No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

image.png

I think the problem with the security groups is that the rules (which refer to the other security groups) would need to be removed before the groups.
For the routetableassociations I think if you make it so the DependOn the internet gateway they should be destroyed before it.

<@U01UELY9YUR> thank you. So i declare my public subnets first and then when i create my internet gateway i specify in the resourceoptions that it depends on the subnets resources

```igw_name = f'{name}-igw'
        self.igw = ec2.InternetGateway(igw_name,
                                       vpc_id=self.vpc.id,
                                       tags={
                                           'Name': igw_name
                                       },
                                       opts=ResourceOptions(parent=self,
                                                            depends_on=self.subnets[:2])
                                       )```

i guess that will enforce the order of the destroy steps. It will first remove the subnets then it will be able to detach the gateway from the VPC

Yes, that's my understanding. But I hasten to add I'm fairly new to pulumi myself

yes, that is correct. From the docs:
&gt; The `dependsOn` option ensures that resource creation, update, and deletion operations are done in the correct order.
