[string]*schema.Schema{
  "type": {
  Type: schema.TypeString,
@@ -227,7 +231,7 @@ information and instructions for recovery. Error: %w`, sg_id, autherr)
  id := ipPermissionIDHash(sg_id, ruleType, perm)
  log.Printf("[DEBUG] Computed group rule ID %s", id)
 
- err = resource.Retry(5*time.Minute, func() *resource.RetryError {
+ err = resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError {
  sg, err := finder.SecurityGroupByID(conn, sg_id)
 
  if err != nil {

website/docs/r/security_group_rule.html.markdown

@@ -90,6 +90,13 @@ In addition to all arguments above, the following attributes are exported:
 
 * `id` - ID of the security group rule.
 
+## Timeouts
+
+`aws_security_group_rule` provides the following [Timeouts](/docs/configuration/resources.html#timeouts)
+configuration options:
+
+- `read` - (Default `5 minutes`) How long to wait for reading a rsecurity group rule.
+
 ## Import
 
 Security Group Rules can be imported using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (e.g. `cidr_block`) separated by underscores (`_`). All parts are required.