search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

[AWS::RDS::DBParameterGroup] False-positive drift detection results #1699

Open FarrOut opened 1 year ago

FarrOut commented 1 year ago

Name of the resource

AWS::RDS::DBParameterGroup

Resource Name

No response

Issue Description

Freshly-provisioned AWS::RDS::DBParameterGroup reports drift for Parameters property.

Peculiarly, it (so far) seems to only report false-positively for shared_preload_libraries and track_activity_query_size keys. Even more weirdly, only when track_activity_query_size == 4096

Expected Behavior

Stack IN_SYNC

Observed Behavior

shared_preload_libraries key missing from actual. track_activity_query_size key missing from actual, but only when value is 4096!!

Test Cases

        parameter_group = rds.ParameterGroup(self, "ParameterGroup",
                                             engine=rds.DatabaseInstanceEngine.postgres(
                                                 version=rds.PostgresEngineVersion.VER_14_2),
                                             description='Testing drift',
                                             parameters={
                                                 "shared_preload_libraries": "pg_stat_statements",
                                                 "track_activity_query_size": "4095"
                                             }
                                             )

IN_SYNC

Expected:

{
  "Family": "postgres14",
  "Description": "Testing drift",
  "Parameters": {
    "shared_preload_libraries": "pg_stat_statements",
    "track_activity_query_size": "4095"
  }
}

Actual:

{
  "Family": "postgres14",
  "Description": "Testing drift",
  "Parameters": {
    "track_activity_query_size": "4095"
  }
}
        parameter_group = rds.ParameterGroup(self, "ParameterGroup",
                                             engine=rds.DatabaseInstanceEngine.postgres(
                                                 version=rds.PostgresEngineVersion.VER_14_2),
                                             description='Testing drift',
                                             parameters={
                                                 "shared_preload_libraries": "pg_stat_statements",
                                                 "track_activity_query_size": "4096"
                                             }
                                             )

DRIFTED

Expected:

{
  "Family": "postgres14",
  "Description": "Testing drift",
  "Parameters": {
    "shared_preload_libraries": "pg_stat_statements",
    "track_activity_query_size": "4096"
  }
}

Actual:

{
  "Family": "postgres14",
  "Description": "Testing drift"
}
        parameter_group = rds.ParameterGroup(self, "ParameterGroup",
                                             engine=rds.DatabaseInstanceEngine.postgres(
                                                 version=rds.PostgresEngineVersion.VER_14_2),
                                             description='Testing drift',
                                             parameters={
                                                 "shared_preload_libraries": "pg_stat_statements",
                                                 "track_activity_query_size": "4097"
                                             }
                                             )

IN_SYNC

Expected:

{
  "Family": "postgres14",
  "Description": "Testing drift",
  "Parameters": {
    "shared_preload_libraries": "pg_stat_statements",
    "track_activity_query_size": "4097"
  }
}

Actual:

{
  "Family": "postgres14",
  "Description": "Testing drift",
  "Parameters": {
    "track_activity_query_size": "4097"
  }
}

Other Details

No response

khebul commented 1 year ago

Thank you for reporting the issue. The false drift is happening due to the value 4096 matching the default value for the track_activity_query_size parameter. We currently filter out parameters which values are matching defaults. We need to improve our logic when including or excluding parameters from drift detection.

Before improvements are made for the drift detector, the workaround would be excluding parameters with default values from the template.