terraform-provider-aws: Bug introduced v3.29.0 with RDS Validation and Snapshots

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

v3.29.0 for AWS Provider v0.14.5 for Terraform

Affected Resource(s)

aws_db_instance

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_db_instance" "main" {
  engine                                = "postgres"
  engine_version                        = var.engine_version
  apply_immediately                     = true
  identifier                            = "db-${var.name}-pg-instance"
  name                                  = var.database_name
  username                              = var.database_name
  password                              = random_password.password.result
  storage_encrypted                     = true
  allocated_storage                     = var.allocated_storage
  max_allocated_storage                 = var.max_allocated_storage
  instance_class                        = var.instance_class
  snapshot_identifier                   = var.snapshot_identifier
  storage_type                          = var.storage_type
  backup_retention_period               = var.backup_retention_period
  backup_window                         = var.backup_window
  maintenance_window                    = var.maintenance_window
  auto_minor_version_upgrade            = true
  final_snapshot_identifier             = "${var.name}-rds-pg-final-snapshot"
  multi_az                              = true
  vpc_security_group_ids                = [aws_security_group.main.id]
  db_subnet_group_name                  = aws_db_subnet_group.main.name
  parameter_group_name                  = length(var.db_parameters) > 0 ? aws_db_parameter_group.main[0].name : null

  monitoring_interval                   = 30
  monitoring_role_arn                   = aws_iam_role.monitor_role.arn

  performance_insights_enabled          = true
  performance_insights_retention_period = 7

  enabled_cloudwatch_logs_exports       = [
    "postgresql",
    "upgrade"
  ]

  deletion_protection                   = var.deletion_protection
  tags                                  = local.common_data_tags

  lifecycle {
    ignore_changes = [
      username
    ]
  }

  #depends_on = [aws_iam_policy_attachment.monitor_role]
}

Debug Output

Panic Output

Expected Behavior

Because we’re passing null in for the snapshot we’d expect validation to succeed.

Actual Behavior

Validation fails because it does not take the null case into account.

Steps to Reproduce

Create a aws_db_instance resource that includes a username and passes in null for the snapshot id.
terraform apply

Important Factoids

This is a bug introduced in #17156

References

#17156

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 95
Comments: 34 (2 by maintainers)

Most upvoted comments

Getting this too when providing a value for snapshot_identifier

Changing the following is a workaround for me in the interim

provider "aws" {
  version = "= 3.28.0"
}

+14

jareddohrman on Feb 22, 2021

We got the bug using username = "something" and snapshot_identifier = ""

theophilechevalier on Feb 19, 2021

Getting this too when providing a value for snapshot_identifier

jareddohrman on Feb 22, 2021

This has been released in version 3.29.1 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

ghost on Feb 23, 2021

Same here, we have default value for snapshot_identifier=“”
Error: ConflictsWith

  on .terraform/modules/rds-postgres-dev.rds/main.tf line 23, in resource "aws_db_instance" "main":
  23:   snapshot_identifier       = var.snapshot_identifier

"snapshot_identifier": conflicts with username
We are kind of blocked at the moment. When we can expect a fix for that ?

You can just use an older version of the provider as suggested by kahootali

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "= 3.28.0"
    }
  }
}

konstl000 on Feb 22, 2021

Changing the following is a workaround for me in the interim
provider "aws" {
  version = "= 3.28.0"
}

^This one gives warning & is deprecated in terraform 0.14.x, use

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "= 3.28.0"
    }
  }
}

kahootali on Feb 22, 2021

Getting this error when both username and snapshot identifier are clearly set to different values.

tgonda-discovery on Feb 20, 2021

@TrangPham problem is related to AWS provider version not Terraform version

xorxeli on Feb 22, 2021

is happenning to me now and i am on terraform cloud. I believe the conflict is in the duplicate use of the var.snapshot_identifier

Take a look at line 63 and 139

https://github.com/terraform-aws-modules/terraform-aws-rds/blob/master/modules/db_instance/main.tf#L139

aleon1220 on Feb 22, 2021

This is not just hitting V3 but also hitting v2 i.e. we are using v0.12.29 and all the our existing reources which were built with a predefined snapshots are failing too when running terragrunt plan since last two days.

it would be great if there is a retrofit for terraform 12 too.

I don’t think, the version of Terraform is important here. The question is just if you use the buggy version of the plugin or not, I would say …

konstl000 on Feb 21, 2021

Yes, that’s what i mean.

tedivm on Feb 19, 2021