terraform-provider-aws: RDS - storage_encrypted = true does not work
This issue was originally opened by @victorkabdebon as hashicorp/terraform#16894. It was migrated here as a result of the provider split. The original body of the issue is below.
Hi Terraform team,
Please see below an issue that I found on the latest version of Terraform over the weekend.
Terraform Version
$ terraform --version
Terraform v0.11.1
+ provider.aws v1.1.0
Expected Behavior
I would have expected the database to be encrypted & setup. Instead, encryption was false.
Actual Behavior
In the output generated the flag was clearly set to storage_encrypted = true, but after it was created both in the admin and the tfstate the encryption was set to false.
Even worse, terraform would get stuck in a loop where at each “apply” it would want to recreate my database every time (probably because the program saw the encryption set to false in the state).
Steps to Reproduce
Truncated terraform configuration
resource "aws_db_instance" "default" {
engine = "postgres"
engine_version = "9.6.3"
multi_az = false
backup_retention_period = 10
auto_minor_version_upgrade = true
storage_encrypted = true
}
As far as I can tell, turning storage_encrypted to true is enough, then running terraform apply.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 3
- Comments: 15 (2 by maintainers)
Note: my case is solved. It takes an encrypted snapshot to restore a encrypted RDS instance. If you try to restore an unencrypted snapshot to a new instance, does not matter if you enable encryption or not, it will be unencrypted as well.
But for brand new instances (@victorkabdebon 's case) it should enable encryption just fine, which is not happening.
Agreed. I feel there could be a check of the snapshot is encrypted and error if not when
storage_encrypted = trueand restoring from snapshot.