resourceAwsSsmParameterRead is slow even with increased SSM parameter rate-limit #9925
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
service/ssm
Issues and PRs that pertain to the ssm service.
stale
Old or inactive issues managed by automation, if no further action taken these will get closed.
Community Note
Description
Using a lot of
aws_ssm_parameter
s takes a very long time to refresh, even with increased SSM rate-limit requested from AWS.In our specific scenario where we use a few hundereds of parameters, the
refresh
stage of terraform apply takes ~90 seconds w/o parameters, or ~6 minutes with parameters.AWS provides a mechanism to increase the rate limit for SSM parameter requests, but enabling this feature does not resolve this issue. The reason for that is that this increased rate limit does not apply to all SSM API actions. In particular, it applies to
GetParameter
, but not toListTagsForResource
.This issue is very easy to reproduce - just create 100
aws_ssm_parameter
s, apply, then then measureterraform refresh
time. Such simple configuration usually takes ~60 seconds to refresh.The
resourceAwsSsmParameterRead
function usesGetParameter
,DescribeParameters
andListTagsForResource
. In order to leverage the increased rate limit, the read function would need to not use the last (or two last) of these.Obviously it would unreasonable to request that this resource does not check for parameter's tags with AWS, as this is obviously an important feature.
Possible ways to address this problem include:
ignore_tags
), which, if set to true, prevents tags from being read during refresh. Note that this is different than terraform'signore_changes
lifecycle option, as that doesn't affect what the read function does, it only affects how terraform compares resources.fast_mode
), which, if set to true, reduces the read function to justGetParameter
. In this mode only the value of the parameter is checked with AWS - which will be tremendously fast even for a large number of parameters, but has the obvious disadvantage of not detecting drifts in tags or parameter tiers.aws_ssm_parameter_fast
) which is a simpler version ofaws_ssm_parameter
which does not support tags nor tiers. I think this approach does not lie well with the style of AWS provider and might introduce unnecessary complexity and confusion.I might be able to contribute an implementation of a resolution of this problem, but it certainly requires a solid discussion first.
Affected Resource(s)
The text was updated successfully, but these errors were encountered: