From 559aa50a318d454e363df8d8aeaa9b2f8f96a3c8 Mon Sep 17 00:00:00 2001
From: Chris Marchesi <cmarchesi@paybyphone.com>
Date: Mon, 14 Dec 2015 10:42:08 -0800
Subject: [PATCH] Retry MalformedPolicy errors due to newly created principals

---
 .../providers/aws/resource_aws_s3_bucket.go   | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index ec57452022c9..22f3544ff105 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -5,7 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"time"
 
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -466,9 +468,24 @@ func resourceAwsS3BucketPolicyUpdate(s3conn *s3.S3, d *schema.ResourceData) erro
 	if policy != "" {
 		log.Printf("[DEBUG] S3 bucket: %s, put policy: %s", bucket, policy)
 
-		_, err := s3conn.PutBucketPolicy(&s3.PutBucketPolicyInput{
+		params := &s3.PutBucketPolicyInput{
 			Bucket: aws.String(bucket),
 			Policy: aws.String(policy),
+		}
+
+		err := resource.Retry(1*time.Minute, func() error {
+			if _, err := s3conn.PutBucketPolicy(params); err != nil {
+				if awserr, ok := err.(awserr.Error); ok {
+					if awserr.Code() == "MalformedPolicy" {
+						// Retryable
+						return awserr
+					}
+				}
+				// Not retryable
+				return resource.RetryError{Err: err}
+			}
+			// No error
+			return nil
 		})
 
 		if err != nil {