Error destroying internet gateway. Error waiting for internet gateway to detach: couldn't find resource

[danshao]

I have less than 125 resources but am receiving this error.

Referencing Issue 3350

* aws_internet_gateway.cnm_gw: Error waiting for internet gateway (igw-df15dabb) to detach: couldn't find resource

The only references to the gateway are in the aws_route_table resource.

resource "aws_internet_gateway" "cnm_gw" {
    vpc_id = "${aws_vpc.main.id}"
    tags {
        Name = "${var.proj_name}-${var.env_name}_gateway"
    }
    depends_on = ["aws_vpc.main"]
}

resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.cnm_gw.id}"
  }
  tags {
    Name = "${var.proj_name}-${var.env_name}_public"
  }
  depends_on = ["aws_internet_gateway.cnm_gw"]
}

[toddrosner]

Hey @danshao,

Try adding the gateway dependency depends_on = ["aws_internet_gateway.cnm_gw"] to all of your instance resources, as well as any launch configurations if you have them.

[catsby]

Hey @danshao – as @toddrosner mentioned, you should explicitly use a depends_on in any instances you may be referencing this gateway from.

Do you by chance have a config that reproduces this error? Your error message is suspicious, couldn't find resource suggests the internet gateway is does not exist in the console, can you confirm that?

[catsby]

sorry, didn't mean to close

[danshao]

I forgot to mention that running terraform destroy again successfully destroys all the resources.

@toddrosner I've updated my launch configuration to depend_on the internet gateway resource. Upon running terraform destroy, I now get a lifecycle issue.

Error creating plan: 1 error(s) occurred:

* Cycle: aws_launch_configuration.cnm_alc, aws_autoscaling_group.cnm_asg, aws_launch_configuration.cnm_alc (destroy), aws_internet_gateway.cnm_gw (destroy), aws_internet_gateway.cnm_gw

This is my configuration for my launch configuration and my autoscaling group.

resource "aws_launch_configuration" "cnm_alc" {
  name = "${var.proj_name}-${var.env_name}_lc"
  image_id = "${var.aws_ami}"
  instance_type = "${var.instance_type}"
  key_name = "${var.ssh_key_name}"
  security_groups = ["${aws_security_group.web.id}"]
  iam_instance_profile = "${aws_iam_instance_profile.ec2_profile.id}"
  root_block_device {
    volume_type = "gp2"
    volume_size = "20"
  }
  lifecycle {
      create_before_destroy = true
  }
  depends_on = ["aws_internet_gateway.cnm_gw"]
}

resource "aws_autoscaling_group" "cnm_asg" {
  availability_zones = ["${var.availability_zone_b}"]
  name = "${var.proj_name}-${var.env_name}_asg"
  max_size = 1
  min_size = 1
  health_check_grace_period = 300
  health_check_type = "ELB"
  desired_capacity = 1
  force_delete = false
  vpc_zone_identifier = ["${aws_subnet.web-1.id}"]
  launch_configuration = "${aws_launch_configuration.cnm_alc.name}"
  load_balancers = ["${aws_elb.cnm_elb.name}"]
  tag {
    key = "${var.proj_name}"
    value = "${var.env_name}"
    propagate_at_launch = true
  }
  depends_on = ["aws_launch_configuration.cnm_alc"]
}

[toddrosner]

@danshao is the lifecycle issue a result of having create_before_destroy = true? What happens if you comment that line, then run the destroy?

[danshao]

@toddrosner I added create_before_destroy = true to the launch configuration because without that line in the launch configuration, it was causing issues deleting the AutoScaling group upon running terraform destroy. My reference is found here

[toddrosner]

@danshao the lifecycle is definitely required if you need to update the user data, then re-apply the plan. However, when you destroy the stack, Terraform will be instructed to create a new launch config before it destroys the launch config, thus creating a cycle (this is by design from AWS and not actually Terraform).

If you comment the create_before_destroy = true line prior to destroying the stack, are you able to successfully destroy it?

[danshao]

@toddrosner Since I have no intentions of updating the user data and reapplying the plan, I opted to remove the lifecycle create_before_destroy statement in the launch configuration.

A few runs of terraform apply and terraform destroy seems to yield no issues at the moment! :)

[andrejs-sisojevs]

Hi, I have same issue with dependency on aws_internet_gateway.
My project layout is separated into modules:

• module defining VPC

...
resource "aws_internet_gateway" "vpc_gw" {
    vpc_id = "${aws_vpc.vpc.id}"
}
...

• module defining subsystem Nr1 in this VPC

resource "aws_instance" "subsystem1_vmA" {
    depends_on = ["aws_internet_gateway.vpc_gw"]
    ...
}

• module defining subsystem Nr2 in this VPC

resource "aws_instance" "subsystem2_vmA" {
    depends_on = ["aws_internet_gateway.vpc_gw"]
    ...
}

It deploys fine without those depends_on, but fails to destroy.
With those depends_on it fails to deploy:

* aws_instance.subsystem1_vmA: resource depends on non-existent resource 'aws_internet_gateway.vpc_gw'

Is there a way to solve that, other than getting rid of modules, and placing all their contents in one folder?

[queglay]

I have the same issue. if you use an aws_internet_gateway, and have an openvpn instance in another module, the gateway will never destroy if aws_route is used between a vpc/aws_internet_gateway and openvpn instance. the only way to destroy is to manually destroy the openvpn instance. It seems clear that the instance should be destroyed first before the gateway, but this does not occur.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.