Troubleshooting
Fix: Azure Cosmos DB Account Name Already Taken
Fix Azure Cosmos DB global name conflicts in Terraform. Handle unique naming, DNS resolution, and account restoration after soft deletion.
2 min read
Troubleshooting
Fix Terraform Error - Azure Virtual Network Subnet In Use
Fix Azure subnet in use errors when modifying VNets in Terraform. Covers resource dependencies, NSG dissociation, delegation conflicts, and force deletion.
LLuca Berton1 min read
Quick Answer
#Azure won't delete or modify a subnet that has resources attached (NICs, private endpoints, service delegations, or NSG associations). Remove or move the dependent resources first, or use lifecycle { create_before_destroy = true } for zero-downtime subnet changes.
The Error
#Error: deleting Subnet "app-subnet":
InUseSubnetCannotBeDeleted: Subnet app-subnet is in use by
/subscriptions/.../networkInterfaces/vm-nic and cannot be deleted.Error: updating Subnet "app-subnet":
InUseSubnetCannotBeUpdated: Subnet app-subnet has a delegation
to Microsoft.Web/serverFarms and cannot be updated.What Causes This Error
#1. VMs/NICs Attached to the Subnet
#Virtual machines, load balancers, or other resources have network interfaces in the subnet.
2. Service Delegation
#The subnet is delegated to a service (App Service, Container Instances, etc.) that still has resources.
3. Private Endpoints
#Private endpoints or private link connections exist in the subnet.
4. NSG Association
#Trying to change the subnet while an NSG is associated.
How to Fix It
#Solution 1: Check What's Using the Subnet
## List resources in the subnet
az network vnet subnet show \
--resource-group my-rg \
--vnet-name my-vnet \
--name app-subnet \
--query '{delegations:delegations[].serviceName, ipConfigurations:ipConfigurations[].id}'
# List NICs in the subnet
az network nic list --resource-group my-rg \
--query "[?ipConfigurations[?subnet.id.contains(@, 'app-subnet')]].{Name:name,VM:virtualMachine.id}"Solution 2: Use depends_on for Correct Destruction Order
#resource "azurerm_subnet" "app" {
name = "app-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_network_interface" "vm" {
name = "vm-nic"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.app.id
private_ip_address_allocation = "Dynamic"
}
}
# Terraform automatically handles destroy order through references
# The NIC will be destroyed before the subnetSolution 3: Handle Delegation Changes
#resource "azurerm_subnet" "app_service" {
name = "appservice-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/24"]
delegation {
name = "app-service-delegation"
service_delegation {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}Solution 4: Force Replace Subnet
## If dependencies are complex, destroy in order
terraform destroy -target=azurerm_network_interface.vm
terraform destroy -target=azurerm_subnet.app
# Then recreate
terraform applyTroubleshooting Checklist
#- ✅ What resources are attached to the subnet? (
az network vnet subnet show) - ✅ Are there NICs, private endpoints, or delegations?
- ✅ Does Terraform know about all dependent resources? (Check state)
- ✅ Are you destroying resources in the correct order?
- ✅ Can you use
-targetto remove dependencies first?
Prevention Tips
#- Let Terraform manage all resources in the subnet — it handles destroy ordering
- Use
depends_onwhen implicit dependencies aren't sufficient - Separate delegated subnets — use dedicated subnets for App Service, ACI, etc.
- Use
lifecycle { create_before_destroy = true }for subnet CIDR changes
Related Articles
#Conclusion
#Subnet in use errors mean Azure is protecting resources that depend on the subnet. Identify the attached resources, remove them first (or let Terraform handle the ordering through resource references), and be careful with delegated subnets that have service restrictions.
#Terraform#Azure#Troubleshooting#Error Fix
Related articles
Troubleshooting
Fix: Azure AKS Cluster - ServicePrincipalNotFound
Fix Azure AKS service principal errors in Terraform. Covers expired credentials, managed identity migration, RBAC configuration, and SP recreation.
2 min read
Troubleshooting
Fix: Azure Container Registry SKU Upgrade Required
Fix Azure Container Registry SKU errors in Terraform. Covers feature availability per tier, geo-replication, private endpoints, and in-place upgrades.
2 min read
Troubleshooting
Fix Terraform Error - Azure Resource Group Not Found
Resolve Azure resource group not found errors in Terraform. Fix subscription context, naming issues, and dependency ordering for Azure deployments.
2 min read