terraform-aws-rds-proxy icon indicating copy to clipboard operation
terraform-aws-rds-proxy copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

cannot create proxy without `require_tls` = true

Open chenrui333 opened this issue 3 years ago β€’ 3 comments

Description

  • [x] βœ‹ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: 2.1.0
  • Terraform version: 1.1.8
  • Provider version(s): 4

Reproduction Code [Required]

module "rds_proxy" {
  name = local.name
  source = "terraform-aws-modules/rds-proxy/aws"
  version = "2.1.0"

  # disable TLS check
  require_tls = false

  name                   = local.name
  iam_role_name          = local.name
  iam_policy_name         = local.name
  use_policy_name_prefix = true
  use_role_name_prefix   = true

  vpc_subnet_ids         = module.vpc.private_subnets
  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]

  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    }
  }

  secrets = {
    "${local.db_username}" = {
      auth_scheme = "SECRETS"
      iam_auth    = "DISABLED"
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }

  engine_family = "MYSQL"

  # Target Aurora cluster
  target_db_cluster     = true
  db_cluster_identifier = module.rds.cluster_id

  tags = local.tags
}

Steps to reproduce the behavior:

Expected behavior

Actual behavior

Error output

β”‚ Error: Error creating DB Proxy: InvalidParameterValue: Must enable TLS, when IAM Auth is required
β”‚ 	status code: 400, request id: de2093bc-e0b0-427c-9683-17d0bb843ece

Terminal Output Screenshot(s)

Additional context

chenrui333 avatar Apr 28 '22 16:04 chenrui333

thanks for the issue - I think we could look at handling this requirement by doing some ternary check

bryantbiggs avatar Apr 28 '22 16:04 bryantbiggs

It might be just some documentation improvement opportunity.

This is my working diff:

-  # # disable TLS check
-  # require_tls = false
-
-  iam_role_name          = local.cluster_name
-  iam_policy_name        = local.cluster_name
-  use_policy_name_prefix = true
-  use_role_name_prefix   = true
+  # disable TLS check
+  require_tls = false
+  iam_auth = "DISABLED"

chenrui333 avatar Apr 28 '22 17:04 chenrui333

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar May 29 '22 00:05 github-actions[bot]

This issue has been resolved in version 3.0.0 :tada:

antonbabenko avatar Jun 09 '23 11:06 antonbabenko

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Jul 10 '23 02:07 github-actions[bot]