Closed membra closed 2 years ago
mlevit
commented
2 years ago This is known behaviour. In dry run mode, I'm working out whether a resource can be deleted or not. In destroy mode I attempt to delete the resource and fail due to the resource being utilised by another resource.
membra
commented
2 years ago @mlevit thx for that - can I ask another question please,
What will happen if a cloudformation stack is not in whitelist and not falls under TTL but one of the resources inside it is in the whitelist?
mlevit
commented
2 years ago The Stack will be deleted and so will the resource.
membra
commented
2 years ago @mlevit
based on your initial answer to this thread - just an additional one - Is it possible / wouldn't it be better if after running Dry_run I could see the exact status of what is going to happen in the account in destroy mode? I mean In my rganization I am planning to report on what is going to be deleted / skipped during a run - and I effectively cannot do that with 100% guarantee as the states are reported differently
mlevit
commented
2 years ago @membra I understand where you're coming from but unfortunately, the dry run mode can only assume an action based on the rules. Once the app actually runs in destroy mode, it might encounter issues performing those actions.
It would be very hard to determine every single possibility.
Describe the bug When I run the tool in dry_run mode it marks a sg that is attached to an ec2 that is skipped due to TTL as DELETE When I run the tool in destroy mode it marks a sg that is attached to an ec2 that is skipped due to TTL as SKIP IN USE
To Reproduce Create an EC2 instance (with volume and SG attached by default) Run in dry run mode, run in destroy mode, compare logs
Expected behavior In both cases should be marked as SKIP in USE
Screenshots