[Bug]: terraform destroy failed with resources aws_ec2_traffic_mirror*

[x4team]

Terraform Core Version

1.5.3

AWS Provider Version

5.8.0

Affected Resource(s)

aws_ec2_traffic_mirror_filter aws_ec2_traffic_mirror_filter_rule aws_ec2_traffic_mirror_target aws_ec2_traffic_mirror_session

Expected Behavior

destroyed all aws_ec2_traffic resources

Actual Behavior

Resources are deleted sequentially, which leads to an error. Although sessions should be deleted initially, then the target, after that the filter rules and the filter itself are the last

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

# ---------------------
# VPC Traffic mirror
# ---------------------

resource "aws_ec2_traffic_mirror_filter" "filter" {
  description      = "${var.service_name}-${var.environment_name}"

  tags = {
    Service     = var.service_name
    Name        = "${var.service_name}-${var.environment_name}"
    Environment = var.environment_name
    Terraform   = "true"
  }
}

resource "aws_ec2_traffic_mirror_filter_rule" "rule" {
  for_each                 = {
    for key, value in {
      all_in  = { description = "ALL IN",  direction = "ingress" },
      all_out = { description = "ALL OUT", direction = "egress"  },
    } : key => value
  }
  description              = each.value.description
  traffic_mirror_filter_id = aws_ec2_traffic_mirror_filter.filter.id
  destination_cidr_block   = "0.0.0.0/0"
  source_cidr_block        = "0.0.0.0/0"
  rule_number              = 1
  rule_action              = "accept"
  traffic_direction        = each.value.direction
  protocol                 = 0
}

resource "aws_ec2_traffic_mirror_target" "target" {
  description          = "ENI Suricata"
  network_interface_id = module.suricata.primary_network_interface_id

  tags = {
    Service     = var.service_name
    Name        = "${var.service_name}-${var.environment_name}"
    Environment = var.environment_name
    Terraform   = "true"
  }
}

resource "aws_ec2_traffic_mirror_session" "session" {
  for_each = var.application_eni

  description              = "Session - ${each.key}"
  network_interface_id     = each.value
  session_number           = var.application_sessions[each.key]
  traffic_mirror_filter_id = aws_ec2_traffic_mirror_filter.filter.id
  traffic_mirror_target_id = aws_ec2_traffic_mirror_target.target.id

  tags = {
    Service     = var.service_name
    Name        = each.key
    Environment = var.environment_name
    Terraform   = "true"
  }
}

Steps to Reproduce

Create all traffic mirrors resources aws_ec2_traffic_mirror_filter aws_ec2_traffic_mirror_filter_rule aws_ec2_traffic_mirror_target aws_ec2_traffic_mirror_session

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @x4team 👋 Thank you for taking the time to raise this! Are you able to supply debug logs (redacted as needed) so that we have the necessary information to take a look into this?