Inconsistent Timeout on CloudFront distribution creation (150+ distros) #6197
Comments
bflad
added
the
service/cloudfront
|
Hi @Djiit 👋 Very sorry for the trouble! Would it be possible to share what change(s) you were attempting? The That error message (with its 1 minute timeout for retries) occurs here in the code, which is called during updates or during deletion (to disable the distribution first). |
|
I'm currently destroying theses CF distros (might have to wait for a couple hours), but i'll send you that as soon as I can. The Thanks for your quick answer, I appreciate this. |
|
If its giving you lots of trouble, you can also try reducing your concurrency with the terraform plan/apply |
|
Hmmm the plan output encoding is weird. I'll try again tomorrow. |
|
So, applying again on a fresh, empty environment with parallelism set to 2, now get this error : on 20 or so resources. But AFAIK, there isn't any resource associated with this specific CNAME. //EDIT// More on that, all the concerned distributions are here, activated and seems healthy ! But the linked route53 records are not created (as the need to be created after the distributions) Do you have an email adresse where I can send you my plan and debug ouput (as it might contain some sensitive informations) ? |
|
Feel free to drop a Gist which can be encrypted with the HashiCorp GPG Key. |
|
Thanks, i'll do that. Some new information here :
(edited)
|
|
Here is the encrypted output : https://gist.github.com/Djiit/cd40c6ad858b3ffa797ae466a3adf734, I hope I'm doing this well ahah |
|
Hi there, any update on this ? FWIW when we force the parallelism to 1, it's ok. But hell this is long. |
… timeout retry for AWS Go SDK retries Reference: * #6197 When using `resource.Retry()` for handling eventual consistency, it will timebox the inner function to the configured timeout, which we generally set to a minute or two. The AWS Go SDK, when it encounters recoverable conditions such as 5XX errors or throttling errors, will automatically retry within itself up to the configured session `MaxRetries` (Terraform AWS Provider `max_retries` configuration) before returning to the calling code. For heavily utilized AWS accounts, the throttling errors will cause the outer timeout, which does not give the resource the opportunity to keep retrying outside the timebox. Here we implement this final retry by checking for timeout error from `resource.Retry()` outside the timeboxing, so the AWS Go SDK can return the proper error messaging in these situations or (hopefully) finally succeed in the case of throttling. Since this error handling condition would require extraneous amounts of resources to only potentially trigger the handling, we do not generally implement covering acceptance testing for this code, but it may be a good candidate for special Terraform AWS Provider handling within a future planned Terraform Provider linting tool. Output from acceptance testing: ``` --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyOriginID (2.08s) --- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyDomainName (2.08s) --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn (1821.71s) --- PASS: TestAccAWSCloudFrontDistribution_ViewerCertificate_AcmCertificateArn_ConflictsWithCloudFrontDefaultCertificate (1821.72s) --- PASS: TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig (2086.99s) --- PASS: TestAccAWSCloudFrontDistribution_orderedCacheBehavior (2090.63s) --- PASS: TestAccAWSCloudFrontDistribution_HTTP11Config (2092.43s) --- PASS: TestAccAWSCloudFrontDistribution_noOptionalItemsConfig (2092.72s) --- PASS: TestAccAWSCloudFrontDistribution_IsIPV6EnabledConfig (2097.43s) --- PASS: TestAccAWSCloudFrontDistribution_S3Origin (2277.83s) --- PASS: TestAccAWSCloudFrontDistribution_multiOrigin (2280.49s) --- PASS: TestAccAWSCloudFrontDistribution_customOrigin (2282.05s) --- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (3345.90s) ```
|
Pull request submitted: #7809 |
|
The fix for this has been merged and will release with version 2.1.0 of the Terraform AWS Provider, likely in the next day or two. |
|
This has been released in version 2.1.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Community Note
Terraform Version
Terraform v0.11.7
Affected Resource(s)
Terraform Configuration Files
100 CF distributions with 50 rules each.
Debug Output
(20x or so, mileage varies).
Expected Behavior
Terraform should have applied our changes to AWS. (here, create 100-ish CloudFront (CF) distributions). Also we didn't expect a "1 minute timeout" on this resource. According to https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_cloudfront_distribution.go, it's 70 minute for CF distributions
Actual Behavior
Terraform errored and leave multiple CF distros on AWS, forcing us to clean all this mess by hand.
Steps to Reproduce
terraform applyThe text was updated successfully, but these errors were encountered: