Fix: ENI's prevent SecGrps from being destroyed on tf destroy (#311)

* Fix: remove ENI's on term fixes cluster destroy issues with security group still attached * Fix: delete ENIs on term to allow sg destroy
2026-04-24 09:38:25 +02:00 · 2019-04-11 07:29:35 -06:00
parent 18e00861e4
commit 47c7e7ad6f
3 changed files with 4 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@ project adheres to [Semantic Versioning](http://semver.org/).

 ### Added

+- Write your awesome addition here (by @you)
+- Fixed: Ability to destroy clusters due to security groups being attached to ENI's (by @whiskeyjimbo)
 - Added outputs for worker IAM instance profile(s) (by @soapergem)
 - Added support for cluster logging via the `cluster_enabled_log_types` variable (by @sc250024)

--- a/local.tf
+++ b/local.tf
@@ -73,6 +73,7 @@ locals {
    ebs_optimized                            = true                                          # sets whether to use ebs optimization on supported types.
    enable_monitoring                        = true                                          # Enables/disables detailed monitoring.
    public_ip                                = false                                         # Associate a public ip address with a worker
+    eni_delete                               = true                                          # Delete the ENI on termination (if set to false you will have to manually delete before destroying)
    kubelet_extra_args                       = ""                                            # This string is passed directly to kubelet if set. Useful for adding labels or taints.
    subnets                                  = "${join(",", var.subnets)}"                   # A comma delimited string of subnets to place the worker nodes in. i.e. subnet-123,subnet-456,subnet-789
    autoscaling_enabled                      = false                                         # Sets whether policy and matching tags will be added to allow autoscaling.
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -64,6 +64,7 @@ resource "aws_launch_template" "workers_launch_template" {

  network_interfaces {
    associate_public_ip_address = "${lookup(var.worker_groups_launch_template[count.index], "public_ip", local.workers_group_launch_template_defaults["public_ip"])}"
+    delete_on_termination       = "${lookup(var.worker_groups_launch_template[count.index], "eni_delete", local.workers_group_launch_template_defaults["eni_delete"])}"
    security_groups             = ["${local.worker_security_group_id}", "${var.worker_additional_security_group_ids}", "${compact(split(",",lookup(var.worker_groups_launch_template[count.index],"additional_security_group_ids", local.workers_group_launch_template_defaults["additional_security_group_ids"])))}"]
  }