Lambda function to show the list of accounts (teamgetEntitlement-main) times out when getting the account list

Question

Lambda function to show the list of accounts (teamgetEntitlement-main) times out when getting the account list

reidca opened this issue 7 months ago · 9 comments

We have about 120 accounts. Today I added an eligibility policy and an approval policy that covers most of these as an emergency cover in the event that admin work is needed on these accounts.

When I went to test the code the "loading accounts" message appeared but no accounts were ever retrieved.

Looking in the lambda function: teamgetEntitlement-main I see it has timed out:

2024-04-02T14:56:55.144+01:00 | 2024-04-02T13:56:55.143Z a011f366-147a-40f8-9a2e-f8b4406ec76a Task timed out after 120.03 seconds
Whilst I appreciate that for many users they will have much more tightly scoped policies, I cannot imagine it being a crazy thing to have 120 accounts that you could elevate to. I had selected two permission sets for each of these.

Either the code that works out the list of accounts in real-time needs to be optimised, or the system should pre-calculate the list of accounts and permissions sets then simply show these.

Answer 1 · 2024-04-02T16:55:29.000Z

@reidca I want to believe that the issue you have described is similar to #162 and has been resolved in the latest version. Let me know if this isnt the case.

Answer 2 · 2024-04-02T23:08:23.000Z

This issue does sound similar but we are running the latest version available as far as I know.

I should add that my eligibility policy was added using ous therefore extra code would have been needed to work out the accounts under the ous. Also, we have many ous that are quite nested.

Answer 3 · 2024-04-08T13:49:55.000Z

@reidca the backend logic for getting a user entitlement would have to transverse all the nested OUs and list out the child accounts. For a lot of OUs, this serial computatation can take a lot of time. In the interim I can increase the execution time out for the Lamda function. But in the long term we would have to work out a way to optimise the eligibility check.

Answer 4 · 2024-04-15T10:05:35.000Z

This is why I think doing batch calculations is a better approach. The OU and Account Structure and roles available is not something that changes very often. I imagine there are Event Bridge triggers when they do occur, or if not then a once a day calculation with the ability to trigger it manually could work. Then the UI simply has to fetch this instead of trying to work it our dynamically.

Answer 5 · 2024-05-07T17:10:45.000Z

Having same issue with 180+ accounts and several Permissions sets. OU loads fine but accounts and PS fail and go blank.

Answer 6 · 2024-07-06T18:05:59.000Z

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed.

Answer 7 · 2024-07-10T17:42:13.000Z

@reidca, could you not just increase the timeout on the lambda from the current 2 minutes manually as a temporary workaround?

Answer 8 · 2024-09-08T21:05:40.000Z

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 7 days it will automatically be closed.

Answer 9 · 2024-09-16T09:34:12.000Z

I see this like many other of my issues has been closed without any assignment etc. I really would of hoped that the maintainers would have either closed it themselves or added it to a backlog. It is pretty discouraging if issues are raised which are then simply lost. cc @tawoyinfa