From 594bb8109e25908ff40c98ce5818aa8b2c3dc8ce Mon Sep 17 00:00:00 2001
From: Maciej Kwidzinski <mkwidzinski@atlassian.com>
Date: Wed, 3 Jan 2024 17:24:33 +0100
Subject: [PATCH] JPERF-1208: Clean up security groups before stacks

Network stacks contain VPCs, and VPCs depend on security groups.
Some security groups are provisioned outside of the stack,
so deleting such a stack will fail due to the dependency.
---
 CHANGELOG.md                                          |  2 ++
 .../aws/api/housekeeping/ConcurrentHousekeeping.kt    | 11 +++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 76ea205..4c97020 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,9 +29,11 @@ Dropping a requirement of a major version of a dependency is a new contract.
 ### Fixed
 - Add missing `iam:GetRole` permission. You have to update the policy manually. Fix [JPERF-1407].
 - Reduce pressure on CloudFormation when cleaning long lists of expired stacks. Help [JPERF-1332].
+- Clean up EC2 security groups before CloudFormation stacks. Fix [JPERF-1208].
 
 [JPERF-1407]: https://ecosystem.atlassian.net/browse/JPERF-1407
 [JPERF-1332]: https://ecosystem.atlassian.net/browse/JPERF-1332
+[JPERF-1208]: https://ecosystem.atlassian.net/browse/JPERF-1208
 
 ## [1.13.0] - 2023-08-14
 [1.13.0]: https://github.com/atlassian-labs/aws-resources/compare/release-1.12.2...release-1.13.0
diff --git a/src/main/kotlin/com/atlassian/performance/tools/aws/api/housekeeping/ConcurrentHousekeeping.kt b/src/main/kotlin/com/atlassian/performance/tools/aws/api/housekeeping/ConcurrentHousekeeping.kt
index 7d114c6..d030957 100644
--- a/src/main/kotlin/com/atlassian/performance/tools/aws/api/housekeeping/ConcurrentHousekeeping.kt
+++ b/src/main/kotlin/com/atlassian/performance/tools/aws/api/housekeeping/ConcurrentHousekeeping.kt
@@ -18,6 +18,11 @@ class ConcurrentHousekeeping(
     private val logger = LogManager.getLogger(this::class.java)
 
     override fun cleanLeftovers(aws: Aws) {
+        val securityGroups = aws.ec2.describeSecurityGroups().securityGroups.map { securityGroup ->
+            Ec2SecurityGroup(securityGroup, aws.ec2)
+        }.filter { it.isExpired() }
+        waitUntilReleased(securityGroups)
+
         Cloudformation(aws, aws.cloudformation).consumeExpiredStacks(Consumer { stacks ->
             waitUntilReleased(stacks, stackTimeout)
         })
@@ -31,13 +36,7 @@ class ConcurrentHousekeeping(
         val keys = aws.ec2.describeKeyPairs().keyPairs.map { key ->
             RemoteSshKey(SshKeyName(key.keyName), aws.ec2)
         }.filter { it.isExpired() }
-
-        val securityGroups = aws.ec2.describeSecurityGroups().securityGroups.map { securityGroup ->
-            Ec2SecurityGroup(securityGroup, aws.ec2)
-        }.filter { it.isExpired() }
-
         waitUntilReleased(keys)
-        waitUntilReleased(securityGroups)
     }
 
     private fun waitUntilReleased(