Because aws_acm_certificate is used by aws_lb_listener the aws_lb_listener should be updated first. Probably tasks could be ran in parallel.
Actual Behavior
aws_acm_certificate waits infinitly
until the certificate will be released.
module.private-cloud.aws_acm_certificate.ssl: Still destroying... [id=arn:aws:acm:us-west-2:315400321086:cert...e/29f561fb-3815-4b29-8a5f-64362fc85467, 1m30s elapsed]
module.private-cloud.aws_acm_certificate.ssl: Still destroying... [id=arn:aws:acm:us-west-2:315400321086:cert...e/29f561fb-3815-4b29-8a5f-64362fc85467, 1m40s elapsed]
module.private-cloud.aws_acm_certificate.ssl: Still destroying... [id=arn:aws:acm:us-west-2:315400321086:cert...e/29f561fb-3815-4b29-8a5f-64362fc85467, 1m50s elapsed]
Relevant Error/Panic Output Snippet
Original plan:
# module.private-cloud.aws_acm_certificate.ssl will be destroyed
# (because aws_acm_certificate.ssl is not in configuration)
- resource "aws_acm_certificate" "ssl" {
- arn = "arn:aws:acm:us-west-2:315400321086:certificate/29f561fb-3815-4b29-8a5f-64362fc85467" -> null
...
# module.private-cloud.aws_lb_listener.https will be updated in-place
~ resource "aws_lb_listener" "https" {
~ certificate_arn = "arn:aws:acm:us-west-2:315400321086:certificate/29f561fb-3815-4b29-8a5f-64362fc85467" -> "arn:aws:acm:us-west-2:315400321086:certificate/9dfc43e1-5f31-4732-bfaa-b5ee407fa8ae"
id = "arn:aws:elasticloadbalancing:us-west-2:315400321086:listener/app/nomad-public-www/07644a5a75f45170/fab30819bbf2558f"
tags = {}
# (6 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
To workaround the problem I did:
terraform plan --target module.private-cloud.aws_lb_listener.https
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.private-cloud.aws_lb_listener.https will be updated in-place
~ resource "aws_lb_listener" "https" {
~ certificate_arn = "arn:aws:acm:us-west-2:315400321086:certificate/29f561fb-3815-4b29-8a5f-64362fc85467" -> "arn:aws:acm:us-west-2:315400321086:certificate/b3d88460-6998-4e98-b3d7-5971a6569523"
id = "arn:aws:elasticloadbalancing:us-west-2:315400321086:listener/app/nomad-public-www/07644a5a75f45170/fab30819bbf2558f"
tags = {}
# (6 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
...
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
terraform plan
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# module.private-cloud.acme_certificate.ssl will be destroyed
# (because acme_certificate.ssl is not in configuration)
- resource "acme_certificate" "ssl" {
...
Plan: 0 to add, 0 to change, 1 to destroy.
...
Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
v1.9.7
AWS Provider Version
v5.67.0
Affected Resource(s)
Expected Behavior
Because aws_acm_certificate is used by aws_lb_listener the
aws_lb_listener
should be updated first. Probably tasks could be ran in parallel.Actual Behavior
aws_acm_certificate
waits infinitly until the certificate will be released.Relevant Error/Panic Output Snippet
To workaround the problem I did:
This took just seconds.
Terraform Configuration Files
Steps to Reproduce
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None