In order to delete the public IP, disassociate/detach the Public IP address from the resource.

[mrak-]

• Terraform Version: 0.12.3
• OS Version:

Bug description: i create infrastructure, with public ip, now i want to remove public ip
when I change the value nb_public_ip = 1 to 0, I get this error:
Error: Error deleting Public IP "myvm-0-publicIP" (Resource Group "studytask"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/ecfde0ed-ec43-4761-a254-c9bff2890753/resourceGroups/studytask/providers/Microsoft.Network/publicIPAddresses/myvm-0-publicIP can not be deleted since it is still allocated to resource /subscriptions/ecfde0ed-ec43-4761-a254-c9bff2890753/resourceGroups/studytask/providers/Microsoft.Network/networkInterfaces/nic-myvm-0/ipConfigurations/ipconfig0. In order to delete the public IP, disassociate/detach the Public IP address from the resource. To learn how to do this, see aka.ms/deletepublicip." Details=[]

Steps to reproduce:

1. Create resource with public ip
2. Remove public ip

[waltherg]

Terraform version 0.12.5

I created an Azure kubernetes cluster and public IP for it with depends_on of the public IP pointing at the Azure kubernetes cluster resource.

Removing the depends_on statement in the public IP definition alleviated this issue and allowed me to destroy both resources (Azure kubernetes cluster and public IP address).

I need to run terraform destroy twice for this to succeed though: on the first run the AKS cluster is destroyed with the IP removal failing with the above error. On a second run the IP is removed.

[zodrog]

Same issue here (Azure kubernetes cluster resource). I don't have an implicit depends_on (the depends is through output variables on module definitions), but the issue is the same.
Destroying twice does not work for me.

Cheers

[zagr0]

Have same issue with Terraform v0.12.15 and terraform-provider-azurerm_v1.36.1_x4
when azr resources from module (instance, nic and public ip) are destroying terraform fails with dependency error:

module.azr1-p01-oxyaction.azurerm_virtual_machine.vm[0]: Still destroying... [id=/subscriptions/*****-...ute/virtualMachines/azr1-p01-oxyaction, 2m30s elapsed]
module.azr1-p01-oxyaction.azurerm_virtual_machine.vm[0]: Destruction complete after 2m32s

Error: Error deleting Network Interface "azr1-p01-oxyaction-nic" (Resource Group "sandbox"): network.InterfacesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="NicInUse" Message="Network Interface /subscriptions/*****/resourceGroups/sandbox/providers/Microsoft.Network/networkInterfaces/azr1-p01-oxyaction-nic is used by existing resource /subscriptions/*****/resourceGroups/sandbox/providers/Microsoft.Compute/virtualMachines/azr1-p01-oxyaction. In order to delete the network interface, it must be dissociated from the resource. To learn more, see aka.ms/deletenic." Details=[]

Error: Error deleting Public IP "azr1-p01-oxyaction-public-ip" (Resource Group "sandbox"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/*****/resourceGroups/sandbox/providers/Microsoft.Network/publicIPAddresses/azr1-p01-oxyaction-public-ip can not be deleted since it is still allocated to resource /subscriptions/*****/resourceGroups/sandbox/providers/Microsoft.Network/networkInterfaces/azr1-p01-oxyaction-nic/ipConfigurations/azr1-p01-oxyaction-nic. In order to delete the public IP, disassociate/detach the Public IP address from the resource.  To learn how to do this, see aka.ms/deletepublicip." Details=[]

retry finishes with success

[cschipper1]

same issue on the azure firewall

[rgl]

This also happens with terraform 0.12.23 and provider.azurerm v1.44.0 and repeating the destroy operation does not work.

[Bessonov]

Actually, not tested well, but it worked for the last 2 builds. We had the same issue with aks and public ip used for ingress in our automated apply/destroy test workflow. Because public ip must be in the same resource group like aks nodes (which is created by aks on the fly and can't be created through terraform), we are forced to have depens_on on aks.

In our observation the second run of destroy helps. But in our case it was enough to destroy ingress and wait for 30 seconds before run terraform destroy.

[yupwei68]

Hi @mrak- ,thanks for opening this issue. I'd like to encourage you to raise an issue in hashicorp to solve this.

[TechArtistG]

Would this be the same issue?: hashicorp/terraform#25993

[TechArtistG]

I get this error with a Public IP associated with a Gateway. Looks like there are several steps involved:
https://social.msdn.microsoft.com/Forums/azure/en-US/3f5dfb96-3731-4349-8283-a18fc2c1db2b/not-able-to-dissociate-and-delete-public-ip-address-from-application-gateway?forum=WAVirtualMachinesVirtualNetwork

"You would have to use PowerShell for that. This support is not available in portal. You will have to delete Rules, Listener (Remove-AzureRmApplicationGatewayRequestRoutingRule, Remove-AzureRmApplicationGatewayHttpListener in this order), which are associated with the frontend IP configuration and finally issue Remove-AzureRmApplicationGatewayFrontendIPConfig followed by Set-AzureRmApplicationGateway to achieve this."

[vanpelt]

The nuclear option is to just tell terraform to replace the resource that is attached to the public IP:

terraform apply -replace=azurerm_application_gateway.foo

[jpbuecken]

Hello,
this solution has one downfall. If you need to re-create your resource it is not possible.
In Azure the Resource ID is related to its name. A create-before-destroy will create a resource with the same name and id, but the current one still exists. So this will fail.

EDIT: A new design with a attachment resource similar to disks would be a more robust solution