Terraform Deployment is Slow in Dev or Staging Tenants

Knowledge Articles
1

Overview

This article explains why Terraform deployments may be slower in development or staging tenants compared to production tenants when using the Auth0 Terraform Provider. This behavior is observed when deploying changes to different tenant environments.

Applies To

  • Terraform

Cause

Two main factors contribute to slower deployments in development and staging tenants:

  • A large number of entities managed by the Auth0 Terraform Provider.
  • Development and Staging tenants possess lower rate limits than Production tenants. This difference causes rate limit errors during deployment, prompting the Auth0 Terraform Provider to wait and retry requests, which extends the overall deployment time.

Solution

Slower deployment times are an expected behavior in development and staging tenants due to their inherently lower Auth0 rate limit policy. It is not possible to increase these rate limits for non-production tenants.

To improve deployment times, consider the following approaches:

  1. Reduce Managed Entities: Decrease the number of entities managed by the Auth0 Terraform Provider in the development and staging tenants. This action lessens the overall load and can significantly reduce deployment duration.
  2. Implement Rate Limiting Mitigation Strategies: Additional strategies can help mitigate rate limiting when using Terraform. The following principles are adapted from a Auth0 Terraform Provider GitHub issue comment:
  3. Use -parallelism=1: This setting reduces concurrency and helps serialize API calls, which is particularly useful when encountering rate limits.
  4. Break down large configurations: Divide extensive Terraform configurations into smaller, more manageable modules. This practice helps prevent large state refreshes or apply cycles that could overwhelm the Auth0 Management API.
  5. Introduce a Sleep Timer: If the measures above are not sufficient, introduce an artificial delay in the Terraform plan using the time_sleep resource. This method can help space out API requests. The time_sleep resource can be used as follows:
resource "time_sleep" "time_sleep" {
  create_duration = "3s"
}

resource "auth0_user" "user" {
  depends_on       = [time_sleep.time_sleep]
  connection_name  = "<connection name>"
  email            = "<email address>"
  email_verified   = true
  password         = "<password>"
}

This example introduces a 3-second delay before provisioning the auth0_user resource. Adjust the sleep duration based on the structure of the modules and where bottlenecks occur.

For further guidelines on optimizing Terraform API access, refer to Optimize Terraform access to Okta APIs. While this document is specific to the Okta product, much of the advice is broadly applicable to Auth0 deployments.