Bug: Support Level RP runs into AWS Organizations API Limits

[aaronosb]

I would like to be able to use the Community::Support::SupportLevel resource provider to set all accounts in my org's support level, but if your organization includes more than a handful of accounts then you will run into CREATE_FAILED errors like the following:

Note that this is the org master account, and previous support cases succeeded before this one hit. Looks like it could use some retry with backoff logic here https://github.com/org-formation/aws-resource-providers/blob/8f4afe2c319c4cb64430e844fc72f9c6899f1f10/support/support-level/src/handlers.ts#L35

Additional Context: The task I am looking to be able to run is the following.

AWSTemplateFormatVersion: "2010-09-09-OC"
OrganizationBindings:
  ManagementBinding:
    Account: !Ref MasterAccount
    IncludeMasterAccount: true
  
  SupportBinding:
    Account: "*"

Resources:
  SupportLevel:
    Type: Community::Support::SupportLevel
    OrganizationBinding: !Ref ManagementBinding
    ForeachAccount: !Ref SupportBinding
    Properties:
      AccountId: !Sub "${CurrentAccount.AccountId}"
      SupportLevel: 'enterprise'

[OlafConijn]

published a fix to: s3://community-resource-provider-catalog/community-support-supportlevel-0.3.0.zip (details in the PR)

[aaronosb]

Nice, worked like a charm. Thanks for the help @OlafConijn

[aaronosb]

Spoke too soon, new annoying AWS limit "Resource handler returned message: "You have exceeded your limit of 10 cases per hour." (RequestToken: 3db10518-06ca-44ce-dc71-0e4ae6cdb3aa, HandlerErrorCode: InternalFailure)". I will look into seeing if this is a limit that can be raised, otherwise will need to try and manually apply the generated template with the --disable-rollback flag set a number of times until it has been caught up

[OlafConijn]

yes, for this we need to return something like "throttled". for 100 accounts this would, however, take 10 hours? 😬

I'll give this some thought tomorrow. thanks for letting me know!