search

terraform-community-modules / tf_aws_elasticsearch

[DEPRECATED] Use https://github.com/terraform-aws-modules/terraform-aws-opensearch
MIT License
79 stars 97 forks source link

destroy fails when using resource in vpc_options security_group_ids #13

Closed fewkso closed 5 years ago

fewkso commented 6 years ago

Hi,

On terraform apply everything is fine but on destroy it fails with this error: * module.es.var.vpc_options: Resource 'aws_security_group.es_client_sg' does not have attribute 'id' for variable 'aws_security_group.es_client_sg.id'

Here's a simplified example:

data "aws_security_group" "default" {
  name   = "default"
  vpc_id = "${var.vpc_id}"
}

resource "aws_security_group" "es_client_sg" {
  name        = "es-client"
  description = "Allow client access to es endpoint"
  vpc_id      = "${var.vpc_id}"
}

module "es" {
  source      = "github.com/terraform-community-modules/tf_aws_elasticsearch?ref=v0.4.0"
  vpc_options = {
    subnet_ids = "${var.private_subnets}"
    security_group_ids = [
      "${data.aws_security_group.default.id}",
      "${aws_security_group.es_client_sg.id}",
    ]
  }
}

I wonder if the error is either caused by the module or by terraform 0.11.8 itself.

I tried many work arounds using intermediate data and/or vars but I wasn't able to make I work.

antonbabenko commented 5 years ago

Probably it is not related to the module, but it can be that security group is trying to be deleted before elasticsearch is gone.