From 7305cd57dc356e8594924447b1575f218472c4e5 Mon Sep 17 00:00:00 2001
From: Sourav Paul <iamsouravin@gmail.com>
Date: Sat, 16 Dec 2023 21:01:51 +0000
Subject: [PATCH] fix: Add uninstall before destroy (#1843) (#1844)

---
 patterns/istio/README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/patterns/istio/README.md b/patterns/istio/README.md
index 57bb0f5e3d..22855de34e 100644
--- a/patterns/istio/README.md
+++ b/patterns/istio/README.md
@@ -295,6 +295,25 @@ kubectl port-forward svc/jaeger 16686:16686 -n istio-system
 
 ## Destroy
 
+The AWS Load Balancer Controller add-on asynchronously reconciles resource deletions.
+During stack destruction, the istio ingress resource and the load balancer controller
+add-on are deleted in quick succession, preventing the removal of some of the AWS
+resources associated with the ingress gateway load balancer like, the frontend and the
+backend security groups.
+This causes the final `terraform destroy -auto-approve` command to timeout and fail with VPC dependency errors like below:
+
+```text
+│ Error: deleting EC2 VPC (vpc-XXXX): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: XXXXX-XXXX-XXXX-XXXX-XXXXXX, api error DependencyViolation: The vpc 'vpc-XXXX' has dependencies and cannot be deleted.
+```
+
+A possible workaround is to manually uninstall the `istio-ingress` helm chart.
+
+```sh
+terraform destroy -target='module.eks_blueprints_addons.helm_release.this["istio-ingress"]' -auto-approve
+```
+
+Once the chart is uninstalled move on to destroy the stack.
+
 {%
    include-markdown "../../docs/_partials/destroy.md"
 %}