1

I manage a Azure environment via Terraform and each one of them has DDOS Protection Plan enabled. I was instructed to disable and delete DDOS on all non-prod environment. The code is ready and the plan shows that the azurerm_network_ddos_protection_plan will be destroyed and every virtual network with ddos will be updated in-place and disabled. The ddos_protection_plan section will become null.

The error I am receiving is

network.DdosProtectionPlansClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="InUseDdosProtectionPlanCannotBeDeleted".

Problem: Terraform is trying to delete the azurerm_network_ddos_protection_plan first.

Question: How do I force it to disable the ddosplan in each virtual network before destroying the resource. I've tested the depend_on but this causes cycle error. Also looked into the lifecycle block and did not seem to apply.

Any suggestion would be greatly appreciated.

Additional info:

Updates:

Terraform Version 0.13.7 AzureRM Provider Version: 3.13.0

Marko E
  • 13,362
  • 2
  • 19
  • 28
Maki
  • 439
  • 1
  • 6
  • 17
  • Is this issue the same as yours? Does the proposed solution work for you? Which provider version are you using? – Marko E Nov 08 '22 at 13:33
  • If you are referring to the link. My issue is different. They are trying to solve the dynamic block which I already had in place. My problem is Terraform trying to destroy the ddos resource while still enabled in each VNET. Terraform Version 0.13.7 AzureRM Provider Version: 3.13.0 – Maki Nov 08 '22 at 13:53

0 Answers0