removal of support for "the mutation of security groups associated with Lambda-created Hyperplane ENIs"

[ramimac]

hashicorp/terraform-provider-aws#31520

AWS Support ~May 22

For the issue “Client.OperationNotPermitted” error while attempting to update the Hyperplane ENI (Elastic Network Interface) created by Lambda. This occurred because you had enabled the replace_security_groups_on_destroy option when using the “destroy” command in Terraform. This option automatically updates the security groups associated with Lambda-created Hyperplane ENIs. However, we recently rolled out a change to prevent the mutation of security groups associated with Lambda-created Hyperplane ENIs because it causes mismatch between the security configuration of the Lambda function and the Hyperplane ENI which was created to serve traffic for it. This can lead to to unintended consequences such as the inability to find functions using a Hyperplane ENI, which makes it difficult to delete other dependent resources, such as VPCs.

~June 12

AWS has confirmed mutation of security groups on lambda ENI's is no longer permitted, and the change will not be rolled back. At this time they have recommended removing the logic and deprecating these attributes, which we'll be doing in the next minor release.