fix: Add lifecycle rules to SG definitions to allow SG deletion (#94)

* added lifecycle parameters to security group rules * fix: Add lifecycle rules to SGs
wandb · Jun 22, 2023 · 3000b24 · 3000b24
1 parent 3c1b61f
commit 3000b24
Showing 1 changed file with 24 additions and 6 deletions.
diff --git a/modules/app_lb/main.tf b/modules/app_lb/main.tf
@@ -10,9 +10,10 @@ locals {
 // -> george.scott@wandb.com :: 2023-06-20
 ////////////////////////////////////////////////////////////////////////////////////////////
 resource "aws_security_group" "inbound_http" {
-  name        = "${var.namespace}-alb-inbound_http"
-  description = "Allow http traffic to wandb"
-  vpc_id      = var.network_id
+  name                   = "${var.namespace}-alb-inbound_http"
+  description            = "Allow http traffic to wandb"
+  revoke_rules_on_delete = true
+  vpc_id                 = var.network_id
 
   ingress {
     from_port        = local.http_port
@@ -22,12 +23,21 @@ resource "aws_security_group" "inbound_http" {
     cidr_blocks      = var.allowed_inbound_cidr
     ipv6_cidr_blocks = var.allowed_inbound_ipv6_cidr
   }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  timeouts {
+    delete = "3m"
+  }
 }
 
 resource "aws_security_group" "inbound_https" {
-  name        = "${var.namespace}-alb-inbound_https"
-  description = "Allow https traffic to wandb"
-  vpc_id      = var.network_id
+  name                   = "${var.namespace}-alb-inbound_https"
+  description            = "Allow https traffic to wandb"
+  revoke_rules_on_delete = true
+  vpc_id                 = var.network_id
 
   ingress {
     from_port        = local.https_port
@@ -37,6 +47,14 @@ resource "aws_security_group" "inbound_https" {
     cidr_blocks      = var.allowed_inbound_cidr
     ipv6_cidr_blocks = var.allowed_inbound_ipv6_cidr
   }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  timeouts {
+    delete = "3m"
+  }
 }