Open gdavison opened 2 years ago
Ran into this issue. I had a Terraform configuration that was creating the aws_synthetics_canary/aws_iam_role/aws_iam_policy and I was running into the error below:
Error: error waiting for Synthetics Canary (XXXX) create: unexpected state 'ERROR', wanted target 'READY'. last error: CREATE_FAILED: The role defined for the function cannot be assumed by Lambda. (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: XXXXXXXX; Proxy: null)
I tried fixing it by adding this to the aws_synthetics_canary
resource:
depends_on = [aws_iam_policy.main, aws_iam_role.main, aws_iam_role_policy_attachment.main]
but it was still failing.
This solution ended up working for me https://github.com/hashicorp/terraform-provider-aws/issues/21394#issuecomment-977473431, but instead of depends_on = [resource.aws_iam_role.main]
I used depends_on = [aws_iam_role_policy_attachment.main]
Ran into this issue. I had a Terraform configuration that was creating the aws_synthetics_canary/aws_iam_role/aws_iam_policy and I was running into the error below:
Error: error waiting for Synthetics Canary (XXXX) create: unexpected state 'ERROR', wanted target 'READY'. last error: CREATE_FAILED: The role defined for the function cannot be assumed by Lambda. (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: XXXXXXXX; Proxy: null)
I tried fixing it by adding this to the
aws_synthetics_canary
resource:depends_on = [aws_iam_policy.main, aws_iam_role.main, aws_iam_role_policy_attachment.main]
but it was still failing.
This solution ended up working for me #21394 (comment), but instead of
depends_on = [resource.aws_iam_role.main]
I useddepends_on = [aws_iam_role_policy_attachment.main]
This workaround didn't work for me unfortunately, I was still occasionally seeing the error. In the end I added a 10 second sleep between creation of the role and policy and the aws_synthetics_canary
resource. I haven't been able to reproduce it since.
All acceptance tests for
aws_synthetics_canary
have a potential race condition when setting up the IAM Role. Theaws_synthetics_canary
must depend on theaws_iam_role_policy
as well as theaws_iam_role
to ensure the policy is attached to the role