Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS accounts won't be removed from RSC properly when delete_snapshots_on_destroy is set to true in polaris_aws_cnp_account #130

Open
DamaniN opened this issue Mar 11, 2024 · 1 comment
Open

AWS accounts won't be removed from RSC properly when delete_snapshots_on_destroy is set to true in polaris_aws_cnp_account #130

DamaniN opened this issue Mar 11, 2024 · 1 comment
Labels
api-issue There is an issue with the backend API aws Amazon AWS bug Something isn't working

Comments

@DamaniN
Copy link

DamaniN commented Mar 11, 2024

Expected Behavior

When setting delete_snapshots_on_destroy to true and then destroying a polaris_aws_cnp_account resource, all snapshots in the AWS account should be removed, before the account is removed from RSC.

Current Behavior

When used in a module or script that also creates the IAM role in the AWS account, Terraform will remove the IAM user before RSC completes the delete operation. This causes the delete operation to fail in RSC and for it to post an error. The error results in the polaris_aws_cnp_account resource not being deleted. After this, the AWS account must be manually removed from RSC via engineering. The snapshots in the AWS account must be manually removed by the customer.

Failure Information (for bugs)

Please help provide information about the failure if this is a bug.

  • Use verbose outputs to capture any debug information.
TBD

Steps to Reproduce

  1. Add an AWS account to RSC via Terraform.
    • Be sure that the same Terraform module/script creates the IAM Role and creates the polaris_aws_cnp_account resource.
    • Ensure that the delete_snapshots_on_destroy option is set to true on the polaris_aws_cnp_account resource.
  2. Perform several backups of EC2 instances in the AWS account.
    • S3 backups should work as well.
  3. Once the backups are complete, remove the AWS account from RSC by running the appropriate terraform destory command.

Context

  • Version of project
    • beta.16
  • Version of dependencies.
    • N/A
  • Version of operating system.
    • N/A
  • Version of RSC
    • v20240304-17

Failure Logs

  • Use verbose outputs to capture any debug information.
TBD
@DamaniN DamaniN mentioned this issue Mar 11, 2024
Open
@johan3141592 johan3141592 added bug Something isn't working aws Amazon AWS api-issue There is an issue with the backend API labels Mar 26, 2024
@johan3141592
Copy link
Member

This is a problem with the RSC GraphQL API. To be able to create the roles we need the trust policies and to get the trust policies we need to start the account onboarding. The account onboarding starts with the polaris_aws_cnp_account resource. This is also the resource which, when removed, removes the snapshots (if delete_snapshots_on_destroy is set to true). So this is a dependency problem in the API. If we could get the trust policies before starting the account onboarding there would be no problem, because we could create the roles before starting to onboard the account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-issue There is an issue with the backend API aws Amazon AWS bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DamaniN @johan3141592