Closed wi1dcard closed 4 years ago
Do you use the latest Terraform? And which api did you use?
Do you use the latest Terraform? And which api did you use?
Hi @wenzuochao ! Yes, I'm using the latest version of Terraform (Docker image hashicorp/terraform:light
with digest hashicorp/terraform@sha256:691e2f368183a1886b50fd7da16b4511f5ac914ff6b7c748a87a37e84b898c50
).
I'm trying to use the AssumeRole API, this is my terraform configuration:
provider "alicloud" {
region = "cn-hongkong"
access_key = var.alicloud_access_key
secret_key = var.alicloud_secret_key
assume_role {
role_arn = "..."
}
}
# Omitted ...
Here is the output with the region is cn-hongkong
:
Error: [SDK.TimeoutError] The request timed out 4 times(4 for retry), perhaps we should have the threshold raised a little? Connect timeout. Please set a valid ConnectTimeout.
caused by:
Post "https://sts.aliyuncs.com/?AccessKeyId=[MASKED]&Action=AssumeRole&...&Version=2015-04-01": dial tcp 106.11.172.8:443: i/o timeout
However, I believe that's an issue with the default endpoints definition in the SDK instead of Terraform or the AssumeRole API. After I manually override the API address, it now works on servers located in the US:
provider "alicloud" {
region = "cn-hongkong"
access_key = var.alicloud_access_key
secret_key = var.alicloud_secret_key
assume_role {
role_arn = "..."
}
endpoints {
sts = "sts.cn-hongkong.aliyuncs.com"
}
}
Why we didn't set the endpoints as the STS API official documentation described? Thank you!
I got it. I have solved the problem in the latest sdk and the next version of terraform will fix the problem.
I got it. I have solved the problem in the latest sdk and the next version of terraform will fix the problem.
Thank you so much for the prompt response! I'll check it out once it gets released.
While I was using the Terraform alicloud provider and run
terraform plan
on servers located in the US, it seems quite easy to reach the timeout of invoking STS APIs.I understand that might be an issue of the internet specifically in China. Therefore, I tried to change the default region to
cn-hongkong
which should also change the endpoint of STS tosts.cn-hongkong.aliyuncs.com
, but the error message showed that it was still callingsts.aliyuncs.com
.Looking into the terraform provider, the endpoints per region seem defined here in this SDK and several regions are using the same endpoint instead of specific ones: https://github.com/aliyun/alibaba-cloud-sdk-go/blob/e4e1cdd659a3e0f4bec8b027fb601e22a196d55b/services/sts/endpoint.go#L12-L46
So my question is: is this something that is intentional? Or it's just a mistake that should have been fixed?