pas-on-cloud
pas-on-cloud copied to clipboard
cyberark
AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation)
Summary
AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation.
Steps to Reproduce
Use the v12.2.1 FullDeployment yaml to create a new environment with default settings.
Expected Results
CloudFormation template should complete fully and create all necessary resources.
Actual Results
CloudFormation template fails with errors such as: The following resource(s) failed to create: [StorePasswordLambda, DeletePasswordLambda, RemovePermissionLambda]. Rollback requested by user. Template error: IAM role pasoncloud-LambdaDeployRole-1TNJXSYRDHUMR doesn't exist Template error: IAM role pasoncloud-LambdaRemovePermissionsRole-LPI7QK528XKR doesn't exist
Reproducible
- [X] Always - Tried 6 times in a row with same error
- [ ] Sometimes
- [ ] Non-Reproducible
Version/Tag number
12.2.1 CFT
Environment setup
Fresh AWS account environment
Additional Information
When the CloudFormation template fails with those errors, I can go to IAM and see that the roles were perfectly created. I think the issue is that it can take IAM a few seconds to make the role fully available, but the CloudFormation template does not wait for this to occur and just attempts to immediately use the roles which causes it to fail if there is any delay in IAM.
I can't manage to reproduce this issue, everything seems to work fine. Are you still having this issue? Have you tried using 12.2.3 version?
Hi – I think the issue was related to an unusual slowdown with the AWS API. It seemed to resolve itself – I think we can close out that issue.
From: pelegor @.> Sent: Wednesday, January 5, 2022 6:27 AM To: cyberark/pas-on-cloud @.> Cc: Adam Markert @.>; Author @.> Subject: Re: [cyberark/pas-on-cloud] AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation) (#289)
CyberArk Security Warning: This email originated from outside of the organization. Do not click links or open attachments unless you verified the sender mail address and know the content is safe!
I can't manage to reproduce this issue, everything seems to work fine. Are you still having this issue? Have you tried using 12.2.3 version?
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/cyberark/pas-on-cloud/issues/289*issuecomment-1005603995__;Iw!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAIunXPRs$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/ANSVZWRMOTZKLFC4PKQG4M3UUQTHXANCNFSM5C3RVJMQ__;!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAwGoS7_U$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKApANHFB0$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAArME6vo$. You are receiving this because you authored the thread.Message ID: @.@.>>