terraform-provider-awscc icon indicating copy to clipboard operation
terraform-provider-awscc copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

awscc_dms_migration_project creation failing

Open gauravkohli opened this issue 9 months ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
  • The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.8.3
on darwin_arm64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.22.0
+ provider registry.terraform.io/hashicorp/aws v5.48.0
+ provider registry.terraform.io/hashicorp/awscc v0.76.0

Affected Resource(s)

  • awscc_dms_migration_project

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_dms_data_provider" "source_provider" {
  engine = "postgres"
  data_provider_name = "db-source"
  settings = {
    postgre_sql_settings = {
      database_name = "dbname"
      port = 6432
      server_name = "source.2ce3358tyuwaq6g.us-east-2.rds.amazonaws.com"
      ssl_mode = "require"
    }
  }
}

resource "awscc_dms_data_provider" "target_provider" {
  engine = "postgres"
  data_provider_name = "db-target"
  settings = {
    postgre_sql_settings  = {
      database_name  = "db"
      port = 6432
      server_name = "target.2ce3358tyuwaq6g.us-east-2.rds.amazonaws.com"
      ssl_mode = "require"
    }
  }
}

resource awscc_dms_instance_profile "instance_profile" {
  publicly_accessible  = true
}

resource awscc_dms_migration_project "migration_project" {
  migration_project_name = "db-migration-project2"
  instance_profile_arn  = awscc_dms_instance_profile.instance_profile.instance_profile_arn 
  instance_profile_identifier = awscc_dms_instance_profile.instance_profile.id 
  # schema_conversion_application_attributes = {
  #     s3_bucket_path = "s3://dms-migration-us-east-2-xxxxxx"
  #     s3_bucket_role_arn  = "arn:aws:iam::xxxxxx:role/dms-access-s3"
  # }
  source_data_provider_descriptors = [{
    data_provider_arn = awscc_dms_data_provider.source_provider.data_provider_arn
    data_provider_identifier = awscc_dms_data_provider.source_provider.id
    secrets_manager_access_role_arn  = "arn:aws:iam::xxxxxx:role/dms-read-secrets"
    secrets_manager_secret_id = "rds/default"
    data_provider_name        = "db-source"
  }]
  target_data_provider_descriptors  = [{
    data_provider_arn = awscc_dms_data_provider.target_provider.data_provider_arn
    data_provider_identifier = awscc_dms_data_provider.target_provider.id
    secrets_manager_access_role_arn  = "arn:aws:iam::xxxxxx:role/dms-read-secrets"
    secrets_manager_secret_id = "rds/db/credentials"
    data_provider_name        = "db-target"
  }]
}

Debug Output

https://gist.github.com/gauravkohli/7c1e9b689ff52522515211568dab4cc4

Panic Output

Expected Behavior

Ideally, I would have expected the DMS migration project to get created without any errors.

Actual Behavior

I do see the DMS migration project created in AWS console, but since the terraform gets an error response from Cloud Control API, the resource is not added to the terraform state.

terraform state list 
awscc_dms_data_provider.source_provider
awscc_dms_data_provider.target_provider
awscc_dms_instance_profile.instance_profile

If I do add that schema_conversion_application_attributes (commented out above in the code) with a dummy s3 bucket and an IAM role that has access to that bucket, then everything works and the terraform state reflects the DMS migration project created and Cloud control API doesn't complain about it.

But for creating a DMS Migration project SchemaConversionApplicationAttributes is not a mandatory field https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-migrationproject.html#cfn-dms-migrationproject-schemaconversionapplicationattributes and even if I pass it, it's nowhere to be used in actual Migration project created in AWS console.

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000

gauravkohli avatar May 08 '24 12:05 gauravkohli

thanks for reporting this issue, I have cut internal ticket to investigate since I believe this is upstream AWS issue.

wellsiau-aws avatar May 09 '24 04:05 wellsiau-aws