Terraform-provider-aws: Attempting to destroy a security group that can't be destroyed due to being attached to an instance, hangs instead of returns an error message
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
- Terraform v0.11.7
- provider.aws v1.19.0
- provider.null v1.0.0
Affected Resource(s)
- aws_security_group
Expected Behavior
Terraform should have reported that it can't delete the security group because it's currently used by an instance. This is the behavior if you try and delete a security group via console.
Actual Behavior
Terraform got stuck on attempting to delete the security group.
Steps to Reproduce
Create a security group via terraform. Attach the security group to an instance that's not in terraform. Attempt to destroy the security group via terraform.
paulcdejean
All 5 comments
This also happens if the security group is attached to an instance that IS in terraform, then a change that forces a new resource (e.g. security group description change) is made.
fonglh
on 16 Aug 2018
Looks like the resource graph doesn't account for attached resources when destroying a security group. I've had to manually decomission the resources that the SG is attached to first, then run the terraform apply again.
Is there not something we can add like depends_on = ... to the resources to update the order in which resources get destroyed?
sidewaiise
on 28 Feb 2019
this issue has been happening since 2016
https://github.com/hashicorp/terraform/issues/8772
Is there a reason why this is not addressed or is just a matter of time?
I just spent 4 hours trying to find out if I had to manage the ELB ENIs on Terraform too :(
carlosjgp
on 17 Apr 2020
I acknowledge that this is a dupe of https://github.com/terraform-providers/terraform-provider-aws/issues/265
paulcdejean
on 28 Apr 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 29 May 2020
Related issues
joelittlejohn
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
andywirv
·
3Comments
hashibot
·
3Comments
Most helpful comment
This also happens if the security group is attached to an instance that IS in terraform, then a change that forces a new resource (e.g. security group description change) is made.