Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting Provider defaults to remove slow calls to AWS STS and Metadata #1288

Merged
merged 1 commit into from
Feb 7, 2021
Merged

Setting Provider defaults to remove slow calls to AWS STS and Metadata #1288

merged 1 commit into from
Feb 7, 2021

Conversation

stack72
Copy link
Contributor

@stack72 stack72 commented Jan 5, 2021
edited
Loading

Fixes: #873

  • skipCredentialsValidation now defaults to true.
  • skipGetEc2Platforms now defaults to true.
  • skipMetadataApiCheck now defaults to true.
  • skipRegionValidation now defaults to true.

It's important to note that this does not require the replacement of either default or named provider:

pulumi up --yes
Previewing update (dev)

View Live: https://app.pulumi.com/stack72/provider-change/dev/previews/cb4c2428-a6a2-40fe-aabc-814509e782a4

     Type                     Name                 Plan
 +   pulumi:pulumi:Stack      provider-change-dev  create
 +   ├─ pulumi:providers:aws  my-provider          create
 +   ├─ aws:s3:Bucket         stack72-bucket       create
 +   └─ aws:s3:Bucket         stack72-bucket-2     create

Resources:
    + 4 to create

Updating (dev)

View Live: https://app.pulumi.com/stack72/provider-change/dev/updates/13

     Type                     Name                 Status
 +   pulumi:pulumi:Stack      provider-change-dev  created
 +   ├─ pulumi:providers:aws  my-provider          created
 +   ├─ aws:s3:Bucket         stack72-bucket-2     created
 +   └─ aws:s3:Bucket         stack72-bucket       created

Outputs:
    bucket1Name: "stack72-bucket-3021538"
    bucket2Name: "stack72-bucket-2-e5e84ca"

Resources:
    + 4 created

Duration: 19s


~/code/provider-change
pulumi up
Previewing update (dev)

View Live: https://app.pulumi.com/stack72/provider-change/dev/previews/93b423fc-c366-4c44-a852-b2c613221470

     Type                     Name                 Plan       Info
     pulumi:pulumi:Stack      provider-change-dev
 ~   └─ pulumi:providers:aws  my-provider          update     [diff: +skipCredentialsValidation,skipGetEc2Platforms,skipMetadataApiCheck,skipRegionValidation]

Resources:
    ~ 1 to update
    3 unchanged

Do you want to perform this update? yes
Updating (dev)

View Live: https://app.pulumi.com/stack72/provider-change/dev/updates/14

     Type                     Name                 Status      Info
     pulumi:pulumi:Stack      provider-change-dev
 ~   └─ pulumi:providers:aws  my-provider          updated     [diff: +skipCredentialsValidation,skipGetEc2Platforms,skipMetadataApiCheck,skipRegionValidation]

Outputs:
    bucket1Name: "stack72-bucket-3021538"
    bucket2Name: "stack72-bucket-2-e5e84ca"

Resources:
    ~ 1 updated
    3 unchanged

Duration: 4s

@stack72
Setting Provider defaults to remove slow calls to AWS STS and Metadata
ac3689e 
Fixes: #873

* `skipCredentialsValidation` now defaults to `true`.
* `skipGetEc2Platforms` now defaults to `true`.
* `skipMetadataApiCheck` now defaults to `true`.
* `skipRegionValidation` now defaults to `true`.
@stack72 stack72 self-assigned this Jan 5, 2021
@mikhailshilkov
Copy link
Member

Was #873 introduced at some point or was it always like that? What does TF default to? Any downsides to new defaults?

For some reason, the provider seems to call these APIs twice,

Do you know why we can it twice? Does this change eliminate both?

@stack72
Copy link
Contributor Author

stack72 commented Jan 7, 2021

Was #873 introduced at some point or was it always like that? What does TF default to? Any downsides to new defaults?

For some reason, the provider seems to call these APIs twice,

Do you know why we can it twice? Does this change eliminate both?

So #873 is a long standing issue due to upstream - we re trying to diverge from the TF provider by changing these defaults.

@stack72 stack72 merged commit bfa4f78 into master Feb 7, 2021
@stack72 stack72 deleted the gh-873 branch February 7, 2021 19:55
@leezen leezen mentioned this pull request Feb 18, 2021
Closed
@dferretti dferretti mentioned this pull request Feb 25, 2021
Closed
@christophermaier christophermaier mentioned this pull request Sep 22, 2021
Closed
@jaxxstorm jaxxstorm mentioned this pull request Nov 7, 2021
Closed
@t0yv0 t0yv0 mentioned this pull request May 17, 2024
Merged
t0yv0 added a commit that referenced this pull request May 22, 2024
@t0yv0
Do not skip metadata API check by default (#3960)
5a342a1 
This PR explores reverting the default `aws:skipMetadataApiCheck=false`
setting to enable the provider to be able to seamlessly authenticate
against an IMDS(v2) endpoints in the AWS environment. It appears that
doing so no longer slows down the provider startup time perceptibly. The
way I tested the speed delta was by measuring local empty preview of an
AWS s3 Bucket using AWS_PROFILE authentication with local <-> us-east-1
there is no perceptible difference.

Fixes: #1692

An integration test is added that exercises `pulumi preview` on an EC2
instance with IMDSv2 and asserts that the provider can authenticate
successfully.

Background:

- #873
- #1288
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leezen leezen leezen approved these changes

@mikhailshilkov mikhailshilkov Awaiting requested review from mikhailshilkov

Assignees

@stack72 stack72

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS metadata and STS API calls are slow
3 participants
@stack72 @mikhailshilkov @leezen