terraform-aws-vpc icon indicating copy to clipboard operation
terraform-aws-vpc copied to clipboard
verified publisher icon cloudposse

Interface Endpoints can/should depend on Gateways

Open Nuru opened this issue 10 months ago • 0 comments

Describe the Bug

If you create both an S3 Gateway and an S3 Interface VPC Endpoint, and the latter has PrivateDnsOnlyForInboundResolverEndpoint set to true, the S3 Gateway cannot be destroyed because it is in use by the S3 Interface.

│ Error: deleting EC2 VPC Endpoint (vpce-0fba4407c7c199af1): vpce-0fba4407c7c199af1: api error InvalidParameter: Gateway endpoint cannot be deleted while Interface endpoint vpce-0453729ae3d7025a3 for the service has PrivateDnsOnlyForInboundResolverEndpoint set to true.

It would probably be sufficient and harmless to make all the Interface VPC Endpoints depend on all the Gateways.

Expected Behavior

terraform destroy proceeds without error.

Steps to Reproduce

  • Create both an S3 Gateway and an S3 Interface VPC Endpoint with private DNS enabled
  • Try to destroy the S3 Gateway with a targeted destroy

Note that this is a race condition that can happen without targeted destroy. The targeting just makes it easier to reproduce.

Screenshots

No response

Environment

No response

Additional Context

No response

Nuru avatar Mar 11 '25 22:03 Nuru