search

JDBraun / isolake

Isolake is a simple and specialized Databricks workspace deployment design on AWS that isolates users and workloads from the public internet, utilizing Unity Catalog and AWS PrivateLink as its foundational architectural components
https://medium.com/databricks-platform-sme/isolake-a-simplistic-deployment-design-to-an-isolated-databricks-lakehouse-on-aws-c0f98b5bbba0
Apache License 2.0
6 stars 1 forks source link

cannot create mws log delivery - race condition #1

Closed db-wenxin closed 11 months ago

db-wenxin commented 11 months ago

Got following error message when trying to deplopy the solution with providers:

Terraform v1.6.3
on darwin_arm64
+ provider registry.terraform.io/databricks/databricks v1.27.0
+ provider registry.terraform.io/hashicorp/aws v5.30.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/time v0.10.0

ERROR

│ Error: cannot create mws log delivery: Failed to perform putObject operations on s3Bucket:wx-isolake-dev-log-delivery with deliveryPathPrefix:audit-logs with the IAM Role:arn:aws:iam::332745928618:role/wx-isolake-dev-log-delivery provided. Please add all required s3 actions as mentioned in API docs to role policy of your IAM Role.
│ 
│   with module.isolake.module.audit.databricks_mws_log_delivery.audit_logs,
│   on modules/isolake/audit/audit_logs.tf line 24, in resource "databricks_mws_log_delivery" "audit_logs":
│   24: resource "databricks_mws_log_delivery" "audit_logs" {
│ 
╵

Issue : Racing condition between Databricks Audit Logs Configurations and storage credential resources.

Workaround:

  1. Re-run terraform apply command

Solution: Update depends_on for resource databricks_mws_log_delivery.audit_logs

JDBraun commented 11 months ago

closed in recent pr https://github.com/JDBraun/isolake/pull/2