From 6754806adc139be034607ba8ba5761eec9b0ea72 Mon Sep 17 00:00:00 2001
From: Olivier Bourdon <olivier.bourdon@squarescale.com>
Date: Wed, 13 Nov 2019 15:31:18 +0100
Subject: [PATCH]  Allow configurable timeout when reading security group rule

When being throttled on AWS requests, read requests are the first ones
to be throttled, and reading security group rules can take longer than
5m to complete. Transform the hard timeout of 5m with a configurable
timeout to avoid this problem.

Fixes part of #3128
---
 aws/resource_aws_security_group_rule.go          | 6 +++++-
 website/docs/r/security_group_rule.html.markdown | 7 +++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_security_group_rule.go b/aws/resource_aws_security_group_rule.go
index e6844c405bc..9e3c888e9ac 100644
--- a/aws/resource_aws_security_group_rule.go
+++ b/aws/resource_aws_security_group_rule.go
@@ -44,6 +44,10 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 		SchemaVersion: 2,
 		MigrateState:  resourceAwsSecurityGroupRuleMigrateState,
 
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
 		Schema: map[string]*schema.Schema{
 			"type": {
 				Type:        schema.TypeString,
@@ -227,7 +231,7 @@ information and instructions for recovery. Error: %w`, sg_id, autherr)
 	id := ipPermissionIDHash(sg_id, ruleType, perm)
 	log.Printf("[DEBUG] Computed group rule ID %s", id)
 
-	err = resource.Retry(5*time.Minute, func() *resource.RetryError {
+	err = resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError {
 		sg, err := finder.SecurityGroupByID(conn, sg_id)
 
 		if err != nil {
diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown
index aaa521817cd..70f1db4030d 100644
--- a/website/docs/r/security_group_rule.html.markdown
+++ b/website/docs/r/security_group_rule.html.markdown
@@ -90,6 +90,13 @@ In addition to all arguments above, the following attributes are exported:
 
 * `id` - ID of the security group rule.
 
+## Timeouts
+
+`aws_security_group_rule` provides the following [Timeouts](/docs/configuration/resources.html#timeouts)
+configuration options:
+
+- `read` - (Default `5 minutes`) How long to wait for reading a rsecurity group rule.
+
 ## Import
 
 Security Group Rules can be imported using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (e.g. `cidr_block`) separated by underscores (`_`). All parts are required.