Troubleshooting timeouts when deploying Lacework to Azure with Terraform

Kate_M · ‎08-19-2024

Description

When deploying Lacework to an Azure environment using a module such as the activity-log module, an operator may encounter errors like the examples below:

Error: error creating AzureAlSeq integration:

│ [POST] https://companyname.lacework.net/api/v2/CloudAccounts

│ [400] Unable to validate the Azure integration, verify your configuration and queue url.

│

│ with module.az_activity_log.lacework_integration_azure_al.lacework,

│ on .terraform/modules/az_activity_log/main.tf line 192, in resource "lacework_integration_azure_al" "lacework":

│ 192: resource "lacework_integration_azure_al" "lacework" {

[400] Enter a valid Azure Cloud Subscription.

While these errors don’t mention timeouts, they can be a result of Azure-created infrastructure not being responsive in time for the checks performed by the Terraform apply command to succeed.

Scope

Lacework deployments to Azure environments using Lacework’s Terraform modules

Solution

Utilize the wait_time input of the module(s) in question in order to allow Azure to complete the resource creation.

Every Lacework module has a wait_time input, which has a default value but can be changed.

For instance, the activity-log module’s wait_time default is 50s, which can be increased if the above errors are encountered.

Steps:

Generate the terraform code using the associated Lacework CLI command
- For instance, lacework generate cloud-account azure in Lacework’s Azure Terraform documentation
Edit the generated terraform_code (main.tf) to override the wait_time default

For example, adding a wait_time input for the Azure Configuration module and Azure Activity Log module which overrides their respective 20 second and 50 second defaults:

module "az_config" {

source = "lacework/config/azure"

version = "~> 2.0"

all_subscriptions = true

application_id = module.az_ad_application.application_id

application_password = module.az_ad_application.application_password

service_principal_id = module.az_ad_application.service_principal_id

use_existing_ad_application = true

wait_time = "100s"

}

module "az_activity_log" {

source = "lacework/activity-log/azure"

version = "~> 2.0"

all_subscriptions = true

application_id = module.az_ad_application.application_id

application_password = module.az_ad_application.application_password

service_principal_id = module.az_ad_application.service_principal_id

use_existing_ad_application = true

wait_time = "100s"

}

In the output of terraform apply, this will show as:

# module.az_activity_log.time_sleep.wait_time will be updated in-place

~ resource "time_sleep" "wait_time" {

~ create_duration = "50s" -> "100s"

id = "2023-08-31T14:49:43Z"

# (1 unchanged attribute hidden)

}

# module.az_config.time_sleep.wait_time will be updated in-place

~ resource "time_sleep" "wait_time" {

~ create_duration = "20s" -> "100s"

id = "2023-08-31T14:49:09Z"

# (1 unchanged attribute hidden)

}

Troubleshooting timeouts when deploying Lacework to Azure with Terraform

You are leaving our website