aws_lambda_function - destroy still not removing ENI's consistently.

[stevegroner]

There is still an issue when deleting a Lambda with vpc_config. I have (2) Lambda functions with vpc_configs and one fails and one doesn't I am not sure why, but it seems to continue to be an issue.

Terraform Version

0.9.5

Affected Resource(s)

aws_lambda_function (with vpc_config)

Terraform Configuration Files

First Lambda Function

# Create the Lambda Function
resource "aws_lambda_function" "rds_db_mgmt" {
  description      = "${var.IC_PREFIX} Remote RDS Mgmt"
  filename         = "${var.IC_PACKAGE_PATH}\\${var.IC_PACKAGE_NAME}"
  function_name    = "${var.IC_PREFIX}-remote-rds-db-mgmt"
  timeout          = "300"
  role             = "${alks_iamrole.iam_rds_db_mgmt_service_role.arn}"
  handler          = "RdsDBManagement::RdsDBManagement.Functions::Get"
  runtime          = "dotnetcore1.0"
  source_code_hash = "${base64sha256(file("${var.IC_PACKAGE_PATH}\\${var.IC_PACKAGE_NAME}"))}"
  memory_size      = 512

  vpc_config {
    subnet_ids = ["${data.terraform_remote_state.sharedstate.intsubnets.0}","${data.terraform_remote_state.sharedstate.intsubnets.1}","${data.terraform_remote_state.sharedstate.intsubnets.2}"]
    security_group_ids = ["${data.terraform_remote_state.stacksecurity.EBSecurityGroupID}"]
  }

  environment {
    variables = {
      DatabaseConnection        = "Data Source={0},1433;Initial Catalog={1};User id=mydbadmin;password={removed for security"
    }
  }
}

2nd Lambda Function

# Create the Lambda Function
resource "aws_lambda_function" "rds_sql_metric" {
  description      = "${var.IC_PREFIX} Custom RDS SQL Metric"
  filename         = "${var.IC_PACKAGE_PATH}\\${var.IC_PACKAGE_NAME}"
  function_name    = "${var.IC_PREFIX}-rds-sql-metric"
  timeout          = "300"
  role             = "${alks_iamrole.iam_rds_sql_metric_service_role.arn}"
  handler          = "RdsHeartbeatCloudWatchMetric::RdsHeartbeatCloudWatchMetric.Function::FunctionHandler"
  runtime          = "dotnetcore1.0"
  source_code_hash = "${base64sha256(file("${var.IC_PACKAGE_PATH}\\${var.IC_PACKAGE_NAME}"))}"
  memory_size      = 512

  vpc_config {
    subnet_ids = ["${data.terraform_remote_state.sharedstate.intsubnets.0}","${data.terraform_remote_state.sharedstate.intsubnets.1}","${data.terraform_remote_state.sharedstate.intsubnets.2}"]
    security_group_ids = ["${data.terraform_remote_state.stacksecurity.EBSecurityGroupID}"]
  }

  environment {
    variables = {
      DatabaseList = "SQLDB1|SQLDB2|SQLDB3|SQLDB4|SQLDB5"
      RdsInstances = "${data.terraform_remote_state.rds_state.rds-instance-1}"
      DatabaseConnection = "Data Source={0},1433;Initial Catalog={1};User id={service account};password={removed for security}"
      Prefix = "${var.IC_PREFIX}"
    }
  }
}

Debug Output

Not Available

Panic Output

Not Available

Expected Behavior

When removing Lambda functions with vpc_config that the Lambda and any ENI's linked should be removed.

Actual Behavior

Inconsistent ENI removal. When the (2) lambdas above are removed 1 of the ENI's appears to be removed while the other doesn't.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply
2. execute lambda
3. terraform destroy

Important Factoids

When I started typing this, the ENI appeared as IN USE even the both Lambdas no longer existed. By the time I completed writing this, the ENI showed a available. Perhaps this is an issue with timing between removal of the Lambda and removal of the ENI.

The security group that is used in these ENI's comes from Elastic BeanStalk creation. In the vpc_config for these I add the EB Security group created when aws_elastic_beanstalk_env is used. So if the functionality to clean these up was added to aws_security_group delete that will not work for my scenario.

References

There was another issue reported as being fixed back in November but I do not think this issue is completely resolved.

• Lambda with vpc_config fails on destroy #12787
• provider/aws: Cleanup the Lambda ENI deletion fails on destroy (after update Terraform to v0.7.11) #10272
• provider/aws: Lambda function w/ vpc_config - destruction may fail #5767
• ISSUE-10272 Lets not look at the requestor id. #11849
• provider/aws: Cleanup the Lambda ENI deletion process a bit #8486

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.