-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement]: Improve error message for: deleting Security Group (sg-0ec09a4fb869084b2): DependencyViolation: resource sg-0ec09a4fb869084b2 has a dependent object #32745
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
The tool which could help: https://github.com/mingbowan/sgdeps |
Hey @EugenKon 👋 Thank you for taking the time to raise this! Can you verify what version of Terraform and the AWS Provider you're using when experiencing this behavior? |
@justinretzolk I just installed terraform few days ago: $ terraform --version
Terraform v1.5.4
on darwin_amd64
UPD |
Another not meaningful error messages:
Should I here use
|
Hey @EugenKon 👋 Thank you for the additional information. I've got a few bits of information that might be helpful here, though unfortunately I'm not certain they'll solve everything you're looking for here. As far as the main issue with security group deletion, this is enough of an issue that we have a large section in the resource documentation covering some of the intricacies of this particular resource. I took a moment to re-read it, and found this particular line relevant:
This is an important callout due to the first sentence; we don't get a more descriptive error back, so surfacing a more helpful error is likely not possible at this time. Similarly, referencing the API documentation for As far as the warning on the deprecated |
@justinretzolk: Thank you for links So we know the source of problem. I could suggest to change a strategy a bit. Instead of a relay on AWS errors when terraform does API request to delete security group, it could make request to describe resources, eg.
And if there are dependency it could return meaningful error message or, even, delete/disassociate this sg itself. This couple of additional requests are significantly faster then a waiting 8-15mins. |
@EugenKon I definitely understand where you're coming from, but there's a couple of things that would prevent us from doing so. One of the tenants of our Provider Design Principles is that resources should represent a single API object. Doing so makes lowers the burden of maintainership by limiting the resource to a single underlying component, which in turn helps to keep the resource behavior consistent with what users would expect from the underlying API (and the related CLI functionality). Related, adding the calls that you mentioned could cause unexpected permissions errors that could lead to additional confusion. If the IAM role used to authenticate the AWS Provider in a given configuration was not scoped to allow describing network interfaces (or other potentially dependent resources), an error indicating such would be thrown. For some users, adding those additional permissions might not be acceptable, which would leave them unable to use the resource. If I've overlooked something, got something wrong, or if you have additional input, I'm more than happy to continue chatting about this! I absolutely agree that I'd love to see a more useful error output here; I'm just not sure that it's possible at the moment given what we've discussed so far. |
Description
https://www.youtube.com/watch?v=ZRhKcnEgAtc
Here is how error message shown by terraform:
Here the message how it was diplayed by AWS:
It would be nice, if terraform show meaning full message instead of just
status code: 400, request id: 1bcea930-ead8-48ec-91a9-cec6a5f9e896
Affected Resource(s) and/or Data Source(s)
Potential Terraform Configuration
References
Probably related to: #1671
https://repost.aws/knowledge-center/troubleshoot-delete-vpc-sg (scroll to The security group is associated with a network interface )
Would you like to implement a fix?
No
The text was updated successfully, but these errors were encountered: