terraform-aws-elastic-beanstalk-environment icon indicating copy to clipboard operation
terraform-aws-elastic-beanstalk-environment copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

ssm_activation_error Failing to deploy in the first deployment.

Open stamtech opened this issue 2 years ago • 4 comments

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

When i deploy the project for the first time, it seems there is a race condition issue, i have this error Error creating SSM activation: ValidationException: Nonexistent role or missing ssm service principal in trust policy When i re-run terraform apply, the ressource aws_ssm_activation is created

Expected Behavior

Create everything in the first terraform apply

Steps to Reproduce

Terraform apply with last lib version => 0.46.0

Screenshots

might be a missing "depends_on" here ! Capture d’écran 2022-02-04 à 10 14 59

stamtech avatar Feb 04 '22 09:02 stamtech

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

When i deploy the project for the first time, it seems there is a race condition issue, i have this error Error creating SSM activation: ValidationException: Nonexistent role or missing ssm service principal in trust policy When i re-run terraform apply, the ressource aws_ssm_activation is created

Expected Behavior

Create everything in the first terraform apply

Steps to Reproduce

Terraform apply with last lib version => 0.46.0

Screenshots

might be a missing "depends_on" here ! Capture d’écran 2022-02-04 à 10 14 59

I confirm, worse when you have several calls to this module in a single "stack". This is from TFC:

image

fernandoespinosa avatar Feb 09 '22 05:02 fernandoespinosa

I concur, this issue is present in my module deployments as well. What I do not understand is if this has any practical impact apart from an error on creation. The environment seems to be provisioned successfully. However, when invoking terraform plan wants to add the missing resource(s).

So a workaround is two consecutive terraform apply invocations but am not sure if this works correctly... (appears to be though!)

andylamp avatar Feb 11 '22 10:02 andylamp

We are using version 0.39.1 of "cloudposse/elastic-beanstalk-environment/aws" and we get the same error. Fails the first time with this error: Error creating SSM activation: ValidationException: Nonexistent role or missing ssm service principal in trust policy: arn:aws:iam:: Subsequent Terraform applies succeed.

nathant727 avatar Mar 29 '22 22:03 nathant727

Seeing the same behavior as others, first apply yields the SSM activation error, further applies are fine. Issue isn't harmful, but should probably be documented, I could see someone stumbling on this for a long time / assuming the module is broken.

lrouker avatar May 24 '22 13:05 lrouker

Adding depends_on = [aws_elastic_beanstalk_environment.default] to the aws_ssm_activation resource resolves this issue

emcee-gitflow avatar Nov 03 '22 15:11 emcee-gitflow