Closed agentreno closed 6 years ago
This issue has been automatically migrated to terraform-providers/terraform-provider-aws#4295 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to terraform-providers/terraform-provider-aws#4295.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
When adding new EC2 security groups to an Elasticache security group, a new resource is forced. However, destroying the existing elasticache security group is not permitted because it remains associated with the cache:
I don't believe a new resource should be forced, since it is possible without a new resource in the AWS dashboard and potentially via the API using ModifyCacheCluster (not entirely sure if that is just Cache -> SG associations though rather than modifying existing SG). https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html
Something similar was raised in this solved ticket - it's possibly a regression? https://github.com/hashicorp/terraform/issues/2303
Reproduce using config below, or by cloning https://github.com/agentreno/terraform-elasticache-modify-issue and applying the config, then uncomment line 29, and run a plan and apply. Don't forget to destroy :)