How to first update dependency and then delete an old object

Terraform
1

I have a setup where resource A depends on resource B. I want to replace resource B with another resource C.

# I have:
A ---depends on---> B 
# I want to change it to:  
A ---depends on---> C

Current behaviour
Terraform tries to execute operations in the following order:

  1. Create C
  2. Destroy B
  3. Update A

But it fails, because B can’t be destroyed, because A depends on it.

Expected behaviour

  1. Create C
  2. Update A
  3. Destroy B

How can I achieve it?

lifecycle = create_before_destroy does not help me, because I am not updating B, but replacing it with a whole new resource C.

Some more context
I am using Terraform 0.12.20.
The actual resources in question are:

  • A - AWS Application Load Balancer
  • B - Security Group created with a module
  • C - Security Group resource created directly in TF
2

I am not sure I can think of an elegant solution to this, other than a procedural one which would involve two runs. This Blue/Green approach is actually how we manage our internal infra.

  • You first add the new resource to your config, updating any references but leaving the resource which is going to be replaced in the config and run Terraform apply
  • You can then test that the new setup works and is running correctly
  • If all is OK, then you remove the old resource from your configuration and again run Terraform apply

First run:
Create C
Update A

Second Run:
Destroy B

3

Yeah, I eventually did more or less that (I used -target to exclude destruction of resource B during first run), but I am interested in a more automated way. Actual production deployment will be conducted by my client for whom I want to make the process as easy as possible.
Thanks for your reply anyway.