terraform-provider-aws
terraform-provider-aws copied to clipboard
hashicorp
Cloudformation Stackset Wait for Apply Changes - Unintended Consequences
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Affected Resource(s)
- aws_cloudformation_stackset
Terraform Configuration Files
resource "aws_cloudformation_stack_set" "regional" {
administration_role_arn = aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn
name = "regional"
capabilities = ["CAPABILITY_NAMED_IAM"]
template_body = file("stackset_templates/regional.json")
lifecycle {
ignore_changes = [parameters]
}
}
Debug Output
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 12m21s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 12m31s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 12m41s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 12m51s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m1s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m11s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m21s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m31s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m41s elapsed]
aws_cloudformation_stack_set.regional: Still modifying... [id=regional, 13m51s elapsed]
Panic Output
Expected Behavior
In past versions of the AWS Provider, Terraform would upload the stackset change and then exit safely while the stackset rolled out the change.
Actual Behavior
Following https://github.com/terraform-providers/terraform-provider-aws/pull/11726, Terraform now waits with a timeout for the Stackset operation to complete.
While this is expected behavior as part of the above PR, the outcome is not optimal for managing large Stacksets. We have a 350 stack instance stackset that locks up Terraform for a couple of hours with changes this way. We then cannot do other Terraform operations in this repo while a stackset change propagates. For us, this problem will continue to get worse as we add more accounts to the stackset.
This behavior also increases the risk of network drops or other issues affecting a Terraform apply. An option to not wait for the stackset operation would be much appreciated. I suspect this was not the intended outcome from this change but using stacksets at scale makes this a difficult problem to solve with waiting.
Important Factoids
References
- #0000
