作者:sl51866 | 来源:互联网 | 2023-09-09 03:11
This issue was originally opened by -n as hashicorp/terraform#6318. It was migrated here as part of the provider split. The original body of the issue is below.
Hi,
I'm currently seeing terraform tries to destroy a subnet that was used in ELB and fails. I think its because ENI interface that belongs to the subnet is still attached to ELB. The subnet itself is removed from ELB correctly via ASG routine.
Terraform Version
v0.6.14
Actual Behavior
When I remove a subnet from vars, terraform correctly removes it from ASG/ELB. But it hangs at the subnet destroying step.
Workaround is to manually detach ENI(s) that belong to subnet and delete it.
1
2
3
4
5
6
7
| aws_autoscaling_group.wp_asg: Refreshing state... (ID: wp-staging-qmlts6tb7fb3va6r3xe5glsie4-asg)
aws_subnet.blog_subnets.2: Refreshing state... (ID: subnet-c21543ff)
aws_subnet.blog_subnets.2: Destroying...
aws_subnet.blog_subnets.2: Destruction complete
Apply complete! Resources: 0 added, 0 changed, 1 destroyed. |
Steps to Reproduce
Create an ELB with ASG that uses few subnets. Remove 1 subnet.
Watch ASG/ELB gets updated properly, but terraform hangs on subnet termination. If I try to delete subnet manually in aws interface - it complaines about attached ENI.
1
2
3
4
| resource "aws_elb" "wp_elb" {
name = foo
subnets = ["${split(",", join(",", aws_subnet.app_subnets.*.id))}"]
} |
Could be related to hashicorp/terraform#934
该提问来源于开源项目:hashicorp/terraform-provider-aws
I managed to reliably reproduce this using the following config:
https://gist.github.com/radeksimko/4132453a6cf6edc3ccb61c8bbe31e076
As mentioned already this is triggered by deletion of a subnet which is associated with an LB.
Sadly though there doesn't seem to be anything we can realistically do from Terraform's perspective. Even if we got the ordering of operations right and managed to disassociate the subnet from LB before attempting to delete it, Amazon wouldn't let us detach these ENIs as they hold them until the LB is fully destroyed. You will get the following error when attempting to do so:
An error occurred (AuthFailure) when calling the DetachNetworkInterface operation: You do not have permission to access the specified resource.
I am not sure if this is by design. Perhaps we could get some explanation from the LB/EC2 teams?
京公网安备 11010802041100号