Azure Terraform Network security group getting deleted

0
votes

I have a azure Terraform code trying to create azure resources includes Vnet,subnet, NSG's. My target azure configuration already having the VNET, subnet and NSG's created. bbut after making some of the changes terraform build fails as it tries to delelte "network security group" I am wondering the reason why it tries to delete ":Network Security Group". Please suggest what could be the root cause it tries to delete Network Security Group?

Error: Error deleting Network Security Group "xxxxxxx685558856875" (Resource Group "common-8856875"): network.SecurityGroupsClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="InUseNetworkSecurityGroupCannotBeDeleted" Message="Network security group.

Below is my code for NSG.

resource "azurerm_virtual_network" "virtual_network" {
  name                = "has-virtual-network-${var.location_namespace}"
  resource_group_name = var.common_rg_name
  address_space       = ["xx.x.x.x/x1"]
  location            = var.location
}

resource "azurerm_subnet" "subnet" {
  name                      = var.location_namespace
  resource_group_name       = var.common_rg_name
  virtual_network_name      = azurerm_virtual_network.virtual_network.name
  address_prefix            = "xx.x.x.x/x2"
  network_security_group_id = azurerm_network_security_group.network_security_group.id
  service_endpoints = [
    "Microsoft.KeyVault",
    "Microsoft.AzureCosmosDB",
    "Microsoft.Sql",
    "Microsoft.Storage"
  ]
}

resource "azurerm_network_security_group" "network_security_group" {
  name                = var.location_namespace
  location            = var.location
  resource_group_name = var.common_rg_name
}

resource "azurerm_subnet_network_security_group_association" "subnet_network_security_group_association" {
  subnet_id                 = azurerm_subnet.subnet.id
  network_security_group_id = azurerm_network_security_group.network_security_group.id
}
1
azure-functionsterraformterraform-provider-azure
name change, perhaps?4c74356b41
What is the existing NSG's name? Is it the same with the one which you want to create through Terraform?Charles Xu
What does the plan look like when trying to delete the security group?ydaetskcoR
Able to fix the issue. the root cause was for some reason two resources have a different address but the same id=. Just ran terraform state rm on those two entries. terraform state rm module.central_network.azurerm_network_security_group.network_security_group_appgwsubnet terraform state rm module.east_network.azurerm_network_security_group.network_security_group_appgwsubnet. This fixed the issue. Surprised with this, somehow the azure terraform provider allowed this to happen.Srinivas Bandaru
If you solve the problem, please add an answer to display the solution.Charles Xu

1 Answers

0
votes

Able to fix the issue. the root cause was for some reason two resources have a different address but the same id=. Just ran terraform state rm on those two entries. terraform state rm module.central_network.azurerm_network_security_group.network_security_group_appgwsubnet terraform state rm module.east_network.azurerm_network_security_group.network_security_group_appgwsubnet. This fixed the issue. Surprised with this, somehow the azure terraform provider allowed this to happen.