terraform-aws-rds-aurora
terraform-aws-rds-aurora copied to clipboard
Published
20 hours ago β’
terraform-aws-modules
terraform-aws-modules
Global flag `performance_insights` needs to be especify in all instances to take effect
same as #444
Description
Can't use the global flag to enable the performance insights
- [x] β I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]: 9.3.1
-
Terraform version: 1.5.6
-
Provider version(s): 5.42.0
Reproduction Code [Required]
From the examples... initial state
module "aurora" {
source = "../../"
name = local.name
engine = "aurora-postgresql"
engine_version = "14.7"
master_username = "root"
storage_type = "aurora-iopt1"
instances = {
1 = {
instance_class = "db.r5.2xlarge"
publicly_accessible = true
db_parameter_group_name = "default.aurora-postgresql14"
}
2 = {
identifier = "static-member-1"
instance_class = "db.r5.2xlarge"
}
3 = {
identifier = "excluded-member-1"
instance_class = "db.r5.large"
promotion_tier = 15
}
}
endpoints = {
static = {
identifier = "static-custom-endpt"
type = "ANY"
static_members = ["static-member-1"]
tags = { Endpoint = "static-members" }
}
excluded = {
identifier = "excluded-custom-endpt"
type = "READER"
excluded_members = ["excluded-member-1"]
tags = { Endpoint = "excluded-members" }
}
}
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
security_group_rules = {
vpc_ingress = {
cidr_blocks = module.vpc.private_subnets_cidr_blocks
}
egress_example = {
cidr_blocks = ["10.33.0.0/28"]
description = "Egress to corporate printer closet"
}
}
apply_immediately = true
skip_final_snapshot = true
create_db_cluster_parameter_group = true
db_cluster_parameter_group_name = local.name
db_cluster_parameter_group_family = "aurora-postgresql14"
db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
db_cluster_parameter_group_parameters = [
{
name = "log_min_duration_statement"
value = 4000
apply_method = "immediate"
}, {
name = "rds.force_ssl"
value = 1
apply_method = "immediate"
}
]
create_db_parameter_group = true
db_parameter_group_name = local.name
db_parameter_group_family = "aurora-postgresql14"
db_parameter_group_description = "${local.name} example DB parameter group"
db_parameter_group_parameters = [
{
name = "log_min_duration_statement"
value = 4000
apply_method = "immediate"
}
]
enabled_cloudwatch_logs_exports = ["postgresql"]
create_cloudwatch_log_group = true
create_db_cluster_activity_stream = true
db_cluster_activity_stream_kms_key_id = module.kms.key_id
db_cluster_activity_stream_mode = "async"
tags = local.tags
}
Add performance insights
# Monitoring. Cloudwatch and Performance Insights
create_monitoring_role = true
iam_role_name = "rds-monitoring"
iam_role_use_name_prefix = true
iam_role_description = "IAM role created by terraform-aws-rds-aurora terraform module"
monitoring_interval = 10
performance_insights = true
performance_insights_retention_period = 93 # days. 3 Months for production environments
# Apply changes immediately instead of waiting for the next maintenance window
# we want to be in control of when these happen
apply_immediately = true
Apply... See Actual behavior section
if on top of that, I add
instances = {
1 = {
instance_class = "db.r5.2xlarge"
publicly_accessible = true
db_parameter_group_name = "default.aurora-postgresql14"
performance_insights = true
}
2 = {
identifier = "static-member-1"
instance_class = "db.r5.2xlarge"
performance_insights = true
}
3 = {
identifier = "excluded-member-1"
instance_class = "db.r5.large"
promotion_tier = 15
performance_insights = true
}
}
then it applies correctly. See Expected behavior
Expected behavior
Terraform will perform the following actions:
# aws_iam_role.rds_enhanced_monitoring[0] will be updated in-place
~ resource "aws_iam_role" "rds_enhanced_monitoring" {
+ description = "IAM role created by terraform-aws-rds-aurora terraform module"
id = "rds-monitoring-sbx2"
name = "rds-monitoring-sbx2"
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (9 unchanged attributes hidden)
}
# aws_rds_cluster.this[0] will be updated in-place
~ resource "aws_rds_cluster" "this" {
+ enable_local_write_forwarding = false
~ final_snapshot_identifier = "aurora-postgres-sbx2-final-snapshot-9892532303865fed5397ae3c43eeefa7" -> "aurora-postgres-sbx2-final-snapshot-68e520c70db2863d65b082b42e2438a1"
id = "aurora-postgres-sbx2"
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (40 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_rds_cluster_instance.this["one"] will be updated in-place
~ resource "aws_rds_cluster_instance" "this" {
id = "aurora-postgres-sbx2-one"
~ performance_insights_enabled = false -> true
~ performance_insights_retention_period = 0 -> 7
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (28 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_rds_cluster_instance.this["two"] will be updated in-place
~ resource "aws_rds_cluster_instance" "this" {
id = "aurora-postgres-sbx2-two"
~ performance_insights_enabled = false -> true
~ performance_insights_retention_period = 0 -> 7
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (28 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 4 to change, 0 to destroy.
