AWS subnet deletion doesn't account for an ELB's network interface and gives a meaningless error

[hashibot]

This issue was originally opened by @randomvoids as hashicorp/terraform#13296. It was migrated here as part of the provider split. The original body of the issue is below.

---

I attempted to modify the cidr block of a aws_subnet which requires the deletion/re-creation of the subnet. Within terraform I also had an aws_elb defined that attached a network interface to that subnet. When running 'terraform apply' the command timed out with

* aws_subnet.public_az1 (destroy): 1 error(s) occurred:

* aws_subnet.public_az1: Error deleting subnet: timeout while waiting for state to become 'destroyed' (last state: 'pending', timeout: 5m0s)

When running it in the AWS console it will immediately come back with:

The following subnets contain one or more network interfaces, and cannot be deleted until those network interfaces have been deleted.

Terraform should catch and immediately return that error instead of just timing out after 5 minutes with a generic error. This should also be detected during the plan stage.

That and/or handle the cascading deletions required to fully delete a subnet.

I'm using Terraform v0.9.2

[awilkins]

See also #151 - agree that ELB dependencies on subnets don't appear to be treated as such for the purpose of dependency graph construction.

[robertoandrade]

I'm also seeing this happen with EFS attachments to the ENIs associated with the subnets. It doesn't seem to try to destroy the EFS file systems in order to release the ENIs to then be able to destroy the subnet.

[fstephany]

I also face this issue after reducing the count number of aws_subnet. Terraform get stuck.

module.app.aws_subnet.public[0]: Still destroying... [id=subnet-0e4550ce89d3c4588, 20m0s elapsed]
Error: Error deleting subnet: timeout while waiting for state to become 'destroyed' (last state: 'pending', timeout: 20m0s)

If I try to manually destroy the subnet in the console, it says that the subnet still has network interface attached to it.

I do not have a clue how to solve this without fiddling in the console (and thus messing the tfstate).

[radeksimko]

@robertoandrade EFS may need a separate issue as that may create ENIs with different lifecycle and naming conventions. We may be able to address that.

In regards to load balancers - these are being discussed in #151 where I also posted full repro case. I'm going to close this as duplicate in favour of #151 to keep discussion in one place. I hope you don't mind.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!