-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Destroy is ignoring region from state file #15052
Comments
Hi @Alexhha 👋 Thank you for raising this and sorry you ran into trouble here. I'm presumptively going to mark this as a bug as we have seen similar previous reports and that the behavior is likely expected given the current design of the Terraform AWS Provider. It likely will not be easily solvable in the for this and all other resources in the near future. The region and AWS service endpoint configuration currently occurs during initialization of each provider instance, once per Terraform run. For starters, we would need to store the associated region in the Terraform state of each resource, which is not the case today, and the AWS Go SDK service initialization would need to be delayed until each individual resource invocation in Terraform's operation graph, which could cause logistical and performance issues even with some caching. It is also unclear upfront if other provider configuration would also need to be stored in the state as well, since endpoints and authentication behaviors can be customized. For now, it is probably best to assume this will not be fixed any time soon given its implementation complexity and since it tends to be a less common use case to pass in the region directly during each Terraform invocation rather than include it as part of a long-lived configuration (e.g. Terraform Cloud workspace variable, hardcoded Terraform configuration value, etc). An option to help ensure that region configuration remains correct across future Terraform invocations can be to create a root Terraform configuration that initializes the provider configurations in expected regions and passes those provider instances to modules (like the configuration outlined, without the provider "aws" {
alias = "euc1"
region = "eu-central-1"
}
provider "aws" {
alias = "usw1"
region = "us-west-1"
}
module "eu-central-1-instance" {
source = "./path/to/code/above"
disk_size = 15 # optional
providers {
aws = aws.euc1
}
}
module "us-west-1-instance" {
source = "./path/to/code/above"
disk_size = 15 # optional
providers {
aws = aws.usw1
}
} See the Terraform documentation section passing providers to modules for more information. Hope this helps. |
Good day, If it's really hard to implement - is it possible to add at least warning to |
@Alexhha most resources should include a That being said, those logs are generally non-visible unless you have logging enabled and something looking for those types of issues during a Terraform run. We recently just upgraded to the new Terraform Plugin SDK version 2 which will allow us to switch those logs to user interface warnings, but that will also requiring updating the resource implementations to new function signatures. We do not have a timeline to switch these over yet. I've created #15090 for tracking that effort. |
I think I understand the issue described above as affecting terraform's identification of state-referenced resources when switching regions. This can result in orphaned resources. Could this same issue cause terraform to terminate a resource that is not in its state? We had an incident recently and as best I can tell this is what happened:
The only way I can explain the above is if:
If this is what happened, then this issue seems much more dangerous than originally reported: it can cause incorrect destruction of resources rather than just losing track of them. Is this even possible, though? I would expect resource identifiers to be unique, and prevent terraform from ever thinking it owned something which it didn't.
|
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
Terraform Configuration Files
main.tf
variables.tf
Debug Output
Panic Output
Expected Behavior
All resources from state file should be deleted. Or at least some warning message should be printed
Actual Behavior
aws_instance resource is not deleted
Check state
Destroy the env with default region from variables.tf
Check state one more time
oops, aws_instance is not in the state and wasn't deleted. It is steel running. We can't delete it even with specific region
Steps to Reproduce
$ terraform apply -var 'region=us-west-1'
$ terraform destroy
Important Factoids
References
The text was updated successfully, but these errors were encountered: