'Why does Terraform's GCP google_project_iam_member resource take so long to deploy?
I have 15 google_project_iam_member resources being deployed in a single count loop on Terraform. It's taking around 8 minutes for each resource to deploy (running in parallel) and I think there's probably something wrong. No other resource takes that long. The code:
## This code converts the user_permissions map to the format [ {members = x, role = y}, ... ]
locals {
permissions = flatten([for group in var.user_permissions :
[for tuple in setproduct(group.emails, group.roles) : {
members = tuple[0],
roles = tuple[1]
}]])
}
resource "google_project_iam_member" "ib_admins_access" {
count = length(local.permissions)
project = var.project_id
role = "roles/${local.permissions[count.index].roles}"
member = local.permissions[count.index].members
}
And the user_permissions map is in the following format:
user_permissions = {
group_x = {
emails = [<emails>]
roles = [
<roles>
]
}
These 2 policies took 20+minutes. They were storage.objectAdmin and viewer for 2 different emails
module.iam.google_project_iam_member.ib_access_predefined_roles[6]: Still creating... [22m1s elapsed]
module.iam.google_project_iam_member.ib_access_predefined_roles[15]: Still creating... [22m1s elapsed]
I'm trying to construe a dictionary like above and have it deployed in an non-authoritative manner. I figured it has probably something to do with policy updating, like the policies are fighting each other. I thought about delaying or doing it sequentially but could not find resources or terraform commands to do that inside the loop. Is there a better way to do this? What is wrong with my code?
Solution 1:[1]
I was using WSL 2 and there is probably some problem with the internet connection there. When I changed to PowerShell, it ran much faster.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | andrecsq |