Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_sns_platform_application: Still modifying... and fails after 50 minutes upon updating certificate #28925

Open
defigor opened this issue Jan 17, 2023 · 2 comments
Open

[Bug]: aws_sns_platform_application: Still modifying... and fails after 50 minutes upon updating certificate #28925

defigor opened this issue Jan 17, 2023 · 2 comments
Labels
bug Addresses a defect in current functionality. service/sns Issues and PRs that pertain to the sns service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.

Comments

@defigor
Copy link

defigor commented Jan 17, 2023
edited by justinretzolk
Loading

Terraform Core Version

1.3.3

AWS Provider Version

4.40.0

Affected Resource(s)

  • aws_sns_platform_application

Expected Behavior

When platform_credential and platform_principal updated using certificate-based authentication then the changes are deployed without issue.

Actual Behavior

The deployment fails after the long time:

module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application]
module.pinpoint.aws_pinpoint_apns_channel.pinpoint_apns_channel[0]: Modifying... [id=DF_ID]
module.pinpoint.aws_pinpoint_apns_channel.pinpoint_apns_channel[0]: Modifications complete after 1s [id=DF_ID]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 10s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 20s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 30s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 40s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 50s elapsed]
...
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 49m11s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 49m21s elapsed]
module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0]: Still modifying... [id=arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application, 49m31s elapsed]

│ Error: updating SNS Platform Application (arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application): InternalFailure: 
│ 	status code: 500, request id: REQUEST_ID
│ 
│   with module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0],
│   on SNS/sns_application/main.tf line 32, in resource "aws_sns_platform_application" "apns_application":
│   32: resource "aws_sns_platform_application" "apns_application" {
│

Relevant Error/Panic Output Snippet

│ Error: updating SNS Platform Application (arn:aws:sns:us-east-1:XXXX:app/APNS/apns_application): InternalFailure: 
│ 	status code: 500, request id: REQUEST_ID
│ 
│   with module.SNS.module.sns_application.aws_sns_platform_application.apns_application[0],
│   on SNS/sns_application/main.tf line 32, in resource "aws_sns_platform_application" "apns_application":
│   32: resource "aws_sns_platform_application" "apns_application" {
│

Terraform Configuration Files

Variables declarations:

variable "apns_key" {}

variable "apns_certificate" {}

variable "s3_bucket" {}

variable "flag_apns_sandbox" {
  type = bool
}

variable "flag_deploy_sns_application" {
  type = bool
}

Variables definitions:

s3_bucket                  = "some-bucket-with-certificates"
apns_key                    = "IOSCertificate/private.key"
apns_certificate            = "IOSCertificate/certificate.pem"
flag_apns_sandbox           = false
flag_deploy_sns_application = true

Code:

data "aws_s3_bucket_object" "apns_key" {
  count  = var.flag_deploy_sns_application ? 1 : 0
  bucket = var.s3_bucket
  key    = var.apns_key
}

data "aws_s3_bucket_object" "apns_certificate" {
  count  = var.flag_deploy_sns_application ? 1 : 0
  bucket = var.s3_bucket
  key    = var.apns_certificate
}

resource "aws_sns_platform_application" "apns_application" {
  count                        = var.flag_deploy_sns_application ? 1 : 0
  name                         = var.name_apns_application
  platform                     = var.flag_apns_sandbox ? "APNS_SANDBOX" : "APNS"
  platform_principal           = data.aws_s3_bucket_object.apns_key[count.index].body
  platform_credential          = data.aws_s3_bucket_object.apns_certificate[count.index].body
  success_feedback_sample_rate = 100
}

Steps to Reproduce

We had already deployed these certificates, but received an email that they will expire in 30 days, so we created new certificate via Apple Developer and uploaded new files (pem and key) into the existing s3 bucket and replaced the existing files.
Terraform plan shown that the aws_sns_platform_application would change, but upon the apply the error happened after 50 minutes.

Debug Output

No response

Panic Output

No response

Important Factoids

We also use Pinpoint APNS channel resource and use the same certificates during the deployment:

data "aws_s3_bucket_object" "apns_key" {
  count  = var.flag_deploy_sns_application ? 1 : 0
  bucket = var.s3_secret_bucket
  key    = var.apns_key
}

data "aws_s3_bucket_object" "apns_certificate" {
  count  = var.flag_deploy_sns_application ? 1 : 0
  bucket = var.s3_secret_bucket
  key    = var.apns_certificate
}

resource "aws_pinpoint_apns_channel" "pinpoint_apns_channel" {
  count          = var.flag_deploy_sns_application ? 1 : 0
  application_id = aws_pinpoint_app.pinpoint_app.application_id
  private_key    = data.aws_s3_bucket_object.apns_key[count.index].body
  certificate    = data.aws_s3_bucket_object.apns_certificate[count.index].body
}

And the Pinpoint APNS resource applied successfully:

module.pinpoint.aws_pinpoint_apns_channel.pinpoint_apns_channel[0]: Modifying... [id=DF_ID]
module.pinpoint.aws_pinpoint_apns_channel.pinpoint_apns_channel[0]: Modifications complete after 1s [id=DF_ID]

Also after this failure we run the plan/apply the second time and the plan didn't show that SNS application has changed and apply has finished successfully.

References

No response

Would you like to implement a fix?

None
@defigor defigor added bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. labels Jan 17, 2023
@github-actions github-actions bot added service/pinpoint Issues and PRs that pertain to the pinpoint service. service/s3 Issues and PRs that pertain to the s3 service. service/sns Issues and PRs that pertain to the sns service. labels Jan 17, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@defigor defigor mentioned this issue Jan 17, 2023
Open
@justinretzolk justinretzolk removed needs-triage Waiting for first response or review from a maintainer. service/s3 Issues and PRs that pertain to the s3 service. service/pinpoint Issues and PRs that pertain to the pinpoint service. labels Jan 17, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 7, 2025

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/sns Issues and PRs that pertain to the sns service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justinretzolk @defigor