Imported users are deleted if API fails (e.g. rate limiting)

Question

Imported users are deleted if API fails (e.g. rate limiting)

giantsystems opened this issue 5 years ago · 4 comments

We're seeing some of our instances remove all the IAM local users on one 10 minute check and then recreate them on the next 10 minute check. Obviously with new UIDs so any granted permissions are lost.

We suspect we've now deployed this on so many instances, that all check on the 10 minute mark, that we're likely hitting the documented API limits and when a call for users fails, they all get removed, rather than just ignored.

We're going to adjust our cron jobs to try and offset some updates but are there any options for increasing API limits on an account?

Answer 1 · 2020-03-03T11:58:01.000Z

#96 seems to fix this issue

are you using the latest version of the scripts?

Answer 2 · 2020-03-03T12:18:28.000Z

Jan 2019 was the last time I updated from the repo. Looks like #96 pre-dates that so should be included. Is there a version number anywhere I can check to confirm?

Answer 3 · 2020-03-03T21:45:21.000Z

I'm seeing the same issue as well. The script outputs the following and then deletes the users:
An error occurred (Throttling) when calling the GetGroup operation (reached max retries: 4): Rate exceeded

Answer 4 · 2020-03-03T21:48:27.000Z

And I did cksum against my version of the import_users.sh and the file I just pulled off the repo and they are the same. So, the currently available version of this file has the bug in it.