Terraform: Destroying Security Groups Takes Forever with Attached SG

Created on 11 Sep 2016  ยท  5Comments  ยท  Source: hashicorp/terraform

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Terraform v0.7.3

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_security_group

Expected Behavior

Terraform should always update aws_instance security group attachments before trying to destroy an existing security group.

Actual Behavior

Terraform tried to destroy security groups that were attached to an instance. The apply ran for 5 minutes before timing out. Then, Terraform attempted to continue applying by creating new security groups, which failed because the old security groups still existed.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. Create a security group and attach it to an instance. Plan and apply.
  2. Change something so that sg gets recreated. (Taint that security group, perhaps?)
  3. Plan and apply.
bug provideaws
Source
picture kojiromike
👍4

Most helpful comment

I can confirm this behaviour. My plan says it's going to destroy and create the security group (because I wanted to rename it) and then alter the EC2 instance to use the new security group. It hangs at destroying the security group though.

picture siwyd on 28 Dec 2016
👍7

All 5 comments

I can confirm this behaviour. My plan says it's going to destroy and create the security group (because I wanted to rename it) and then alter the EC2 instance to use the new security group. It hangs at destroying the security group though.

siwyd picture siwyd on 28 Dec 2016
👍7

It's possible that some of the sgs I was experiencing this with were also referencing other sgs that were also supposed to be destroyed.

kojiromike picture kojiromike on 29 Dec 2016

That goes for me as well if I recall correctly. I had a security group for an SSH bastion server and a security group for private hosts that only allow incoming SSH from the SSH bastion security group.

siwyd picture siwyd on 29 Dec 2016

:+1: I get the same behaviour

mellowplace picture mellowplace on 22 Mar 2017

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 10 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ketzacoatl picture ketzacoatl  ยท  3Comments
rkulagowski picture rkulagowski  ยท  3Comments
shanmugakarna picture shanmugakarna  ยท  3Comments
pawelsawicz picture pawelsawicz  ยท  3Comments
c4milo picture c4milo  ยท  3Comments