From e7e8b00031eebbfc427a3a197443ae7a8d2fa466 Mon Sep 17 00:00:00 2001 From: Olivier Bourdon Date: Wed, 13 Nov 2019 15:31:18 +0100 Subject: [PATCH] Allow configurable timeout when reading security group rule When being throttled on AWS requests, read requests are the first ones to be throttled, and reading security group rules can take longer than 5m to complete. Transform the hard timeout of 5m with a configurable timeout to avoid this problem. Fixes part of #3128 --- internal/service/ec2/security_group_rule.go | 6 +++++- website/docs/r/security_group_rule.html.markdown | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/internal/service/ec2/security_group_rule.go b/internal/service/ec2/security_group_rule.go index ac74af0272c7..975ff6da4342 100644 --- a/internal/service/ec2/security_group_rule.go +++ b/internal/service/ec2/security_group_rule.go @@ -44,6 +44,10 @@ func ResourceSecurityGroupRule() *schema.Resource { SchemaVersion: 2, MigrateState: SecurityGroupRuleMigrateState, + Timeouts: &schema.ResourceTimeout{ + Read: schema.DefaultTimeout(5 * time.Minute), + }, + Schema: map[string]*schema.Schema{ "type": { Type: schema.TypeString, @@ -227,7 +231,7 @@ information and instructions for recovery. Error: %w`, sg_id, autherr) id := IPPermissionIDHash(sg_id, ruleType, perm) log.Printf("[DEBUG] Computed group rule ID %s", id) - err = resource.Retry(5*time.Minute, func() *resource.RetryError { + err = resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError { sg, err := FindSecurityGroupByID(conn, sg_id) if err != nil { diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown index 443d54ff4cc7..047be5026b13 100644 --- a/website/docs/r/security_group_rule.html.markdown +++ b/website/docs/r/security_group_rule.html.markdown @@ -90,6 +90,13 @@ In addition to all arguments above, the following attributes are exported: * `id` - ID of the security group rule. +## Timeouts + +`aws_security_group_rule` provides the following [Timeouts](/docs/configuration/resources.html#timeouts) +configuration options: + +- `read` - (Default `5 minutes`) How long to wait for reading a rsecurity group rule. + ## Import Security Group Rules can be imported using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (e.g., `cidr_block`) separated by underscores (`_`). All parts are required.