Have a fairly basic environment I’m testing with. It’s a VNet, some subnets, route tables, NSGs. Deploys fine but when running destroy, I get this error for the route-table and the NSGs (truncated to remove sensitive and unneeded info):
Error: Error deleting Network Security Group : Failure sending request: StatusCode=400 – Original Error: Code=“InUseNetworkSecurityGroupCannotBeDeleted”
Similar error for the route table, Code is just “InUseRouteTableCannotBeDeleted”
Azure is throwing the error because there is a dependency there of course… could TF be going too fast and Azure isn’t able to delete the resources in time?
The same has happened to me, so I always try to destroy again after a couple of minutes.
I think that the Azure RM API will sometimes report a success and close the connection even though the operation is ongoing and this is interpreted by Terraform as the resource has been deleted.
If the issue persists, try and look at the resources remaining in the Azure console. Terraform doesn’t roll back the destroy if it fails, so what’s left is what couldn’t be destroyed. Is something using the NSG and routing table?
I’ve tried to re-destroy but I get a lot of complaints because most things are already gone, just get a lot of “was not found” errors and nothing happens.
an abbreviated error:
Error deleting Network Security Group “security-default-nsg” (Resource Group “security-network-rg”); cannot be deleted because it is in use by the following resources "monitoring-subnet
When I go into the GUI, I see that the monitoring-subnet is no loner than, everything is empty except the resource-group (“security-network-rg”) where all of these things lived before…
So it seems that terraform is destroying too fast? Anyway to slow it down? Maybe add a pause?
I am seeing the same issue when deleting a fairly basic environment. Error from Terraform destroy command reads:
I cannot delete a Network Security Group because it is associated with a subnet, however, when I check the Azure GUI, the subnet has already been deleted.
So I re-run my destroy command, and it successfully deletes the NSG. Has anyone found a fix?
I found that if I structure my modules in a more logical fashion, this issue doesn’t come up. For example, I have a VNET module and a Subnet module. Instead of building the VNETs and the Subnets assigned to the VNETs in the same module, I separated them. This seems to have resolved my issue.
I’d think it shouldn’t matter since Terraform creates a dependency map and should create/destroy things in the correct order. But, this is what worked for me.