Terraform is really bad at dealing with security groups and autoscaling groups. Particularly it doesn’t understand how to destroy security groups when they were previously linked with autoscaling groups. I’ve gotten two security groups which I no longer need into a ‘deposed’ state within Terraform and I’m not entirely sure what that means. Time to find some information!

Bsaed on issue 11459 on Terraform’s project it’s because it’s an object Terraform wants to destory but needs to create a new resource also. By modifying the security group descriptor Terraform is now intent on destorying the previous resource without checking to see if any the EC2 instances have luanched. In the future the best approach might be to version the security groups and only migrate after the cross over.

Time to figure out how to fill in the hole. Unforutnately this will need to be replicated in all three environments. First up is trying to build new resources with a different name.

So filing in the hole required manually deleting the state which was causing the underlying issues.