EventSourceMapping has a race condition with IAM Policy?
sam-goodwin opened this issue · 2 comments
What happened?
When deploying without a re-mapped AWS::Lambda::EventSourceMapping, I encountered errors where the deployment would fail because the target Function did not have permissions to receive messages from the source SQS Queue. After re-mapping to a pulumi classic EventSourceMapping Resource, the problem seemed to go away.
Not sure if this is a consistency problem with IAM Policies, or whether there's a bug in the dependency chain when using the aws-native:EventSourceMapping
resource.
Expected Behavior
Dependencies should be traversed in order and Event Source Mappings should only be created once the target has permissions to read from the source.
Steps to reproduce
Create a SQS Queue and subscribe a Lambda Function to it. Deploy.
Output of pulumi about
CLI
Version 3.53.1
Go Version go1.19.5
Go Compiler gc
Plugins
NAME VERSION
aws 5.28.0
nodejs unknown
Host
OS darwin
Version 13.1
Arch arm64
This project is written in nodejs: executable='/Users/samgoodwin/.nvm/versions/node/v16.14.2/bin/node' version='v16.14.2'
Current Stack: sam-g/stock-bot/stock-bot
TYPE URN
pulumi:pulumi:Stack urn:pulumi:stock-bot::stock-bot::pulumi:pulumi:Stack::stock-bot-stock-bot
Found no pending operations associated with stock-bot
Backend
Name pulumi.com
URL https://app.pulumi.com/sam-g
User sam-g
Organizations sam-g
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Can you share a minimal repro that triggers this behavior? It sounds like there is a missing DependsOn
resource option which would ensure the right order of resource creates.
Pulumi creates resources concurrently. The EventSourceMapping might need a dependency relationship on the IAM policy.
Since we haven't heard back and we don't have a repro code, I'll go ahead and close this issue as stale. Please open a new issue if the problem still persists and provide the details for us to reproduce it. Thank you!