AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation)

[cybr-ajm]

Summary

AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation.

Steps to Reproduce

Use the v12.2.1 FullDeployment yaml to create a new environment with default settings.

Expected Results

CloudFormation template should complete fully and create all necessary resources.

Actual Results

CloudFormation template fails with errors such as:
The following resource(s) failed to create: [StorePasswordLambda, DeletePasswordLambda, RemovePermissionLambda]. Rollback requested by user.
Template error: IAM role pasoncloud-LambdaDeployRole-1TNJXSYRDHUMR doesn't exist
Template error: IAM role pasoncloud-LambdaRemovePermissionsRole-LPI7QK528XKR doesn't exist

Reproducible

• Always - Tried 6 times in a row with same error
• Sometimes
• Non-Reproducible

Version/Tag number

12.2.1 CFT

Environment setup

Fresh AWS account environment

Additional Information

When the CloudFormation template fails with those errors, I can go to IAM and see that the roles were perfectly created. I think the issue is that it can take IAM a few seconds to make the role fully available, but the CloudFormation template does not wait for this to occur and just attempts to immediately use the roles which causes it to fail if there is any delay in IAM.

[pelegor]

I can't manage to reproduce this issue, everything seems to work fine. Are you still having this issue? Have you tried using 12.2.3 version?

[cybr-ajm]

Hi – I think the issue was related to an unusual slowdown with the AWS API. It seemed to resolve itself – I think we can close out that issue. From: pelegor ***@***.***> Sent: Wednesday, January 5, 2022 6:27 AM To: cyberark/pas-on-cloud ***@***.***> Cc: Adam Markert ***@***.***>; Author ***@***.***> Subject: Re: [cyberark/pas-on-cloud] AWS CloudFormation templates do not wait for role creation to complete, resulting in errors on subsequent steps (e.g. Lambda function creation) (#289) CyberArk Security Warning: This email originated from outside of the organization. Do not click links or open attachments unless you verified the sender mail address and know the content is safe! I can't manage to reproduce this issue, everything seems to work fine. Are you still having this issue? Have you tried using 12.2.3 version? — Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/cyberark/pas-on-cloud/issues/289*issuecomment-1005603995__;Iw!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAIunXPRs$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/ANSVZWRMOTZKLFC4PKQG4M3UUQTHXANCNFSM5C3RVJMQ__;!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAwGoS7_U$>. Triage notifications on the go with GitHub Mobile for iOS<https://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKApANHFB0$> or Android<https://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!Pe07N362zA!i5W6FN08yYJefFydaQZ7lDqNfsWD-CA_zTXN3MyWgKn0a6TAJx6KJo-6lEKAArME6vo$>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>