Merge branch 'main' into feature/add-vpc-lattice-pattern

aws-ia · Dec 19, 2023 · aacc342 · aacc342
2 parents f65e7c7 + 7305cd5
commit aacc342
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -63,14 +63,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
         with:
           sarif_file: results.sarif
diff --git a/patterns/istio/README.md b/patterns/istio/README.md
@@ -295,6 +295,25 @@ kubectl port-forward svc/jaeger 16686:16686 -n istio-system
 
 ## Destroy
 
+The AWS Load Balancer Controller add-on asynchronously reconciles resource deletions.
+During stack destruction, the istio ingress resource and the load balancer controller
+add-on are deleted in quick succession, preventing the removal of some of the AWS
+resources associated with the ingress gateway load balancer like, the frontend and the
+backend security groups.
+This causes the final `terraform destroy -auto-approve` command to timeout and fail with VPC dependency errors like below:
+
+```text
+│ Error: deleting EC2 VPC (vpc-XXXX): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: XXXXX-XXXX-XXXX-XXXX-XXXXXX, api error DependencyViolation: The vpc 'vpc-XXXX' has dependencies and cannot be deleted.
+```
+
+A possible workaround is to manually uninstall the `istio-ingress` helm chart.
+
+```sh
+terraform destroy -target='module.eks_blueprints_addons.helm_release.this["istio-ingress"]' -auto-approve
+```
+
+Once the chart is uninstalled move on to destroy the stack.
+
 {%
    include-markdown "../../docs/_partials/destroy.md"
 %}