botocore waiters-like handler

[hashibot]

This issue was originally opened by @leventyalcin as hashicorp/terraform#9164. It was migrated here as part of the provider split. The original body of the issue is below.

---

Hi there,

As you may know, there are a couple of issues with creating some sort of resources on AWS.

For instance, If you are creating an IAM role and if you want to assign that role to some resources during the same terraform apply, it fails and it runs at the second run.

It's ok and it is the nature of IAM which is explained in here

So, to be able to automate or control the stuff properly AWS and boto implemented WaitCondition&WaitConditionHandle and Waiters into their stuff.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waitcondition.html
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waitconditionhandle.html
http://botocore.readthedocs.io/en/latest/reference/services/iam.html#waiters

My proposal is having some wait property on the resources and linking any other resources by depends_on. With that way, we can create and use that kind of resources in same terraform apply.

resource "aws_iam_role" "role" {
    name               = "${var.role_name}"
    assume_role_policy = "${data.template_file.role_template.rendered}"
}

resource "aws_iam_role_policy" "policy" {
    name       = "${var.role_name}"
    role       = "${aws_iam_role.role.id}"
    policy     = "${data.template_file.policy_template.rendered}"
    depends_on = ["aws_iam_role.role"]
    wait_after = 30
}

resource "aws_iam_instance_profile" "test_profile" {
    name       = "test_profile"
    roles      = ["${aws_iam_role.role.name}"]
    depends_on = ["aws_iam_role_policy.policy"]
}

It is also a problem if you are creating role(s) and try to associate to a CMK.

References

#6136
#2349
#5862
#5863

[bflad]

Within the provider codebase, we prefer to handle eventual consistency issues individually in downstream resources by retrying on API specific error messages (e.g. using resource.Retry() and isAWSErr()) so folks do not need to implement their own custom logic.

That said, its possible to generically implement sleeps in Terraform if necessary:

provisioner "local-exec" {
  command = "sleep 10"
}

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!