provider/aws: Increase timeout for creating IAM role

[dtolnay]

I am seeing terraform apply fail with:

Error creating IAM Role my-role: timeout while waiting for state to become 'success'. last error: %!s()

(The message is fixed in #7732.)

All subsequent terraform applys fail with:

Error creating IAM Role my-role: EntityAlreadyExists: Role with name my-role already exists.

[dtolnay]

@stack72 is there anything I can do to move this along?

[radeksimko]

Hi @dtolnay
thanks for the PR.

I took some time to read through the git log and related issues to understand why we need the retry logic here in the 1st place, because I was pretty sure this is not the reason:

// IAM roles can take ~30 seconds to propagate in AWS:

Even though the statement is true on its own, it's not why we'd retry iam:CreateRole, this would be a reason for retrying creation of any resource that depends on this IAM Role (e.g. EC2 instance, ECS service, etc.).

The reason we retry iam:CreateRole here is because there may be other IAM resources, e.g. IAM Users referenced in the Role assume policy and these IAM Users take time to propagate.

IAM Role with assume policy that doesn't reference any other IAM resource should not require any retry (ain't saying we should put it away though).

It may all sound like nitpicking a 1-2 line comment, but I felt the need for explaining this as I was confused by that one. 😃
I will update the comment in a separate PR.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.