terraform-provider-aws
terraform-provider-aws copied to clipboard
hashicorp
[Bug]: Stackset module not respecting failure_tolerance_count/failure_tolerance_percentage
Terraform Core Version
v1.2.4
AWS Provider Version
v4.39.0
Affected Resource(s)
aws_cloudformation_stack_set
Expected Behavior
failure_tolerance_count or failure_tolerance_percentage should be configured in Stackset resources once given as part of operation_preferences.
Actual Behavior
failure_tolerance_count or failure_tolerance_percentage is showing 0 in AWS console and stack instances getting cancelled if a region is failed.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
data "local_file" "aws-config-stackset" {
filename = "aws-config-stackset.yaml"
}
locals {
aws_regions = [
"eu-north-1",
"ap-south-1",
"eu-west-3",
"eu-west-2",
"eu-west-1",
"ap-northeast-3",
"ap-northeast-2",
"ap-northeast-1",
"sa-east-1",
"ca-central-1",
"ap-southeast-1",
"ap-southeast-2",
"eu-central-1",
#"us-east-1",
"us-east-2",
"us-west-1",
#"us-west-2"
]
}
resource "aws_cloudformation_stack_set" "ENABLE-AWS-CONFIG-MULTI-ACCOUNT-MULTI-REGION" {
name = "ENABLE-AWS-CONFIG-MULTI-ACCOUNT-MULTI-REGION"
capabilities = ["CAPABILITY_IAM"]
permission_model = "SERVICE_MANAGED"
operation_preferences {
region_concurrency_type = "PARALLEL"
max_concurrent_count = 100
failure_tolerance_count = 999
}
parameters = {
Frequency = "6hours"
AllSupported = "true"
DeliveryChannelName = "<Generated>"
IncludeGlobalResourceTypes = "true"
NotificationEmail = "<None>"
ResourceTypes = "<All>"
"TopicArn" = "<New Topic>"
}
template_body = data.local_file.aws-config-stackset.content
auto_deployment {
enabled = true
retain_stacks_on_account_removal = false
}
timeouts {}
}
resource "aws_cloudformation_stack_set_instance" "ENABLE-AWS-CONFIG-MULTI-ACCOUNT-MULTI-REGION-INSTANCE" {
stack_set_name = aws_cloudformation_stack_set.ENABLE-AWS-CONFIG-MULTI-ACCOUNT-MULTI-REGION.name
deployment_targets {
organizational_unit_ids = [
"ou-something"
]
}
for_each = toset(local.aws_regions)
region = each.value
}
Steps to Reproduce
Deploying the stackset. It would not respect the failure tolerance value.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No response
Community Note
Voting for Prioritization
- Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
- Please see our prioritization guide for information on how we prioritize.
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
- If you are interested in working on this issue, please leave a comment.
- If this would be your first contribution, please review the contribution guide.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I was experiencing some issues with this as well, but after some investigation I noticed that the operation_preferences argument can be set on both the aws_cloudformation_stack_set_instance and aws_cloudformation_stack_set resource types.
On the aws_cloudformation_stack_set_instance it applies to any modifications to the deployment targets (OUs, accounts, regions)
On the aws_cloudformation_stack_set it applies to any modifications to the stack (template, parameters, tags)
When applied to both resources types it works for me as expected. Perhaps this is not a bug but just a confusing implementation?
@JorisBoelen-TomTom : to me it is doesn't apply it on the stack set level either. It is like the whole operation_preferences gets ignored. See my comment on: https://github.com/hashicorp/terraform-provider-aws/issues/30806#issuecomment-1535460672
I believe this is an issue with the AWS UI. After manually adjusting the tolerance count in the UI to 100, repeating the process shows a default of 1 again.