Changes to Outputs:
~ cluster_instances = {
~ one = {
id = "aurora-postgres-sbx2-one"
~ performance_insights_enabled = false -> true
~ performance_insights_retention_period = 0 -> 7
tags = {
managed_by = "terraform"
project = "linq-tactical-infra"
}
# (32 unchanged attributes hidden)
}
~ two = {
id = "aurora-postgres-sbx2-two"
~ performance_insights_enabled = false -> true
~ performance_insights_retention_period = 0 -> 7
tags = {
managed_by = "terraform"
project = "linq-tactical-infra"
}
# (32 unchanged attributes hidden)
}
}
aws_iam_role.rds_enhanced_monitoring[0]: Modifying... [id=rds-monitoring-sbx2]
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_iam_role.rds_enhanced_monitoring[0]: Modifications complete after 1s [id=rds-monitoring-sbx2]
aws_rds_cluster_instance.this["two"]: Modifications complete after 1m32s [id=aurora-postgres-sbx2-one, 1m40s elapsed]
aws_rds_cluster_instance.this["one"]: Modifications complete after 1m42s [id=aurora-postgres-sbx2-one]
Apply complete! Resources: 0 added, 4 changed, 0 destroyed.
Actual behavior
Terraform will perform the following actions:
# aws_rds_cluster.this[0] will be updated in-place
~ resource "aws_rds_cluster" "this" {
~ final_snapshot_identifier = "aurora-postgres-sbx2-final-snapshot-6ec1a4fd929a19781f98da1e86214d3f" -> "aurora-postgres-sbx2-final-snapshot-53fead4e630e409e776f4e948f9a22d6"
id = "aurora-postgres-sbx2"
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (41 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_rds_cluster_instance.this["one"] will be updated in-place
~ resource "aws_rds_cluster_instance" "this" {
id = "aurora-postgres-sbx2-one"
~ performance_insights_retention_period = 0 -> 7
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (29 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_rds_cluster_instance.this["two"] will be updated in-place
~ resource "aws_rds_cluster_instance" "this" {
id = "aurora-postgres-sbx2-two"
~ performance_insights_retention_period = 0 -> 7
tags = {
"managed_by" = "terraform"
"project" = "linq-tactical-infra"
}
# (29 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
Changes to Outputs:
~ cluster_instances = {
~ one = {
id = "aurora-postgres-sbx2-one"
~ performance_insights_retention_period = 0 -> 7
tags = {
managed_by = "terraform"
project = "linq-tactical-infra"
}
# (33 unchanged attributes hidden)
}
~ two = {
id = "aurora-postgres-sbx2-two"
~ performance_insights_retention_period = 0 -> 7
tags = {
managed_by = "terraform"
project = "linq-tactical-infra"
}
# (33 unchanged attributes hidden)
}
}
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_rds_cluster_instance.this["one"]: Modifying... [id=aurora-postgres-sbx2-one]
aws_rds_cluster_instance.this["two"]: Modifying... [id=aurora-postgres-sbx2-two]
β·
β Error: updating RDS Cluster Instance (aurora-postgres-sbx2-one): InvalidParameterCombination: Cannot set PerformanceInsightsRetention without EnablePerformanceInsights
β status code: 400, request id: eb61a564-3ea1-4248-ab12-0873f403d368
β
β with aws_rds_cluster_instance.this["one"],
β on main.tf line 160, in resource "aws_rds_cluster_instance" "this":
β 160: resource "aws_rds_cluster_instance" "this" {
β
Additional context
I think that the try statements here to check if the instance configuration overrides the default flag should be coalesce instead...?
https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/blob/39146d54a888dee11dc00706e40f1964236394f0/main.tf#L163-L184
