The SSH key pair is created with boto3 in provision.py and Terraform
only references it by name, so it is never in Terraform state. A plain
terraform destroy leaves the key pair behind, and the destroy flow only
deletes it as a separate best effort boto3 call that can be skipped or
fail, so key pairs get orphaned in AWS.
Fix: make it a real aws_key_pair resource so terraform destroy removes it.
The SSH key pair is created with boto3 in provision.py and Terraform
only references it by name, so it is never in Terraform state. A plain
terraform destroy leaves the key pair behind, and the destroy flow only
deletes it as a separate best effort boto3 call that can be skipped or
fail, so key pairs get orphaned in AWS.
Fix: make it a real aws_key_pair resource so terraform destroy removes it.