Closed ghost closed 4 years ago
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
This issue was originally opened by @agentreno as hashicorp/terraform#17907. It was migrated here as a result of the provider split. The original body of the issue is below.
When adding new EC2 security groups to an Elasticache security group, a new resource is forced. However, destroying the existing elasticache security group is not permitted because it remains associated with the cache:
I don't believe a new resource should be forced, since it is possible without a new resource in the AWS dashboard and potentially via the API using ModifyCacheCluster (not entirely sure if that is just Cache -> SG associations though rather than modifying existing SG). https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html
Something similar was raised in this solved ticket - it's possibly a regression? https://github.com/hashicorp/terraform/issues/2303
Reproduce using config below, or by cloning https://github.com/agentreno/terraform-elasticache-modify-issue and applying the config, then uncomment line 29, and run a plan and apply. Don't forget to destroy :)