search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.84k stars 9.19k forks source link

[Bug]: Image Builder Recipe Can't be Deleted because of Dependent Image Pipeline Resource #39985

Closed sophiecosgrove closed 1 week ago

sophiecosgrove commented 2 weeks ago

Terraform Core Version

1.9.8

AWS Provider Version

5.74.0

Affected Resource(s)

aws_imagebuilder_image_recipe, aws_imagebuilder_image_pipeline

Expected Behavior

Image recipe is expected to be deleted and recreated to facilitate component change.

Actual Behavior

Image recipe can't be deleted because of an update in 5.74.0 which allows the image pipeline to be updated in place: https://github.com/hashicorp/terraform-provider-aws/pull/39117 producing a dependency error. Previously the image pipeline would have been deleted and recreated, followed by the same for recipe and component, as per the order here: https://docs.aws.amazon.com/imagebuilder/latest/userguide/delete-resources.html. However now the pipeline is being updated in place it means that it's dependent on the recipe so the recipe can't be recreated.

Relevant Error/Panic Output Snippet

Error: deleting Image Builder Image Recipe (arn:aws:imagebuilder:xxx): operation error imagebuilder: DeleteImageRecipe, https response error StatusCode: 400, ResourceDependencyException: Resource dependency error: The resource ARN 'arn:aws:imagebuilder:xxx' has other resources depended on it.

Terraform Configuration Files

N/A

Steps to Reproduce

Create an image pipeline with attached recipe and component. Change component to cause a recreation of the recipe.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 2 weeks ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

justinretzolk commented 1 week ago

Hey @sophiecosgrove πŸ‘‹ Thank you for taking the time to raise this! This seems like an appropriate time to use replace_triggered_by in order to force replacement of the appropriate resource(s). Since the API allows for the image_recipe_arn to be updated, the provider should respect that behavior (hence the change in the PR that you linked to), but replace_triggered_by should help in your case. Can you give that approach a try and see if that resolves your issue?

p24-max commented 1 week ago

Hey @sophiecosgrove πŸ‘‹ Thank you for taking the time to raise this! This seems like an appropriate time to use replace_triggered_by in order to force replacement of the appropriate resource(s). Since the API allows for the image_recipe_arn to be updated, the provider should respect that behavior (hence the change in the PR that you linked to), but replace_triggered_by should help in your case. Can you give that approach a try and see if that resolves your issue?

I had the same issue, this worked for me, thank you!

sophiecosgrove commented 1 week ago

Hi, that has worked for me as well. Thanks

github-actions[bot] commented 1 week ago

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

sjoukedv commented 4 days ago

Making sure the pipeline (the thing that depends on the recipe) is destroyed before deleting (due to recreation) the recipe works for me;

resource "aws_imagebuilder_image_pipeline" "main" {
  ...
  lifecycle {
    replace_triggered_by = [
      aws_imagebuilder_image_recipe.main
    ]
  }
}

resource "aws_imagebuilder_image_recipe" "main" {
  ...
  parent_image = "ami-xxx" # <-- forces replacement (with same version)
}