Skip to content

perf(apigateway): read the account singleton once per provider#6912

Draft
jasonrowsell wants to merge 3 commits into
anomalyco:devfrom
jasonrowsell:perf-apigateway-account-read-memo
Draft

perf(apigateway): read the account singleton once per provider#6912
jasonrowsell wants to merge 3 commits into
anomalyco:devfrom
jasonrowsell:perf-apigateway-account-read-memo

Conversation

@jasonrowsell

@jasonrowsell jasonrowsell commented Jun 12, 2026

Copy link
Copy Markdown

Stacked on #6911 — the first two commits are that PR; review just the last one.

Every ApiGatewayV1/ApiGatewayWebSocket registers its own Read of the API Gateway account, and Pulumi re-reads each from AWS on every up, diff, and refresh. The account is a per-provider singleton, so on an app with 35 gateways that's 40 identical AWS calls per deploy. Deduplicating them cut a no-change pulumi up from 35s to 22s on our largest app.

This memoizes the read per provider (lazy + Map, same pattern as useProvider):

  • Same provider → one shared read; dependsOn ordering for stages/log groups unchanged.
  • Multiple providers → one read each, with suffixed logical names so URNs stay unique.
  • Provider via providers (plural) or inheritance → unchanged: the read stays on the default provider, as today.
  • Existing stacks → the surplus reads are external Read resources, so they drop out of state on the next deploy with no AWS calls.
  • Fresh-account bootstrap from fix(apigateway): duplicate CloudWatch role URN on fresh accounts #6911 untouched — APIGatewayAccountSetup keeps its name, role singleton unchanged.

Added platform/test/components/apigateway-account.test.ts covering read identity per provider and URN uniqueness across providers. It deliberately skips the import "../../src/global.d.ts" line — that file runtime-imports @types/node, which breaks vitest collection in the suites that include it.

Since terraform-provider-aws v6, destroying aws_api_gateway_account resets cloudwatchRoleArn to null. The setup resource only exists in the program while the account has no role configured, so the cycle was: bootstrap sets the ARN, the next deploy drops the setup resource and the destroy resets the ARN, and the deploy after that bootstraps again with a fresh orphan role. Retaining the resource on delete keeps the account settings and converges after the first deploy.
@jasonrowsell jasonrowsell force-pushed the perf-apigateway-account-read-memo branch from a2dfb4a to 611315b Compare June 12, 2026 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant