on-destroy remote-exec provisioner can not be executed within an aws_cloudformation_stack resource

[AlexSH001]

I tried to upgrade the terraform from 0.12.12 to a newer one, currently it ls 0.13.1. And previously, it worked in a non_resource to clean up some addition infras when destroy, for which were not created by terraform. After upgrade, it told me that it was not allowed to refer some other resource when destroy, it should be within the particular resource. so I move it to the resource which provisioning a bastion that I need it to run the clean up script. but it failed with below errors:

I don't know whether an on-destroy provisioner cloud be used in a cloudformation stack resource or not?

Error: Invalid reference from destroy provisioner in resource "aws_cloudformation_stack" "bastion_stack": 24: private_key = file(var.ssh_private_key_file) Destroy-time provisioners and their connection configurations may only reference attributes of the related resource, via 'self', 'count.index', or 'each.key'. References to other resources during the destroy phase can cause dependency cycles and interact poorly with create_before_destroy.

resource "aws_cloudformation_stack" "bastion_stack" {
...
  provisioner "remote-exec" {
    when = destroy
    connection {
      type        = "ssh"
      user        = "centos"
      private_key = file(var.ssh_private_key_file)
      host        = self.outputs["BastionHostIP"]
      agent       = false
    }
    inline = [
      "./cleanup.sh",
    ]
}

[AlexSH001]

Hi, Can anyone help on this issue?

[milliams]

At the moment we do not support Terraform 0.13 due to this incompatible change they have made. If you want to use 0.13 then you should be able to remove that destroy provisioner but bear in mind that you will have to be more careful to make sure any running nodes are destroyed before destroying the cluster.