Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CloudTrail resource creation failure when creating aws_iam_role and aws_iam_role_policy in single run #693

Closed
hashibot opened this issue Jun 13, 2017 · 1 comment · Fixed by #1312
Labels
bug Addresses a defect in current functionality.

Comments

@hashibot
Copy link

This issue was originally opened by @tmclaugh as hashicorp/terraform#13631. It was migrated here as part of the provider split. The original body of the issue is below.


There appears to be an issue with creating cloudtrails when the iam role for cloudwatch logs
is created in the same run. Terraform says the resource creation has completed but when creating the CloudTrail an InvalidCloudWatchLogsRoleArnException error occurs. A subsequent run completes just fine. This leads me to believe that the issue is with the IAM role policy change not being propagated across AWS fast enough for Terraform.

Terraform Version

Terraform v0.9.3

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_cloudtrail
  • aws_iam_role_policy
  • aws_iam_role

Terraform Configuration Files

https://gist.github.com/0dd20ed6bc2a9dcd5c316c9d5193cdc2

Debug Output

https://gist.github.com/690acefc73b6509d89e53f389981cdd0

Expected Behavior

aws_cloudtrail is successful created

Actual Behavior

It appears that the role policy is not properly propagated by AWS before attempting to create the cloudtrail resource. A second run successfully creates wht aws_cloudtrail resource.

* aws_cloudtrail.ct: InvalidCloudWatchLogsRoleArnException: Access denied. Check the trust relationships for your role.
        status code: 400, request id: 4a209c1f-206b-11e7-bb0a-0d6cd06b0119

Steps to Reproduce

  1. terraform apply
@ghost
Copy link

ghost commented Apr 11, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant