From 6db89f8f20a58ae5cfbab5541ff7e499ddf971b8 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Mon, 4 Apr 2022 10:34:29 -0400
Subject: [PATCH] feat: Add `create_before_destroy` lifecycle hook to security
 groups created (#1985)

---
 main.tf                                 | 4 ++++
 modules/eks-managed-node-group/main.tf  | 6 ++++++
 modules/self-managed-node-group/main.tf | 6 ++++++
 node_groups.tf                          | 4 ++++
 4 files changed, 20 insertions(+)

diff --git a/main.tf b/main.tf
index 31568d28ac..0e802d82f8 100644
--- a/main.tf
+++ b/main.tf
@@ -129,6 +129,10 @@ resource "aws_security_group" "cluster" {
     { "Name" = local.cluster_sg_name },
     var.cluster_security_group_tags
   )
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_security_group_rule" "cluster" {
diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf
index 774fcef378..b18335de20 100644
--- a/modules/eks-managed-node-group/main.tf
+++ b/modules/eks-managed-node-group/main.tf
@@ -372,6 +372,12 @@ resource "aws_security_group" "this" {
     { "Name" = local.security_group_name },
     var.security_group_tags
   )
+
+  # https://github.com/hashicorp/terraform-provider-aws/issues/2445
+  # https://github.com/hashicorp/terraform-provider-aws/issues/9692
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_security_group_rule" "this" {
diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf
index 6278cecf38..cb3c70db85 100644
--- a/modules/self-managed-node-group/main.tf
+++ b/modules/self-managed-node-group/main.tf
@@ -458,6 +458,12 @@ resource "aws_security_group" "this" {
     },
     var.security_group_tags
   )
+
+  # https://github.com/hashicorp/terraform-provider-aws/issues/2445
+  # https://github.com/hashicorp/terraform-provider-aws/issues/9692
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_security_group_rule" "this" {
diff --git a/node_groups.tf b/node_groups.tf
index 4d8e0d787a..09c3747e1d 100644
--- a/node_groups.tf
+++ b/node_groups.tf
@@ -161,6 +161,10 @@ resource "aws_security_group" "node" {
     },
     var.node_security_group_tags
   )
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_security_group_rule" "node" {