[Enhancement]: aws_synthetics_canary resource: Add replace_security_groups_on_destroy & replacement_security_group_ids arguments from aws_lambda_function resource

[eloyred]

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request. If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

This is a feature request to add the "replace_security_groups_on_destroy" & "replacement_security_group_ids" arguments from the resource "aws_lambda_function" to the "aws_synthetics_canary" resource. AWS Synthetics Canary creates and runs a lambda to query website health. These arguments allow the security group association to be replaced before the lambda function is destroyed in order to speed up security group deletion times of AWS's internal cleanup operations.

Affected Resource(s) and/or Data Source(s)

aws_synthetics_canary https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/synthetics_canary

Potential Terraform Configuration

resource "aws_synthetics_canary" "example" {
  artifact_s3_location = "s3://destination-bucket/"
  execution_role_arn   = "arn:aws:iam::123456789012:role/example-role"
  handler              = "example.handler"
  name                 = "example"
  runtime_version      = "syn-nodejs-puppeteer-9.0"

  schedule {
    expression = "rate(10 minutes)"
  }

  delete_lambda                      = true
  replace_security_groups_on_destroy = true
  replacement_security_group_ids     = ["sg-12345678901234567"]
  zip_file                           = "example.zip"
}

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function

replace_security_groups_on_destroy - (Optional) Whether to replace the security groups on the function's VPC configuration prior to destruction. Removing these security group associations prior to function destruction can speed up security group deletion times of AWS's internal cleanup operations. By default, the security groups will be replaced with the default security group in the function's configured VPC. Set the replacement_security_group_ids attribute to use a custom list of security groups for replacement.

replacement_security_group_ids - (Optional) List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

This is a similar problem to https://github.com/hashicorp/terraform-provider-aws/issues/18089 - parameters from lambda_function resource that are not exposed in the aws_synthetics_canary resource

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.