Open lfventura opened 4 years ago
Just encountered this issue in v0.12.17
.
I had to manually remove the security group from the RDS instances and then run the terraform apply
again for it to destroy/replace them. However it didn't re-attach them to the RDS instances. I had to run it again for it t pick up that this also needed updating.
This occurs with security groups attached to aws_vpc_endpoint
resources, too.
This issue still exist with:
Terraform v0.12.24
provider.aws v2.53.0
Confirming this is still a problem in versions. In my case I have EC2 instances attached to the SG and it does not try to detach before destroying the SG.
Terraform v0.12.29
+ provider.aws v3.9.0
Same for load balancer attached security groups.
Renaming TF resource resource "aws_security_group" "this"
to resource "aws_security_group" "that"
makes TF stuck trying to destroy this
security group when it still is applied to application load balancer.
It happens as well to SGs attached through ASGs.
Also applies to VPC endpoint implicitly created by aws_transfer_server
resource.
I have the same issue with RDS and VPC SG. Running TF v1.1.9 & AWS v4.8.0
Similar issue with EC2 instance https://github.com/hashicorp/terraform/issues/8617. Does anyone have any workaround for disassociating security group first?
Getting this issue when leveraged the AWS provider RDS tf module.
I've tried the create_before_destroy option on the security group, you can see the RDS security_group_rule get updated but this doesn't not get applied to the rds cluster.
I am having to manually updated the attached security groups to a RDS instance for the new security group to be added
Please can we get an update on this please or has anyone found a non manual workaround for this please
Community Note
Terraform Version
Terraform v0.12.6
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
No Panic Output, just keeps trying to delete the SG indefinetely
Expected Behavior
The SG should be deleted after updating the RDS Cluster SGs
Actual Behavior
It tries to delete the SG before removing the SG from RDS Cluster
Steps to Reproduce
resource "aws_security_group" "this" { count = var.allowed_security_groups_count > 0 ? 1 : 0 name_prefix = "${var.name}-" vpc_id = var.vpc_id tags = var.tags }
variable "allowed_security_groups_count" { default = 1 }
variable "vpc_security_group_ids" { default = ["sg-aaaaaaaa"] }
resource "aws_rds_cluster" "this" { ... vpc_security_group_ids = var.allowed_security_groups_count > 0 ? concat([aws_security_group.this[0].id], var.vpc_security_group_ids) : var.vpc_security_group_ids ... }
resource "aws_security_group" "this" { count = var.allowed_security_groups_count > 0 ? 1 : 0 name_prefix = "${var.name}-" vpc_id = var.vpc_id tags = var.tags }
variable "allowed_security_groups_count" { default = 0 }
variable "vpc_security_group_ids" { default = ["sg-aaaaaaaa"] }