search

gigascience / gigadb-website

Source code for running GigaDB
http://gigadb.org
GNU General Public License v3.0
9 stars 15 forks source link

Got user is not authorized to CreateDBSnapshot during terraform destroy #2053

Open kencho51 opened 1 month ago

kencho51 commented 1 month ago

User story

As a developer I want to be able to destroy an entire envirnment automatically without errors So that I can re-create an AWS environment at will

Acceptance criteria

Given I have an AWS environment provisioned When I instruct Terrform to destroy it Then the environment's resources should all be destroyed without error.

Additional info

Describe the bug A clear and concise description of what the bug is.

% terraform destroy
...
Error: deleting RDS DB Instance (rds-server-staging-ken): AccessDenied: User: arn:aws:iam::049839813732:user/Ken is not authorized to perform: rds:CreateDBSnapshot on resource: arn:aws:rds:ap-northeast-2:049839813732:snapshot:snapshot-final-staging-ken-20240903022417-rds-server-staging-ken-fa8e8b71 because no identity-based policy allows the rds:CreateDBSnapshot action
│       status code: 403, request id: 0b279c83-6b7c-4384-b167-cc1f46a4c885

I have this error whenever I try to terraform destroy my staging environment, @rija and @pli888, do you have the same error?

Temporary solutions

  1. Manually deleted the rds instance in the aws rds dashboard and terraform destroy again

  2. Update the rds_instance.tf not to create snapshot when destroy as suggested by @rija 

    in ops/infrastructure/modules/rds-instance/rds-instance.tf, I think we can set skip_final_snapshot to true and remove final_snapshot_identifier_prefix because we don't need those snapshots on dev environment, and we never destroy database server on live, and even if need to do it exceptionally we can make manual snapshot. Also it will saves us space as those automated snapshots accumulate

Additional context Add any other context about the problem here.