[Bug]: Replacing Subnet fails with attached ELB

[sparr]

Terraform Core Version

1.5.7

AWS Provider Version

5.61.0

Affected Resource(s)

• aws_subnet
• aws_lb
• aws_lb_target_group
• aws_lb_listener

Expected Behavior

Attempting to replace an aws_subnet should succeed, temporarily removing the aws_lb_listener rule (or the whole aws_lb_listener) referencing the aws_lb_target_group that is necessarily being replaced because the aws_lb is being replaced

Actual Behavior

Replacement failed because the old subnet could not be deleted because it has an attached network interface, which is attached to the load balancer, which has a listener with a rule pointed at a target group, and the target group fails to delete because the rule still exists.

Relevant Error/Panic Output Snippet

Error: deleting EC2 Subnet (subnet-045ac39231508215c): operation error EC2: DeleteSubnet, https response error StatusCode: 400, RequestID: 658416e1-fe04-4eab-8487-5d869a2a5935, api error DependencyViolation: The subnet 'subnet-045ac39231508215c' has dependencies and cannot be deleted.

Error: deleting ELBv2 Target Group (arn:aws:elasticloadbalancing:us-west-1:313784670514:targetgroup/stg-core-TargetGroup/c8e49fec8e1fd427): operation error Elastic Load Balancing v2: DeleteTargetGroup, https response error StatusCode: 400, RequestID: e9c5009d-dfb7-4ff2-832f-38859cc6cf7a, ResourceInUse: Target group 'arn:aws:elasticloadbalancing:us-west-1:313784670514:targetgroup/stg-core-TargetGroup/c8e49fec8e1fd427' is currently in use by a listener or a rule

Error: deleting Security Group (sg-0e507b03fd51ab260): operation error EC2: DeleteSecurityGroup, https response error StatusCode: 400, RequestID: 15a46fb8-aeab-4be5-bc9f-98bf7543ce0f, api error DependencyViolation: resource sg-0e507b03fd51ab260 has a dependent object

Error: deleting EC2 Internet Gateway Attachment (igw-0fdbc464a212ad612:vpc-020627a7116849609): detaching EC2 Internet Gateway (igw-0fdbc464a212ad612) from VPC (vpc-020627a7116849609): operation error EC2: DetachInternetGateway, https response error StatusCode: 400, RequestID: b8ac5e17-a296-4bb6-a08e-ada24b4c36f4, api error DependencyViolation: Network vpc-020627a7116849609 has some mapped public address(es). Please unmap those public address(es) before detaching the gateway

Terraform Configuration Files

I will try to produce a minimal test case when I can. I am still working on bypassing this problem.

Steps to Reproduce

I will try to produce a minimal test case when I can. I am still working on bypassing this problem.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[sparr]

I deleted the listener in question and tried to apply again. Again the subnet and sg and igw failed to delete. The sg still has the lb eni attached. I'm deleting the lb manually and trying again.

[sparr]

deleting the lb manually resolved the problem. I will attempt to come back later with a minimal reproduction test case.

[justinretzolk]

Hey @sparr 👋 Thank you for taking the time to raise this! Were you able to put together a minimal test case so that we could look at this a bit further?

[sparr]

I have not yet had time. This is still on my todo list.