Duplicate RDS database instances results in assimilation of existing resources

SpamapS commented 4 years ago

I created two similar terraform configurations in the same AWS account/region. Upon applying the first, it created a database instance. The second finished very quickly, and when I looked in the console, I saw only one RDS instance. I noticed right away that the variable I was using to specify the name had left off a suffix, so they shared the same name and basically the same configuration including subnet groups and security groups.

This could have led to massive database corruption, as two deployments would have tried to use the same database.

I would have expected the second one to explode and tell me it couldn't create another database of the same name.

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.20
+ provider.aws v2.48.0
+ provider.cloudflare v2.3.0
+ provider.kubernetes v1.11.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2

Affected Resource(s)

aws_db_instance

Terraform Configuration Files

resource "aws_db_instance" "db" {
  allocated_storage = var.allocated_storage
  storage_type      = var.storage_type
  iops              = var.storage_iops

  db_subnet_group_name      = aws_db_subnet_group.db.name
  deletion_protection       = "true"
  engine                    = "mysql"
  instance_class            = var.instance_class
  identifier                = local.db_name_lower
  name                      = local.db_name_lower
  username                  = local.db_name_lower
  password                  = random_string.dbpass.result
  vpc_security_group_ids    = [aws_security_group.db.id]
  final_snapshot_identifier = "${local.db_name_lower}-final-snapshot"
  storage_encrypted         = "true"
  backup_retention_period   = 35

  #GMT time - 130-200am PST
  backup_window        = "08:30-09:00"
  apply_immediately    = var.apply_immediately
  multi_az             = var.multi_az
  engine_version       = var.engine_version
  parameter_group_name = aws_db_parameter_group.param_group.name

  lifecycle {
    prevent_destroy = true
  }

  tags = {
    Name          = var.db_name
    "backup_plan" = "daily"
  }
}

Debug Output

Available upon request.

Panic Output

N/A

Expected Behavior

I would expect duplicate databases in different state files to block each other, with one succeeding, and the other failing because the resource already exists.

Actual Behavior

Terraform happily assimilates the resource from the first, leading to dual-ownership.

Steps to Reproduce

create two nearly identical but completely separate top-level configs with an aws_db_instance. They should be the same except for their state file.
Apply config A
Apply config B
List RDS instances, you will see only one DB, and an identical state entry in both separate state files.

Important Factoids

N/A

References

justinretzolk commented 2 years ago

Hey @SpamapS 👋 Thank you for taking the time to file this issue! Given that there's been a number of Terraform and AWS provider releases since you initially filed it, can you confirm if you're still experiencing this behavior?

SpamapS commented 2 years ago

No I cannot, unfortunately, I no longer work with AWS RDS.

hashicorp / terraform-provider-aws