aws_ec2_client_vpn_endpoint timeout is too low #7871
Comments
bflad
added
bug
|
Need to either increase the timeout in the code or implement the resource to use the timeouts block as per https://www.terraform.io/docs/configuration/resources.html#timeouts |
|
Hi @juanbecerra 👋 Sorry for the trouble here. We currently have a 1 minute retry timeout around this error: However since the Terraform error didn't include the above error in its output, it seems like this may be some other issue in your environment such as EC2 throttling. If you enable debug logging, e.g. Generally speaking, increasing the timeout or offering a customizable timeout will only rarely help operators other than having the same error being retried by the AWS Go SDK for a longer amount of time, usually ending in a more frustrating user experience since the error is not being returned to the Terraform resource code. A definite bug here is that we need to add an extra conditional to properly retry the request outside the |
|
We may also want to consider having the Terraform AWS Provider EC2 session use the AWS Go SDK retry mechanism for the above error instead of utilizing any sort of timeout, e.g. This simplifies the code in this case and allows operators to choose their threshold of retry tolerance via the provider |
…try logic from resource logic with hardcoded timeout into EC2 service client Reference: #7871 In the debug logs from running the concurrent acceptance testing, saw this with the updated logic: ``` 2019/07/30 16:08:36 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ec2/CreateClientVpnEndpoint failed, attempt 0/25, error OperationNotPermitted: Endpoint cannot be created while another endpoint is being created or the service linked role is being deleted status code: 400, request id: 791f5723-e6fd-4cf9-8754-00bd0e8c79e6 2019/07/30 16:08:36 [DEBUG] [aws-sdk-go] DEBUG: Retrying Request ec2/CreateClientVpnEndpoint, attempt 1 ``` Output from acceptance testing: ``` --- PASS: TestAccAwsEc2ClientVpnEndpoint_basic (22.40s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withDNSServers (31.58s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withLogGroup (33.22s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_tags (38.07s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_msAD (1753.81s) ```
|
Fix submitted: #9558 |
|
The timeout removal has been merged and will release with version 2.22.0 of the Terraform AWS Provider, tomorrow. 👍 |
|
This has been released in version 2.22.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Community Note
Terraform Version
Terraform v0.11.11
Affected Resource(s)
Terraform Configuration Files
resource "aws_ec2_client_vpn_endpoint" "ts_vpn" {
description = "ACME Client VPN"
server_certificate_arn = "${aws_acm_certificate.vpn_server_cert.arn}"
client_cidr_block = "11.50.0.0/22"
authentication_options {
type = "directory-service-authentication"
active_directory_id = "${var.ldap_id}"
}
connection_log_options {
enabled = false
}
}
Debug Output
Panic Output
Expected Behavior
Resource Created
Actual Behavior
aws_ec2_client_vpn_endpoint.ts_vpn: Error creating Client VPN endpoint: timeout while waiting for state to become 'success' (timeout: 1m0s)
Steps required to reproduce the issue
terraform applyImportant Factoids
References
The text was updated successfully, but these errors were encountered: