Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Wait for Hyperplane-attached ENIs for lambdas to move to 'available' state before detaching #10114

Merged
merged 3 commits into from
Oct 3, 2019
Merged

[WIP] Wait for Hyperplane-attached ENIs for lambdas to move to 'available' state before detaching #10114

merged 3 commits into from
Oct 3, 2019

Conversation

ewbankkit
Copy link
Contributor

@ewbankkit ewbankkit commented Sep 16, 2019
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Closes #10044

Release note for CHANGELOG:

resources/aws_security_group: Increase default delete timeout to 30 minutes. Wait for Hyperplane-attached ENIs for lambdas to move to 'available' state before attempting to delete lingering ENIs.
resources/aws_subnet: Increase default delete timeout to 30 minutes. Wait for Hyperplane-attached ENIs for lambdas to move to 'available' state before attempting to delete lingering ENIs.

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_VPC_withInvocation'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSLambdaFunction_VPC_withInvocation -timeout 120m
=== RUN   TestAccAWSLambdaFunction_VPC_withInvocation
=== PAUSE TestAccAWSLambdaFunction_VPC_withInvocation
=== CONT  TestAccAWSLambdaFunction_VPC_withInvocation
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (195.10s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	195.166s
$ AWS_DEFAULT_REGION=eu-west-1 make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_VPC_withInvocation'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSLambdaFunction_VPC_withInvocation -timeout 120m
=== RUN   TestAccAWSLambdaFunction_VPC_withInvocation
=== PAUSE TestAccAWSLambdaFunction_VPC_withInvocation
=== CONT  TestAccAWSLambdaFunction_VPC_withInvocation
--- FAIL: TestAccAWSLambdaFunction_VPC_withInvocation (1288.36s)
    testing.go:630: Error destroying resource! WARNING: Dangling resources
        may exist. The full state and error is shown below.
        
        Error: errors during apply: 2 problems:
        
        - error deleting Lambda ENIs using subnet (subnet-0fae3a7fbe012c060): error waiting for ENI (eni-0606e238685023d8f) to become available: timeout while waiting for state to become 'available, deleted' (last state: 'available', timeout: 20m0s)
        - error deleting Lambda ENIs using Security Group (sg-0f12870b552344394): error waiting for ENI (eni-0606e238685023d8f) to become available: timeout while waiting for state to become 'available, deleted' (last state: 'available', timeout: 20m0s)
...
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	1288.465s
make: *** [testacc] Error 1

For some reason the new delete timeout of 30 minutes for both security groups and subnets is not being respected and even though the ENI has entered available state we are still ensuring that we get a number of availables in a row to work around any API consistency issues and hit the default 20 minute timeout.
Maybe a Terraform 0.12 issue with Timeout blocks and MigrateState functions?

@ewbankkit ewbankkit requested a review from a team September 16, 2019 01:47
@ghost ghost added size/L Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. service/ec2 Issues and PRs that pertain to the ec2 service. labels Sep 16, 2019
@ewbankkit ewbankkit mentioned this pull request Sep 16, 2019
Closed
@ewbankkit
Copy link
Contributor Author

ewbankkit commented Sep 16, 2019
edited
Loading

Terraform 0.11.10:

"resources": {
    "aws_security_group.example": {
        "type": "aws_security_group",
        "primary": {
            "meta": {
                "e2bfb730-ecaa-11e6-8f88-34363bc7c4c0": {
                    "create": 600000000000,
                    "delete": 1800000000000
                },
                "schema_version": "1"
            },
        }
    }
}

Terraform 0.12.8:

"resources": [{
    "mode": "managed",
    "type": "aws_security_group",
    "name": "example",
    "instances": [
    {
        "schema_version": 1,
        "attributes": {
        "timeouts": null,
        }
    }
    ]
}]

The timeouts are being lost.
This doesn't seem to be related to the schema version - For resources with the default schema version timeouts is also being persisted as null.

Terraform Core issue: hashicorp/terraform#22810.

@ewbankkit ewbankkit mentioned this pull request Sep 16, 2019
Closed
obourdon added a commit to obourdon/terraform-provider-aws that referenced this pull request Sep 17, 2019
@obourdon
Workaround for issue hashicorp#10114
05a910c
obourdon
obourdon suggested changes Sep 18, 2019
View reviewed changes
Copy link
Contributor

@obourdon obourdon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 2 funcs networkInterfaceAttachmentStateRefresh and networkInterfaceStateRefresh share over 90% of their code. Wouldn't it be nicer to have a single function which could be parametrised ?

aws/resource_aws_network_interface.go Show resolved Hide resolved
@ewbankkit
Copy link
Contributor Author

OK, after fixing a bug and incorporating the code changes from hashicorp/terraform#22837 I am now getting success in us-west-2, us-west-1 and us-central-1:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_VPC_withInvocation'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSLambdaFunction_VPC_withInvocation -timeout 120m
=== RUN   TestAccAWSLambdaFunction_VPC_withInvocation
=== PAUSE TestAccAWSLambdaFunction_VPC_withInvocation
=== CONT  TestAccAWSLambdaFunction_VPC_withInvocation
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (66.55s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	66.576s
$  AWS_DEFAULT_REGION=eu-west-1 make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_VPC_withInvocation'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSLambdaFunction_VPC_withInvocation -timeout 120m
=== RUN   TestAccAWSLambdaFunction_VPC_withInvocation
=== PAUSE TestAccAWSLambdaFunction_VPC_withInvocation
=== CONT  TestAccAWSLambdaFunction_VPC_withInvocation
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (1294.06s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	1294.082s
$ AWS_DEFAULT_REGION=eu-central-1 make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_VPC_withInvocation'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSLambdaFunction_VPC_withInvocation -timeout 120m
=== RUN   TestAccAWSLambdaFunction_VPC_withInvocation
=== PAUSE TestAccAWSLambdaFunction_VPC_withInvocation
=== CONT  TestAccAWSLambdaFunction_VPC_withInvocation
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (1289.16s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	1289.180s

@ewbankkit ewbankkit mentioned this pull request Sep 19, 2019
Merged
This was referenced Oct 1, 2019
Closed
Closed
bflad added a commit that referenced this pull request Oct 2, 2019
@bflad
service/ec2: Updated handling for Lambda Hyperplane ENIs
a54c065 
Reference: #10044
Reference: #10114
Reference: #10329

The introduction of [improved VPC networking for Lambda]() brought some welcome enhancements to Lambda functionality, but initially has some unintentional consequences when working with Terraform due to the underlying infrastructure changes. The main issue is that these new Hyperplane ENIs associated with Lambda take additional time currently to detach/delete and that the Lambda service itself is the owner of these ENIs, which prevents early detachment.

In working with the AWS Lambda service team, we have received some confirmation on expected detachment/deletion timeframes for Lambda Hyperplane ENIs. Using this information, we set the Lambda ENI timeout to be at a minimum the expected deletion time to match the service expectations without adjusting the overall default `aws_security_group` or `aws_subnet` resource deletion timeouts. This is to ensure legitimate `DependencyViolation` errors return to operators in a fairly timely manner (left as 10 minutes and 20 minutes respectfully).

Output from AWS Commerical (us-east-2 - Hyperplane enabled)

```
--- PASS: TestAccAWSLambdaFunction_basic (23.37s)
--- PASS: TestAccAWSLambdaFunction_concurrency (30.76s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (43.12s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (42.40s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (41.70s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (22.99s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (51.21s)
--- PASS: TestAccAWSLambdaFunction_envVariables (45.14s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (10.90s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (31.12s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (1422.82s)
--- PASS: TestAccAWSLambdaFunction_importS3 (22.66s)
--- PASS: TestAccAWSLambdaFunction_Layers (34.75s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (54.60s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (31.40s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (24.21s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (12.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (23.05s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (26.99s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (26.53s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (0.72s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (18.66s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (27.62s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (22.87s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (27.09s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (27.87s)
--- PASS: TestAccAWSLambdaFunction_s3 (22.59s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (32.58s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (31.07s)
--- PASS: TestAccAWSLambdaFunction_tags (42.41s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (39.12s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (29.16s)
--- PASS: TestAccAWSLambdaFunction_versioned (28.09s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (47.13s)
--- PASS: TestAccAWSLambdaFunction_VPC (1331.55s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (1376.24s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (1327.69s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (1490.19s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (1685.40s)
```

Output from AWS Commercial (us-west-2 - Hyperplane not deployed)

```
--- PASS: TestAccAWSLambdaFunction_basic (40.50s)
--- PASS: TestAccAWSLambdaFunction_concurrency (47.79s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (62.65s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (55.95s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (50.23s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (37.47s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (73.66s)
--- PASS: TestAccAWSLambdaFunction_envVariables (80.88s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (22.59s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (42.78s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (39.40s)
--- PASS: TestAccAWSLambdaFunction_importS3 (36.62s)
--- PASS: TestAccAWSLambdaFunction_Layers (53.78s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (89.78s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (54.31s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (56.10s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (26.12s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (46.49s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (52.25s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (43.59s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (2.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (43.88s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (47.91s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (45.95s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (41.40s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (50.32s)
--- PASS: TestAccAWSLambdaFunction_s3 (35.28s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (57.89s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (58.81s)
--- PASS: TestAccAWSLambdaFunction_tags (75.77s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (55.61s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (57.19s)
--- PASS: TestAccAWSLambdaFunction_versioned (33.52s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (58.25s)
--- PASS: TestAccAWSLambdaFunction_VPC (56.81s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (86.81s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (42.99s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (80.28s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (81.84s)

--- PASS: TestAccAWSSecurityGroup_basic (10.14s)
--- PASS: TestAccAWSSecurityGroup_Change (19.36s)
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (31.78s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (6.53s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (25.29s)
--- PASS: TestAccAWSSecurityGroup_drift (7.55s)
--- PASS: TestAccAWSSecurityGroup_drift_complex (31.62s)
--- PASS: TestAccAWSSecurityGroup_Egress_ConfigMode (23.76s)
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (24.51s)
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (12.13s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_false (1228.05s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_true (1242.70s)
--- PASS: TestAccAWSSecurityGroup_generatedName (25.26s)
--- PASS: TestAccAWSSecurityGroup_importBasic (12.91s)
--- PASS: TestAccAWSSecurityGroup_importIPRangeAndSecurityGroupWithSameRules (14.68s)
--- PASS: TestAccAWSSecurityGroup_importIPRangesWithSameRules (12.19s)
--- PASS: TestAccAWSSecurityGroup_importIpv6 (30.08s)
--- PASS: TestAccAWSSecurityGroup_importPrefixList (25.01s)
--- PASS: TestAccAWSSecurityGroup_importSelf (31.64s)
--- PASS: TestAccAWSSecurityGroup_importSourceSecurityGroup (30.19s)
--- PASS: TestAccAWSSecurityGroup_Ingress_ConfigMode (23.47s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (31.60s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (9.86s)
--- PASS: TestAccAWSSecurityGroup_ingressWithPrefixList (44.12s)
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (1.28s)
--- PASS: TestAccAWSSecurityGroup_ipv4andipv6Egress (11.90s)
--- PASS: TestAccAWSSecurityGroup_ipv6 (12.77s)
--- PASS: TestAccAWSSecurityGroup_MultiIngress (12.33s)
--- PASS: TestAccAWSSecurityGroup_namePrefix (6.47s)
--- PASS: TestAccAWSSecurityGroup_RuleDescription (26.52s)
--- PASS: TestAccAWSSecurityGroup_ruleGathering (24.55s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend (48.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAllNew (53.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAppend (50.48s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededPrepend (54.09s)
--- PASS: TestAccAWSSecurityGroup_rulesDropOnError (22.40s)
--- PASS: TestAccAWSSecurityGroup_self (11.93s)
--- PASS: TestAccAWSSecurityGroup_tags (40.86s)
--- PASS: TestAccAWSSecurityGroup_vpc (10.39s)
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (10.55s)
--- PASS: TestAccAWSSecurityGroup_vpcProtoNumIngress (11.84s)

--- PASS: TestAccAWSSubnet_availabilityZoneId (26.56s)
--- PASS: TestAccAWSSubnet_basic (26.69s)
--- PASS: TestAccAWSSubnet_enableIpv6 (42.97s)
--- PASS: TestAccAWSSubnet_ipv6 (69.30s)
```
@bflad bflad mentioned this pull request Oct 2, 2019
Merged
bflad added a commit that referenced this pull request Oct 2, 2019
@bflad
service/ec2: Updated handling for Lambda Hyperplane ENIs
922037e 
Reference: #10044
Reference: #10114
Reference: #10329

The introduction of [improved VPC networking for Lambda]() brought some welcome enhancements to Lambda functionality, but initially has some unintentional consequences when working with Terraform due to the underlying infrastructure changes. The main issue is that these new Hyperplane ENIs associated with Lambda take additional time currently to detach/delete and that the Lambda service itself is the owner of these ENIs, which prevents early detachment.

In working with the AWS Lambda service team, we have received some confirmation on expected detachment/deletion timeframes for Lambda Hyperplane ENIs. Using this information, we set the Lambda ENI timeout to be at a minimum the expected deletion time to match the service expectations without adjusting the overall default `aws_security_group` or `aws_subnet` resource deletion timeouts. This is to ensure legitimate `DependencyViolation` errors return to operators in a fairly timely manner (left as 10 minutes and 20 minutes respectfully).

Output from AWS Commerical (us-east-2 - Hyperplane enabled)

```
--- PASS: TestAccAWSLambdaFunction_basic (23.37s)
--- PASS: TestAccAWSLambdaFunction_concurrency (30.76s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (43.12s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (42.40s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (41.70s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (22.99s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (51.21s)
--- PASS: TestAccAWSLambdaFunction_envVariables (45.14s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (10.90s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (31.12s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (1422.82s)
--- PASS: TestAccAWSLambdaFunction_importS3 (22.66s)
--- PASS: TestAccAWSLambdaFunction_Layers (34.75s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (54.60s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (31.40s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (24.21s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (12.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (23.05s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (26.99s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (26.53s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (0.72s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (18.66s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (27.62s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (22.87s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (27.09s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (27.87s)
--- PASS: TestAccAWSLambdaFunction_s3 (22.59s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (32.58s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (31.07s)
--- PASS: TestAccAWSLambdaFunction_tags (42.41s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (39.12s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (29.16s)
--- PASS: TestAccAWSLambdaFunction_versioned (28.09s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (47.13s)
--- PASS: TestAccAWSLambdaFunction_VPC (1331.55s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (1376.24s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (1327.69s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (1490.19s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (1685.40s)
```

Output from AWS Commercial (us-west-2 - Hyperplane not deployed)

```
--- PASS: TestAccAWSLambdaFunction_basic (40.50s)
--- PASS: TestAccAWSLambdaFunction_concurrency (47.79s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (62.65s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (55.95s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (50.23s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (37.47s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (73.66s)
--- PASS: TestAccAWSLambdaFunction_envVariables (80.88s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (22.59s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (42.78s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (39.40s)
--- PASS: TestAccAWSLambdaFunction_importS3 (36.62s)
--- PASS: TestAccAWSLambdaFunction_Layers (53.78s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (89.78s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (54.31s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (56.10s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (26.12s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (46.49s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (52.25s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (43.59s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (2.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (43.88s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (47.91s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (45.95s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (41.40s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (50.32s)
--- PASS: TestAccAWSLambdaFunction_s3 (35.28s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (57.89s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (58.81s)
--- PASS: TestAccAWSLambdaFunction_tags (75.77s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (55.61s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (57.19s)
--- PASS: TestAccAWSLambdaFunction_versioned (33.52s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (58.25s)
--- PASS: TestAccAWSLambdaFunction_VPC (56.81s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (86.81s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (42.99s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (80.28s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (81.84s)

--- PASS: TestAccAWSSecurityGroup_basic (10.14s)
--- PASS: TestAccAWSSecurityGroup_Change (19.36s)
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (31.78s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (6.53s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (25.29s)
--- PASS: TestAccAWSSecurityGroup_drift (7.55s)
--- PASS: TestAccAWSSecurityGroup_drift_complex (31.62s)
--- PASS: TestAccAWSSecurityGroup_Egress_ConfigMode (23.76s)
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (24.51s)
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (12.13s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_false (1228.05s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_true (1242.70s)
--- PASS: TestAccAWSSecurityGroup_generatedName (25.26s)
--- PASS: TestAccAWSSecurityGroup_importBasic (12.91s)
--- PASS: TestAccAWSSecurityGroup_importIPRangeAndSecurityGroupWithSameRules (14.68s)
--- PASS: TestAccAWSSecurityGroup_importIPRangesWithSameRules (12.19s)
--- PASS: TestAccAWSSecurityGroup_importIpv6 (30.08s)
--- PASS: TestAccAWSSecurityGroup_importPrefixList (25.01s)
--- PASS: TestAccAWSSecurityGroup_importSelf (31.64s)
--- PASS: TestAccAWSSecurityGroup_importSourceSecurityGroup (30.19s)
--- PASS: TestAccAWSSecurityGroup_Ingress_ConfigMode (23.47s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (31.60s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (9.86s)
--- PASS: TestAccAWSSecurityGroup_ingressWithPrefixList (44.12s)
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (1.28s)
--- PASS: TestAccAWSSecurityGroup_ipv4andipv6Egress (11.90s)
--- PASS: TestAccAWSSecurityGroup_ipv6 (12.77s)
--- PASS: TestAccAWSSecurityGroup_MultiIngress (12.33s)
--- PASS: TestAccAWSSecurityGroup_namePrefix (6.47s)
--- PASS: TestAccAWSSecurityGroup_RuleDescription (26.52s)
--- PASS: TestAccAWSSecurityGroup_ruleGathering (24.55s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend (48.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAllNew (53.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAppend (50.48s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededPrepend (54.09s)
--- PASS: TestAccAWSSecurityGroup_rulesDropOnError (22.40s)
--- PASS: TestAccAWSSecurityGroup_self (11.93s)
--- PASS: TestAccAWSSecurityGroup_tags (40.86s)
--- PASS: TestAccAWSSecurityGroup_vpc (10.39s)
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (10.55s)
--- PASS: TestAccAWSSecurityGroup_vpcProtoNumIngress (11.84s)

--- PASS: TestAccAWSSubnet_availabilityZoneId (26.56s)
--- PASS: TestAccAWSSubnet_basic (26.69s)
--- PASS: TestAccAWSSubnet_enableIpv6 (42.97s)
--- PASS: TestAccAWSSubnet_ipv6 (69.30s)
```
bflad added a commit that referenced this pull request Oct 2, 2019
@bflad
service/ec2: Updated handling for Lambda Hyperplane ENIs
09596a0 
Reference: #10044
Reference: #10114
Reference: #10329

The introduction of [improved VPC networking for Lambda]() brought some welcome enhancements to Lambda functionality, but initially has some unintentional consequences when working with Terraform due to the underlying infrastructure changes. The main issue is that these new Hyperplane ENIs associated with Lambda take additional time currently to detach/delete and that the Lambda service itself is the owner of these ENIs, which prevents early detachment.

In working with the AWS Lambda service team, we have received some confirmation on expected detachment/deletion timeframes for Lambda Hyperplane ENIs. Using this information, we set the Lambda ENI timeout to be at a minimum the expected deletion time to match the service expectations without adjusting the overall default `aws_security_group` or `aws_subnet` resource deletion timeouts. This is to ensure legitimate `DependencyViolation` errors return to operators in a fairly timely manner (left as 10 minutes and 20 minutes respectfully).

Output from AWS Commerical (us-east-2 - Hyperplane enabled)

```
--- PASS: TestAccAWSLambdaFunction_basic (23.37s)
--- PASS: TestAccAWSLambdaFunction_concurrency (30.76s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (43.12s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (42.40s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (41.70s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (22.99s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (51.21s)
--- PASS: TestAccAWSLambdaFunction_envVariables (45.14s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (10.90s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (31.12s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (1422.82s)
--- PASS: TestAccAWSLambdaFunction_importS3 (22.66s)
--- PASS: TestAccAWSLambdaFunction_Layers (34.75s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (54.60s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (31.40s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (24.21s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (12.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (23.05s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (26.99s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (26.53s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (0.72s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (18.66s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (27.62s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (22.87s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (27.09s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (27.87s)
--- PASS: TestAccAWSLambdaFunction_s3 (22.59s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (32.58s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (31.07s)
--- PASS: TestAccAWSLambdaFunction_tags (42.41s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (39.12s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (29.16s)
--- PASS: TestAccAWSLambdaFunction_versioned (28.09s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (47.13s)
--- PASS: TestAccAWSLambdaFunction_VPC (1331.55s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (1376.24s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (1327.69s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (1490.19s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (1685.40s)
```

