04/01/2021, 2:10 PM
Hi, I have this issue when doing a pulumi up:
Type           Name               Status         Info
pulumi:pulumi:Stack    poc-us-1-dev           **failed**       1 error
-  └─ aws:ec2:SecurityGroup poc-us-1-eksClusterSecurityGroup **deleting failed**   1 error
-  └─ aws:ec2:SecurityGroup poc-us-1-eksClusterSecurityGroup deleting... completing deletion from previous update
aws:ec2:SecurityGroup (poc-us-1-eksClusterSecurityGroup):
error: deleting urn:pulumi:dev::xxx:ec2/securityGroup:SecurityGroup::xxxlusterSecurityGroup: 1 error occurred:
* Error deleting security group: DependencyViolation: resource xxx has a dependent object
status code: 400, request id: xxx
pulumi:pulumi:Stack (poc-us-1-dev):
error: update failed
The previous update is actually finished. Even pulumi destroy does not work. I am blocked. Do you see a ‘clean’ way out ?


04/01/2021, 6:04 PM
You'll need to see what is currently using the security group that is blocking it from being deleted.
It's likely an ENI that is lingering around.
If you're able to reproduce that, please open an issue at


04/04/2021, 12:20 AM
Once you've figured out the problem and reported it, you can get your stack working again by manually removing the resource via the console. You may also have to remove it from state;
pulumi state delete <urn>
should do that for you.
If that doesn't work, unfortunately you have to export the stack, delete the pending operation, and import the stack.