diff --git a/aws/resource_aws_iam_instance_profile.go b/aws/resource_aws_iam_instance_profile.go index 268322cdd5f..f98d8950bb2 100644 --- a/aws/resource_aws_iam_instance_profile.go +++ b/aws/resource_aws_iam_instance_profile.go @@ -174,6 +174,9 @@ func instanceProfileAddRole(iamconn *iam.IAM, profileName, roleName string) erro } return nil }) + if isResourceTimeoutError(err) { + _, err = iamconn.AddRoleToInstanceProfile(request) + } if err != nil { return fmt.Errorf("Error adding IAM Role %s to Instance Profile %s: %s", roleName, profileName, err) } diff --git a/aws/resource_aws_iam_policy.go b/aws/resource_aws_iam_policy.go index c6b153c8073..aaf1ca85b70 100644 --- a/aws/resource_aws_iam_policy.go +++ b/aws/resource_aws_iam_policy.go @@ -141,7 +141,9 @@ func resourceAwsIamPolicyRead(d *schema.ResourceData, meta interface{}) error { return nil }) - + if isResourceTimeoutError(err) { + getPolicyResponse, err = iamconn.GetPolicy(getPolicyRequest) + } if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { log.Printf("[WARN] IAM Policy (%s) not found, removing from state", d.Id()) d.SetId("") @@ -187,7 +189,9 @@ func resourceAwsIamPolicyRead(d *schema.ResourceData, meta interface{}) error { return nil }) - + if isResourceTimeoutError(err) { + getPolicyVersionResponse, err = iamconn.GetPolicyVersion(getPolicyVersionRequest) + } if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { log.Printf("[WARN] IAM Policy (%s) not found, removing from state", d.Id()) d.SetId("") diff --git a/aws/resource_aws_iam_policy_attachment.go b/aws/resource_aws_iam_policy_attachment.go index d8009017be5..d70b81644a1 100644 --- a/aws/resource_aws_iam_policy_attachment.go +++ b/aws/resource_aws_iam_policy_attachment.go @@ -4,12 +4,10 @@ import ( "fmt" "log" "strings" - "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" - "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" ) @@ -217,37 +215,28 @@ func attachPolicyToRoles(conn *iam.IAM, roles []*string, arn string) error { return err } - var attachmentErr = resource.Retry(2*time.Minute, func() *resource.RetryError { - - input := iam.ListRolePoliciesInput{ - RoleName: r, - } - - attachedPolicies, err := conn.ListRolePolicies(&input) - if err != nil { - return resource.NonRetryableError(err) - } - - if len(attachedPolicies.PolicyNames) > 0 { - var foundPolicy bool - for _, policyName := range attachedPolicies.PolicyNames { - if strings.HasSuffix(arn, *policyName) { - foundPolicy = true - break - } - } + input := iam.ListRolePoliciesInput{ + RoleName: r, + } + attachedPolicies, err := conn.ListRolePolicies(&input) + if err != nil { + return fmt.Errorf("Error listing role policies: %s", err) + } - if !foundPolicy { - return resource.NonRetryableError(err) + if len(attachedPolicies.PolicyNames) > 0 { + var foundPolicy bool + for _, policyName := range attachedPolicies.PolicyNames { + if strings.HasSuffix(arn, *policyName) { + foundPolicy = true + break } } - return nil - }) - - if attachmentErr != nil { - return attachmentErr + if !foundPolicy { + return fmt.Errorf("Error: Attached policy not found") + } } + } return nil } diff --git a/aws/resource_aws_iam_role.go b/aws/resource_aws_iam_role.go index 2b68cf41b34..c78fa8dd457 100644 --- a/aws/resource_aws_iam_role.go +++ b/aws/resource_aws_iam_role.go @@ -177,6 +177,9 @@ func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error { } return resource.NonRetryableError(err) }) + if isResourceTimeoutError(err) { + createResp, err = iamconn.CreateRole(request) + } if err != nil { return fmt.Errorf("Error creating IAM Role %s: %s", name, err) } @@ -362,7 +365,7 @@ func resourceAwsIamRoleDelete(d *schema.ResourceData, meta interface{}) error { } // IAM is eventually consistent and deletion of attached policies may take time - return resource.Retry(30*time.Second, func() *resource.RetryError { + err := resource.Retry(30*time.Second, func() *resource.RetryError { _, err := iamconn.DeleteRole(deleteRoleInput) if err != nil { if isAWSErr(err, iam.ErrCodeDeleteConflictException, "") { @@ -373,6 +376,13 @@ func resourceAwsIamRoleDelete(d *schema.ResourceData, meta interface{}) error { } return nil }) + if isResourceTimeoutError(err) { + _, err = iamconn.DeleteRole(deleteRoleInput) + } + if err != nil { + return fmt.Errorf("Error deleting IAM role: %s", err) + } + return nil } func deleteAwsIamRoleInstanceProfiles(conn *iam.IAM, rolename string) error { diff --git a/aws/resource_aws_iam_user.go b/aws/resource_aws_iam_user.go index 4f23ef8f12a..9430fc0d536 100644 --- a/aws/resource_aws_iam_user.go +++ b/aws/resource_aws_iam_user.go @@ -358,10 +358,11 @@ func deleteAwsIamUserMFADevices(svc *iam.IAM, username string) error { func deleteAwsIamUserLoginProfile(svc *iam.IAM, username string) error { var err error + input := &iam.DeleteLoginProfileInput{ + UserName: aws.String(username), + } err = resource.Retry(1*time.Minute, func() *resource.RetryError { - _, err = svc.DeleteLoginProfile(&iam.DeleteLoginProfileInput{ - UserName: aws.String(username), - }) + _, err = svc.DeleteLoginProfile(input) if err != nil { if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { return nil @@ -374,7 +375,9 @@ func deleteAwsIamUserLoginProfile(svc *iam.IAM, username string) error { } return nil }) - + if isResourceTimeoutError(err) { + _, err = svc.DeleteLoginProfile(input) + } if err != nil { return fmt.Errorf("Error deleting Account Login Profile: %s", err) }