Can not update from 1.11.1 to 1.12.0 because of a cyclic dependency. (Error: Cycle: )

[dgokcin]

Terraform Version & Prov:

AFT Version: 1.11.1

Terraform Version & Provider Versions Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

Terraform v1.7.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.42.0
+ provider registry.terraform.io/hashicorp/local v2.5.1
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1

terraform providers

.
└── module.aft
    ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    ├── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_code_repositories
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_account_request_framework
    │   ├── provider[registry.terraform.io/hashicorp/time]
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.aft_customizations
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_ssm_parameters
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── provider[registry.terraform.io/hashicorp/random]
    ├── module.packaging
    │   └── provider[registry.terraform.io/hashicorp/archive]
    ├── module.aft_account_provisioning_framework
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    ├── module.aft_backend
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
    ├── module.aft_feature_options
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
    ├── module.aft_lambda_layer
    │   ├── provider[registry.terraform.io/hashicorp/local]
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── provider[registry.terraform.io/hashicorp/random]
    └── module.aft_iam_roles
        ├── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
        ├── module.log_archive_service_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.aft_exec_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.aft_service_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.audit_exec_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.audit_service_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.ct_management_exec_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        ├── module.ct_management_service_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
        └── module.log_archive_exec_role
            └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0

Providers required by state:

    provider[registry.terraform.io/hashicorp/aws]

    provider[registry.terraform.io/hashicorp/local]

    provider[registry.terraform.io/hashicorp/time]

    provider[registry.terraform.io/hashicorp/archive]

    provider[registry.terraform.io/hashicorp/random]

Bug Description I am trying to update to the latest version for using the aft module without a vpc. Here is the error I got when I try updating the aft module and adding the new aft_enable_vpc = false

To Reproduce Steps to reproduce the behavior:

• Deploy AFT 11.1.1 with a basic config by using/examples/github+tf_oss as a reference
• Try updating the aft module version to 1.12.0
• Execute terraform plan

Expected behavior Module update to work without any problems.

Related Logs

│ Error: Cycle: module.aft.module.aft_account_request_framework.aws_subnet.aft_vpc_private_subnet_01[0] (destroy), module.aft.module.aft_account_request_framework.aws_security_group.aft_vpc_default_sg[0] (destroy), module.aft.module.aft_customizations.aws_codebuild_project.aft_global_customizations_terraform, module.aft.module.aft_lambda_layer.aws_cloudwatch_log_group.codebuild_trigger_loggroup (expand), module.aft.module.aft_lambda_layer.aws_cloudwatch_log_group.codebuild_trigger_loggroup, module.aft.module.aft_lambda_layer.aws_iam_role_policy.codebuild_trigger_policy (expand), module.aft.module.aft_lambda_layer.aws_iam_role_policy.codebuild_trigger_policy, module.aft.module.aft_customizations.aws_codebuild_project.aft_create_pipeline, module.aft.module.aft_code_repositories.aws_codebuild_project.account_provisioning_customizations_pipeline, module.aft.module.aft_code_repositories.aws_codebuild_project.account_request, module.aft.module.aft_customizations.aws_codebuild_project.aft_account_customizations_terraform, module.aft.module.aft_account_request_framework.aws_subnet.aft_vpc_private_subnet_02[0] (destroy), module.aft.module.aft_lambda_layer.aws_lambda_function.codebuild_invoker (destroy), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_audit_trigger (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_audit_trigger, module.aft.module.aft_feature_options.aws_lambda_function.aft_delete_default_vpc (expand), module.aft.module.aft_feature_options.aws_lambda_function.aft_delete_default_vpc, module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_get_pipeline_executions (expand), module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_get_pipeline_executions, module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_processor (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_processor, module.aft.module.aft_account_request_framework.aws_lambda_function.aft_controltower_event_logger (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_controltower_event_logger, module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_execute_pipeline (expand), module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_execute_pipeline, module.aft.module.aft_feature_options.aws_lambda_function.aft_enable_cloudtrail (expand), module.aft.module.aft_feature_options.aws_lambda_function.aft_enable_cloudtrail, module.aft.module.aft_customizations.var.aft_common_layer_arn (expand), module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_identify_targets (expand), module.aft.module.aft_customizations.aws_lambda_function.aft_customizations_identify_targets, module.aft.module.aft_account_request_framework.aws_lambda_function.aft_invoke_aft_account_provisioning_framework (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_invoke_aft_account_provisioning_framework, module.aft.module.aft_feature_options.var.aft_common_layer_arn (expand), module.aft.module.aft_feature_options.aws_lambda_function.aft_enroll_support (expand), module.aft.module.aft_feature_options.aws_lambda_function.aft_enroll_support, module.aft.module.aft_account_request_framework.aws_lambda_function.aft_cleanup_resources (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_cleanup_resources, module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_action_trigger (expand), module.aft.module.aft_account_request_framework.var.aft_common_layer_arn (expand), module.aft.module.aft_account_request_framework.aws_lambda_function.aft_account_request_action_trigger, module.aft.module.aft_customizations.aws_iam_role_policy.aft_invoke_customizations_sfn (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.account_metadata_ssm (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.account_metadata_ssm, module.aft.module.aft_account_provisioning_framework.aws_lambda_function.persist_metadata (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.persist_metadata, module.aft.module.aft_account_provisioning_framework.aws_lambda_function.tag_account (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.tag_account, module.aft.module.aft_lambda_layer.data.aws_lambda_invocation.trigger_codebuild_job (expand), module.aft.module.aft_lambda_layer.aws_codebuild_project.codebuild, module.aft.module.aft_lambda_layer.data.aws_lambda_invocation.trigger_codebuild_job, module.aft.module.aft_lambda_layer.aws_lambda_layer_version.layer_version (expand), module.aft.module.aft_lambda_layer.aws_lambda_layer_version.layer_version, module.aft.module.aft_lambda_layer.output.layer_version_arn (expand), module.aft.module.aft_account_provisioning_framework.var.aft_common_layer_arn (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.create_role (expand), module.aft.module.aft_account_provisioning_framework.aws_lambda_function.create_role, module.aft.module.aft_account_provisioning_framework.local.replacements_map (expand), module.aft.module.aft_account_provisioning_framework.aws_sfn_state_machine.aft_account_provisioning_framework_sfn (expand), module.aft.module.aft_account_provisioning_framework.output.state_machine_arn (expand), module.aft.module.aft_customizations.var.invoke_account_provisioning_sfn_arn (expand), module.aft.module.aft_customizations.aws_iam_role_policy.aft_invoke_customizations_sfn, module.aft.module.aft_lambda_layer.aws_lambda_layer_version.layer_version (destroy deposed 551613ba), module.aft.module.aft_account_request_framework.aws_vpc.aft_vpc[0] (destroy), module.aft.module.aft_lambda_layer.aws_lambda_function.codebuild_trigger

Additional context Add any other context about the problem here.

[dgokcin]

update: our aft version was not updated with the latest minor version so thats why my update was failing. The cyclic dependency disappeared after a minor version update.