Terraform-provider-aws: aws_ec2_client_vpn_authorization_rule timeout after 1m0s
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
v0.12.24
Affected Resource(s)
- aws_ec2_client_vpn_authorization_rule
Terraform Configuration Files
resource "aws_ec2_client_vpn_authorization_rule" "custom" {
for_each = var.use_default_authZ_rules ? {} : var.authorization_rules
client_vpn_endpoint_id = aws_cloudformation_stack.client_vpn.outputs["clientVpnId"]
target_network_cidr = each.value.cidr
access_group_id = each.value.ad_group_id
}
Expected Behavior
The Terraform resource should include a timeouts argument or wait until the authorization rule moves to an "Active" state.
Actual Behavior
Error: error waiting for Client VPN authorization rule to be active: timeout while waiting for state to become 'active' (last state: 'authorizing', timeout: 1m0s)
Steps to Reproduce
terraform apply
Important Factoids
References
connor-tyndall
All 8 comments
@gdavison
connor-tyndall
on 13 Jul 2020
Also, when modifying an existing authorization rule, the resource times out as well... which requires a manual deletion and reapply.
Error: error revoking Client VPN authorization rule: timeout while waiting for resource to be gone (last state: 'revoking', timeout: 1m0s)
connor-tyndall
on 20 Jul 2020
Yup, seems like the timeouts are set too aggressively https://github.com/terraform-providers/terraform-provider-aws/pull/13950/files#diff-b2b7576ebf9812ff7aa5592444112309R76
If you hit this on create you can just wait a couple minutes then run again and use the failure message to import, easily
Acquiring state lock. This may take a few moments...
aws_ec2_client_vpn_authorization_rule.rules["10.15.64.0/20"]: Creating...
...
Error: error creating Client VPN authorization rule "cvpn-endpoint-02c5d0a60a,10.15.64.0/20": InvalidClientVpnDuplicateAuthorizationRule: Rule already exists
status code: 400, request id: 8cfe6767-fb69-4e21-8c72-ed94db76b16b
```bash
terraform import 'aws_ec2_client_vpn_authorization_rule.rules["10.15.64.0/20"]' cvpn-endpoint-02c5d0a60a,10.15.64.0/20
nijave
on 20 Aug 2020
@gdavison @bflad Any update on this? About 20% of authorization rules we create hit the 1 minute timeout. Can this be updated ASAP?
connor-tyndall
on 4 Sep 2020
That would be very helpful. Cannot use this resource in automation, it fails always, just by few seconds.
ChristophShyper
on 7 Sep 2020
The fix for this has been merged and will release with version 3.6.0 of the Terraform AWS Provider, later this week. Thanks to @connor-tyndall for the implementation. 👍
bflad
on 8 Sep 2020
This has been released in version 3.6.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 11 Sep 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
hashibot[bot]
on 8 Oct 2020
Related issues
hazmeister
·
3Comments
carmas
·
3Comments
blaltarriba
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
Most helpful comment
The fix for this has been merged and will release with version 3.6.0 of the Terraform AWS Provider, later this week. Thanks to @connor-tyndall for the implementation. 👍