Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_network_acl: Correctly handle missing associations for deleted subnets #4118

Closed
ewbankkit opened this issue Apr 8, 2018 · 4 comments · Fixed by #4119
Closed

r/aws_network_acl: Correctly handle missing associations for deleted subnets #4118

ewbankkit opened this issue Apr 8, 2018 · 4 comments · Fixed by #4119
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service.
Milestone
v1.14.1

Comments

@ewbankkit
Copy link
Contributor

Modifying a NACL to remove the association with a subnet that has been deleted I get the error:

* aws_network_acl.nacl: Failed to find acl association: acl acl-11111111 with subnet subnet-11111111: could not find association for subnet: subnet-11111111

My Terraform code is a nested set of modules but I can reproduce with this scenario (for which I have added an acceptance test):

Before

resource "aws_vpc" "foo" {
  cidr_block = "10.1.0.0/16"
  tags {
    Name = "terraform-testacc-network-acl-subnet-ids"
  }
}

resource "aws_subnet" "one" {
  cidr_block = "10.1.111.0/24"
  vpc_id = "${aws_vpc.foo.id}"
  tags {
    Name = "tf-acc-network-acl-subnet-ids-one"
  }
}

resource "aws_subnet" "two" {
  cidr_block = "10.1.1.0/24"
  vpc_id = "${aws_vpc.foo.id}"
  tags {
    Name = "tf-acc-network-acl-subnet-ids-two"
  }
}

resource "aws_network_acl" "bar" {
  vpc_id = "${aws_vpc.foo.id}"
  subnet_ids = ["${aws_subnet.one.id}", "${aws_subnet.two.id}"]
  tags {
    Name = "tf-acc-acl-subnet-ids"
  }
}

After

resource "aws_vpc" "foo" {
  cidr_block = "10.1.0.0/16"
  tags {
    Name = "terraform-testacc-network-acl-subnet-ids"
  }
}

resource "aws_subnet" "one" {
  cidr_block = "10.1.111.0/24"
  vpc_id = "${aws_vpc.foo.id}"
  tags {
    Name = "tf-acc-network-acl-subnet-ids-one"
  }
}

resource "aws_network_acl" "bar" {
  vpc_id = "${aws_vpc.foo.id}"
  subnet_ids = ["${aws_subnet.one.id}"]
  tags {
    Name = "tf-acc-acl-subnet-ids"
  }
}

terraform plan:


An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  ~ aws_network_acl.bar
      subnet_ids.#:          "2" => "1"
      subnet_ids.1707514343: "subnet-11111111" => "subnet-11111111"
      subnet_ids.2646811560: "subnet-22222222" => ""

  - aws_subnet.two


Plan: 0 to add, 1 to change, 1 to destroy.
@ewbankkit ewbankkit changed the title r/aws_network_acl: Correctly handle associations for deleted subnets r/aws_network_acl: Correctly handle missing associations for deleted subnets Apr 8, 2018
@ewbankkit
Copy link
Contributor Author

ewbankkit commented Apr 8, 2018
edited
Loading

The best way of handling NACL/Subnet Associations is via the new aws_network_acl_association resource suggested in #1034.

@ewbankkit ewbankkit mentioned this issue Apr 8, 2018
Merged
@bflad bflad added this to the v1.14.1 milestone Apr 9, 2018
@bflad bflad added bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. labels Apr 9, 2018
@bflad
Copy link
Contributor

bflad commented Apr 9, 2018

The fix has been merged and will release with v1.14.1 of the AWS provider, likely on Wednesday.

@bflad
Copy link
Contributor

bflad commented Apr 11, 2018

This has been released in version 1.14.1 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 6, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
v1.14.1
Development

Successfully merging a pull request may close this issue.

r/aws_network_acl: Fix NACL associations with deleted subnets ewbankkit/terraform-provider-aws
2 participants
@bflad @ewbankkit