Open teajsshekokar opened 2 years ago
@teajsshekokar I am working on this problem, but I need more details from you.
Can you please send me the exact data with which you created the resource in Terraform?
I can't reproduce the problem, everything is fine when I run it, and there is no problem with your account logs.
@dolevh-d9 We are creating these resources. Let me know if you need more details
resource "dome9_cloudaccount_aws" "aws_ca" {
name = var.environment_name
credentials {
arn = "arn:aws:iam::${var.aws_account_id}:role/Dome9-Connect"
secret = var.dome9_external_id
type = "RoleBased"
}
organizational_unit_id = var.organizational_unit_id
}
resource "time_sleep" "wait_for_org_unit" {
depends_on = [dome9_cloudaccount_aws.aws_ca]
create_duration = "5m"
}
resource "dome9_attach_iam_safe" "this" {
depends_on = [time_sleep.wait_for_org_unit]
aws_cloud_account_id = dome9_cloudaccount_aws.aws_ca.id
aws_group_arn = "arn:aws:iam::${var.aws_account_id}:group/Dome9-Group-ARN"
aws_policy_arn = "arn:aws:iam::${var.aws_account_id}:policy/Dome9-Policy-ARN"
}
@teajsshekokar depends_on = [time_sleep.wait_for_org_unit] I think this line creates the problem. Where do you create the organizational_unit_id resource?
@teajsshekokar Try this:
resource "dome9_attach_iam_safe" "this" { aws_cloud_account_id = dome9_cloudaccount_aws.aws_ca.id aws_group_arn = "arn:aws:iam::${var.aws_account_id}:group/Dome9-Group-ARN" aws_policy_arn = "arn:aws:iam::${var.aws_account_id}:policy/Dome9-Policy-ARN" depends_on = [dome9_cloudaccount_aws.aws_ca] }
@teajsshekokar worked?
@dolevh-d9 Allow me to interrupt here, I had the same error message when did onboarding. The code I'm using is similar to your suggestion. But I can see both environment and IAM Safety are onboarded in the portal GUI. Any idea about the cause?
resource "dome9_attach_iam_safe" "self" {
count = var.connect_iam_safety == true ? 1 : 0
aws_cloud_account_id = dome9_cloudaccount_aws.my_test_dome9.id
aws_group_arn = aws_iam_group.CloudGuard-Restricted-Group[count.index].arn
aws_policy_arn = aws_iam_policy.CloudGuard-Restricted-Policy[count.index].arn
depends_on = [aws_iam_group_policy_attachment.this, dome9_cloudaccount_aws.my_test_dome9]
}
When creating the
dome9_attach_iam_safe
resource it fails with "context deadline exceed" error first time.We tried with some sleep as well. After retrying (re-plan and apply) it works.
D9 TF Provider Version: 1.28.0