Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_elb with a security group does not always successfully destroy #3758

Closed
bitglue opened this issue Nov 4, 2015 · 4 comments
Closed

aws_elb with a security group does not always successfully destroy #3758

bitglue opened this issue Nov 4, 2015 · 4 comments
Labels
bug provider/aws

Comments

@bitglue
Copy link

bitglue commented Nov 4, 2015

A configuration which creates a security group which is used by an ELB also created in the same configuration won't always destroy successfully.

When an ELB is destroyed, its network interfaces can take a while to go away (some minutes). And these network interfaces reference the security group, so the security group can't be deleted until the network interfaces are gone.

Sometimes this problem is masked since Terraform has started retrying anything that results in a DependencyViolation. But eventually this retry times out, and sometimes it times out before the ELB's network interfaces have gone away, and then you'll get an error like:

Error applying plan:

1 error(s) occurred:

* aws_security_group.www_elb: DependencyViolation: resource sg-1945f97f has a dependent object
        status code: 400, request id:
@rcha86
Copy link

rcha86 commented May 17, 2016
edited

I'm seeing the same issue but I don't think it is necessarily related to the ELB. My terraform script creates a security group but has no mention of the network interfaces. The network interfaces seem to be created automatically by the lambda associated with the security group. I think in both of these cases, AWS decides it needs to create network interfaces and attaches them to the security group for the resource that requires it. In my case, that is the lambda. In bitglue's case, it is the ELB. I say AWS decides because the network interface is not tied to an Instance, which I thought was required.

Seems like a hairy issue, but terraform might need to figure out when it is okay and when it is not okay to detach and delete the network interfaces attached to a security group.

@joeharrison714
Copy link

I am having this same issue. I cannot destroy because a network interface was automatically created behind the scenes and attached to a security group. Anyone have a workaround?

@acejam
Copy link

acejam commented Nov 10, 2016
edited

Any updates on this? I'm seeing the exact same issue as @bitglue.

@hashibot hashibot mentioned this issue Jun 13, 2017
Closed
@ghost
Copy link

ghost commented Apr 11, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@hashicorp hashicorp locked and limited conversation to collaborators Apr 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@catsby @bitglue @acejam @joeharrison714 @rcha86 @hashibot