search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.74k stars 9.1k forks source link

Issue with Terraform Updating Security Group #118

Open hashibot opened 7 years ago

hashibot commented 7 years ago

This issue was originally opened by @thegranddesign as hashicorp/terraform#5902. It was migrated here as part of the provider split. The original body of the issue is below.

    Terraform Version: 0.6.15
    Resource ID: aws_security_group_rule.allow_ssh_in
    Mismatch reason: diff: Destroy; old: false, new: true
    Diff One (usually from plan): *terraform.InstanceDiff{Attributes:map[string]*terraform.ResourceAttrDiff{"cidr_blocks.#":*terraform.ResourceAttrDiff{Old:"1", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}}, Destroy:false, DestroyTainted:false}
    Diff Two (usually from apply): *terraform.InstanceDiff{Attributes:map[string]*terraform.ResourceAttrDiff{"cidr_blocks.0":*terraform.ResourceAttrDiff{Old:"10.0.0.136/32", New:"10.0.0.131/32", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Type:0x0}, "to_port":*terraform.ResourceAttrDiff{Old:"512", New:"512", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "security_group_id":*terraform.ResourceAttrDiff{Old:"sg-2447355b", New:"sg-2447355b", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "from_port":*terraform.ResourceAttrDiff{Old:"512", New:"512", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "cidr_blocks.#":*terraform.ResourceAttrDiff{Old:"1", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "type":*terraform.ResourceAttrDiff{Old:"ingress", New:"ingress", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "protocol":*terraform.ResourceAttrDiff{Old:"tcp", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "source_security_group_id":*terraform.ResourceAttrDiff{Old:"", New:"", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}, "self":*terraform.ResourceAttrDiff{Old:"false", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Type:0x0}}, Destroy:true, DestroyTainted:false}
nmarchini commented 6 years ago

This issue still exists and is preventing me from destroying an RDS database and the subnets as per this issue that is closed

https://github.com/hashicorp/terraform/issues/5901

Is there any update on when this will be resolved?

ntman4real commented 6 years ago

has this even been resolved? I face the same issue.

tf v.0.11.1

github-actions[bot] commented 4 years ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

teranos commented 4 years ago

Also getting the 'already exists' error when updating in place. Does anyone have a workaround?

Plasma commented 3 years ago

I've just encountered this today -- changing the VPC on the RDS instance has caused terraform to want to remove the old now unused subnet, but its failing with the above error.

mttttest commented 3 years ago

Same error here when trying to delete RDS db, it tries to delete the db subnet first and fails with "cannot delete the subnet group because at least one database cluster is still using it".

dbrezack commented 3 years ago

Same issue when trying to switch-out subnets on an RDS

thegranddesign commented 3 years ago

Welp, we've crossed the five year mark on this issue. 🙄

nemethloci commented 3 years ago

Same here:

nathandaly commented 3 years ago

Snap...

Error: InvalidDBSubnetGroupStateFault: Cannot delete the subnet group 'db-default-20210728144848284500000005' because at least one database instance: db-default is still using it.
│   status code: 400, request id: 239ea9a4-2dc2-4638-a7a5-e24571922f90

It should either wait until the database(s) have been confirmed as deleted and then try and remove the subgroups. Maybe it's a depends_on thing?

Yannick-VC commented 2 years ago

I'm having the same issue as of now :/ cannot delete it.

themunendra commented 2 years ago

I got the same error. The problem is now 5 years old. I just heard that it started going to school.

kwit75 commented 2 years ago

Same error here

sousmangoosta commented 1 year ago

Can someone share a config that failing ?

brittandeyoung commented 1 year ago

@nemethloci would you provide the failing plan output and configuration?

From your description, it sounds like you need a create_before_destroy meta argument on your subnet group and/or subnet.

  lifecycle {
    create_before_destroy = true
  }

we will need a way to reproduce this error to troubleshoot.

pierremartinsbr commented 11 months ago

@nemethloci would you provide the failing plan output and configuration?

From your description, it sounds like you need a create_before_destroy meta argument on your subnet group and/or subnet.

  lifecycle {
    create_before_destroy = true
  }

we will need a way to reproduce this error to troubleshoot.

Hi everyone, I´m facing the same issue and try to add "create before destroy" argument and is not working. Does anyone have a glue about how to solve this issue?

pierremartinsbr commented 11 months ago

The issue is opened since 2017. Is kind of weird nobody is worring about..

pierremartinsbr commented 11 months ago

@hashibot i´m waiting for an answer.... Can anyone from Hashicorp interact with us?

brittandeyoung commented 11 months ago

@pierremartinsbr are you able to provide the configuration that you are using to reproduce the issue?

Without an example to reproduce, it is hard to know the issue you are running into. I would love to take a look at resolving this issue if I had a way to reproduce it.

neilscallywag commented 8 months ago

Any luck resolving this ?

pierremartinsbr commented 6 months ago

Hi @brittandeyoung you can find an example code at https://github.com/hashicorp/terraform/issues/5901. My code is the same as you have in this link mentioned by @bitemyapp.

brittandeyoung commented 6 months ago

Hi @brittandeyoung you can find an example code at hashicorp/terraform#5901. My code is the same as you have in this link mentioned by @bitemyapp.

@pierremartinsbr Is this the example you are referring to? https://github.com/hashicorp/terraform/issues/5901#issuecomment-204060759

And is the issue that you are unable to run a terraform destroy? or what is the issue you are running into? Posting your error would be very helpful as this linked issue is about RDS subnet groups, but the current issue is about security groups.

Please provide as much information as you can in order for me to be able to investigate.

caldempsey commented 1 month ago

Getting this issue. Only seems to happen to me when updating the database subnet groups. Had to remove the DB from the terraform plan to avoid the circular dependency, very annoying.