Output from AWS Commercial (us-west-2 - Hyperplane not deployed)

```
--- PASS: TestAccAWSLambdaFunction_basic (40.50s)
--- PASS: TestAccAWSLambdaFunction_concurrency (47.79s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (62.65s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (55.95s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (50.23s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (37.47s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (73.66s)
--- PASS: TestAccAWSLambdaFunction_envVariables (80.88s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (22.59s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile (42.78s)
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (39.40s)
--- PASS: TestAccAWSLambdaFunction_importS3 (36.62s)
--- PASS: TestAccAWSLambdaFunction_Layers (53.78s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (89.78s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (54.31s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (56.10s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (26.12s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (46.49s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (52.25s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs810 (43.59s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (2.71s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (43.88s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (47.91s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (45.95s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (41.40s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (50.32s)
--- PASS: TestAccAWSLambdaFunction_s3 (35.28s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (57.89s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (58.81s)
--- PASS: TestAccAWSLambdaFunction_tags (75.77s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (55.61s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (57.19s)
--- PASS: TestAccAWSLambdaFunction_versioned (33.52s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (58.25s)
--- PASS: TestAccAWSLambdaFunction_VPC (56.81s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (86.81s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (42.99s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (80.28s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (81.84s)

--- PASS: TestAccAWSSecurityGroup_basic (10.14s)
--- PASS: TestAccAWSSecurityGroup_Change (19.36s)
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (31.78s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (6.53s)
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (25.29s)
--- PASS: TestAccAWSSecurityGroup_drift (7.55s)
--- PASS: TestAccAWSSecurityGroup_drift_complex (31.62s)
--- PASS: TestAccAWSSecurityGroup_Egress_ConfigMode (23.76s)
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (24.51s)
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (12.13s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_false (1228.05s)
--- PASS: TestAccAWSSecurityGroup_forceRevokeRules_true (1242.70s)
--- PASS: TestAccAWSSecurityGroup_generatedName (25.26s)
--- PASS: TestAccAWSSecurityGroup_importBasic (12.91s)
--- PASS: TestAccAWSSecurityGroup_importIPRangeAndSecurityGroupWithSameRules (14.68s)
--- PASS: TestAccAWSSecurityGroup_importIPRangesWithSameRules (12.19s)
--- PASS: TestAccAWSSecurityGroup_importIpv6 (30.08s)
--- PASS: TestAccAWSSecurityGroup_importPrefixList (25.01s)
--- PASS: TestAccAWSSecurityGroup_importSelf (31.64s)
--- PASS: TestAccAWSSecurityGroup_importSourceSecurityGroup (30.19s)
--- PASS: TestAccAWSSecurityGroup_Ingress_ConfigMode (23.47s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (31.60s)
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (9.86s)
--- PASS: TestAccAWSSecurityGroup_ingressWithPrefixList (44.12s)
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (1.28s)
--- PASS: TestAccAWSSecurityGroup_ipv4andipv6Egress (11.90s)
--- PASS: TestAccAWSSecurityGroup_ipv6 (12.77s)
--- PASS: TestAccAWSSecurityGroup_MultiIngress (12.33s)
--- PASS: TestAccAWSSecurityGroup_namePrefix (6.47s)
--- PASS: TestAccAWSSecurityGroup_RuleDescription (26.52s)
--- PASS: TestAccAWSSecurityGroup_ruleGathering (24.55s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend (48.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAllNew (53.89s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededAppend (50.48s)
--- PASS: TestAccAWSSecurityGroup_ruleLimitExceededPrepend (54.09s)
--- PASS: TestAccAWSSecurityGroup_rulesDropOnError (22.40s)
--- PASS: TestAccAWSSecurityGroup_self (11.93s)
--- PASS: TestAccAWSSecurityGroup_tags (40.86s)
--- PASS: TestAccAWSSecurityGroup_vpc (10.39s)
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (10.55s)
--- PASS: TestAccAWSSecurityGroup_vpcProtoNumIngress (11.84s)

--- PASS: TestAccAWSSubnet_availabilityZoneId (26.56s)
--- PASS: TestAccAWSSubnet_basic (26.69s)
--- PASS: TestAccAWSSubnet_enableIpv6 (42.97s)
--- PASS: TestAccAWSSubnet_ipv6 (69.30s)
```
@bflad bflad merged commit 0257db7 into hashicorp:master Oct 3, 2019
bflad added a commit that referenced this pull request Oct 3, 2019
@bflad
Update CHANGELOG for #10114 and #10347
279917a
@ewbankkit ewbankkit deleted the issue-10044 branch October 3, 2019 11:09
@ewbankkit ewbankkit mentioned this pull request Oct 3, 2019
Closed
@ghost
Copy link

ghost commented Nov 2, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@obourdon obourdon obourdon requested changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. service/ec2 Issues and PRs that pertain to the ec2 service. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS changes in eu-west-1 region impacting aws_lambda_function proper deletion
3 participants
@ewbankkit @obourdon @bflad