AWS Native provider makes very slow progress on some resources

[EvanBoyle]

Sometimes the AWS Cloud Import program tries to call ReadResource on a block of resources that will consistently fail for one reason or another. For instance, some AWS APIs incorrectly return a retriable 500 where they should be returning a 404:

aws-native:codepipeline:CustomActionType (CodePipelineCustomActionTypeSourceECR1)
    error: operation error CloudControl: GetResource, exceeded maximum number of attempts, 25, https response error StatusCode: 500, RequestID: 187e2ae7-e806-4a1e-b066-a8a2d0df02ec, HandlerInternalFailureException: AWS::CodePipeline::CustomActionType Handler returned status FAILED: Service returned error code ResourceNotFoundException (Service: CodePipeline, Status Code: 400, Request ID: 7db95f1e-459a-4e10-b72a-1202226c2d82) (HandlerErrorCode: InternalFailure, RequestToken: 06f24548-b1fd-4773-bf6d-b4df00dd480e)

These errors are retried 25 times (necessary due to aggressive rate limiting of the Cloud Control API) which can take quite a long time with exponential backoff, and can cause the program to appear hung even though the pulumi engine is just tied up working on a block of resource reads that will never succeed.

Part of this fix for this might be pulumi/pulumi-aws-native#876

Until then we maintain a map specifying resources that are not safe to process due to buggy behavior:

pulumi-cloud-import/pulumi-cloud-import-aws/main.go

Lines 99 to 130 in 3e7514c

	var resourcesToSkip = map[string]bool{
	// 'Account is not registered as a publisher' error
	"aws-native:cloudformation:PublicTypeVersion": true,
	// error: resource 'AwsDataCatalog' does not exist
	"aws-native:athena:DataCatalog": true,
	// error: resource 'LOCKE' does not exist
	"aws-native:appflow:Connector": true,
	// name collison Duplicate resource URN 'efs:FileSystem::EFSFileSystemfs0dce0ba5'; try giving it a unique name
	"aws-native:efs:FileSystem": true,
	// FAILED: [RSLVR-00903] Cannot tag Auto Defined Rule.
	"aws-native:route53resolver:ResolverRule": true,
	// parameter ParameterGroupName is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters
	"aws-native:memorydb:ParameterGroup": true,
	// robomaker has been shut down
	"aws-native:robomaker:Fleet": true,
	"aws-native:robomaker:Robot": true,
	"aws-native:robomaker:RobotApplication": true,
	"aws-native:robomaker:RobotApplicationVersion": true,
	"aws-native:robomaker:SimulationApplication": true,
	"aws-native:robomaker:SimulationApplicationVersion": true,
	"aws-native:robomaker:SimulationJob": true,
	// returns 500 instead of 404
	"aws-native:codepipeline:CustomActionType": true,
	// returns consistent 500s
	"aws-native:ec2:PrefixList": true,
	// consistent 500s
	"aws-native:codepipeline:CustomActionType": true,
	// consistent 500s
	"aws-native:scheduler:ScheduleGroup": true,
	// consistent 500s
	"aws-native:scheduler:ScheduleGroup": true,
	}

When we encounter more resources that cause these slow updates due to exhaustive retries, we should add them to this list.

Related issue to make the list above configurable: #8

[EvanBoyle]

#12 would be very helpful in debugging this