Duplicate AWS PermissionSet retries 25 times and times out after an hour #5978
Description
Describe what happened
I tried to create a AWS SSO Permission Set that had the same name as another already-existing permset. This retried 25 times and timed out after an hour. Here is the (slightly abridged to remove irrelevant parts) Pulumi output:
pulumi -e up -s users -v 3
Previewing update (users):
Type Name Plan Info
pulumi:pulumi:Stack moria-users
+ ├─ aws:ssoadmin:PermissionSet root_ca_permission_set create
[snip]
Resources:
+ 6 to create
~ 1 to update
- 2 to delete
9 changes. 6 unchanged
Do you want to perform this update? yes
Updating (users):
Type Name Status Info
pulumi:pulumi:Stack moria-users **failed** 1 error
+ ├─ aws:ssoadmin:PermissionSet root_ca_permission_set **creating failed** 2 errors
[snip]
Diagnostics:
[snip]
aws:ssoadmin:PermissionSet (root_ca_permission_set):
error: sdk-v2/provider2.go:509: sdk.helper_schema: creating SSO Permission Set (admin): operation error SSO Admin: CreatePermissionSet, exceeded maximum number of attempts, 25, https response error StatusCode: 400, RequestID: 9d1d7990-dc2a-4118-968a-a981793eaec7, ConflictException: PermissionSet with name admin already exists.: [email protected]
error: 1 error occurred:
* creating SSO Permission Set (admin): operation error SSO Admin: CreatePermissionSet, exceeded maximum number of attempts, 25, https response error StatusCode: 400, RequestID: 9d1d7990-dc2a-4118-968a-a981793eaec7, ConflictException: PermissionSet with name admin already exists.
Resources:
~ 1 updated
6 unchanged
Duration: 54m50s
My expectation is that this would fail after the first bad request received, since this is never going to actually succeed.
Sample program
ssoadmin.PermissionSet(
"root_ca_permission_set",
instance_arn=aws_sso_instance_arn,
name="root_ca",
description="RootCA administrative access",
)
ssoadmin.PermissionSet(
"root_ca_permission_set_2",
instance_arn=aws_sso_instance_arn,
name="root_ca",
description="RootCA administrative access",
)
Log output
No response
Affected Resource(s)
ssoadmin.PermissionSet
Output of pulumi about
CLI
Version 3.199.0
Go Version go1.25.1 X:nodwarf5
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.75.0
language python 3.199.0
Host
OS arch
Version
Arch x86_64
This project is written in python: executable='/home/drmorr/.cache/pypoetry/virtualenvs/non-package-mode-Tqbn9QVC-py3.13/bin/python' version='3.13.2'
Current Stack: organization/moria/users
TYPE URN
pulumi:pulumi:Stack urn:pulumi:users::moria::pulumi:pulumi:Stack::moria-users
pulumi:providers:aws urn:pulumi:users::moria::pulumi:providers:aws::default_6_75_0
aws:iam/role:Role urn:pulumi:users::moria::aws:iam/role:Role::gandalf_role
aws:identitystore/user:User urn:pulumi:users::moria::aws:identitystore/user:User::ian
aws:identitystore/user:User urn:pulumi:users::moria::aws:identitystore/user:User::drmorr
aws:ssoadmin/permissionSet:PermissionSet urn:pulumi:users::moria::aws:ssoadmin/permissionSet:PermissionSet::admin_permission_set
aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment urn:pulumi:users::moria::aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment::read_only_policy
aws:ssoadmin/permissionSetInlinePolicy:PermissionSetInlinePolicy urn:pulumi:users::moria::aws:ssoadmin/permissionSetInlinePolicy:PermissionSetInlinePolicy::assume_gandalf_policy
aws:ssoadmin/accountAssignment:AccountAssignment urn:pulumi:users::moria::aws:ssoadmin/accountAssignment:AccountAssignment::drmorr_permissions
aws:ssoadmin/accountAssignment:AccountAssignment urn:pulumi:users::moria::aws:ssoadmin/accountAssignment:AccountAssignment::ian_permissions
Found no pending operations associated with users
Backend
Name acrl1
URL s3://acrl-moria-state?region=us-east-1
User drmorr
Organizations
Token type personal
Dependencies:
NAME VERSION
mypy 1.15.0
pulumi_aws 6.75.0
ruff 0.11.5
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).