search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.76k stars 9.12k forks source link

Changing range_key type in aws_dynamodb_table does not trigger replacement #23618

Closed necro351 closed 5 months ago

necro351 commented 2 years ago

Terraform Version

terraform ▶ terraform version
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.4.0

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "4.4.0"
    }
  }
}

provider "aws" {
  shared_config_files      = ["/Users/rick/.aws/config"]
  shared_credentials_files = ["/Users/rick/.aws/credentials"]
  profile                  = "staging"
}

resource "aws_dynamodb_table" "basic-dynamodb-table" {
  name           = "GameScores"
  billing_mode   = "PROVISIONED"
  read_capacity  = 20
  write_capacity = 20
  hash_key       = "UserLocation"
  range_key      = "GameTitle"

  attribute {
    name = "UserLocation"
    type = "S"
  }

  attribute {
    name = "GameTitle"
    type = "N"
  }

  tags = {
    Name        = "dynamodb-table-1"
    Environment = "production"
  }
}

Expected Behavior

When you change the type of a range_key the table will need to be replaced as the application cannot use, e.g., a string-type range key (S) as a number-type (N), and certainly query scans will be in the unexpected/wrong order. I did not check, but I believe DynamoDB would just return errors to the application if it tried to use 'S' type attribute values for, e.g., an 'N' type attribute/range-key.

Given this, terraform should report the table must be replaced if you change the type.

Actual Behavior

Terraform says the infrastructure already matches and there is nothing to do when you change the type.

Steps to Reproduce

1. terraform init
2. terraform plan
3. terraform apply
4. witness everything is OK
5. change the type of GameTitle from N to S
6. terraform apply claims no need to do anything, infrastructure matches (this is wrong)
danopia commented 2 years ago

I just ran into this as well. Also with a range key, but hash keys are probably about the same.

The error message I receive when trying to create a mistyped document is as follows:

ValidationException: One or more parameter values were invalid: Type mismatch for key SomeId expected: S actual: N

A workaround is tainting the table:

terraform taint aws_dynamodb_table.MyTable

The plan output then shows the changed attribute as two different blocks:


  # aws_dynamodb_table.MyTable is tainted, so must be replaced
-/+ resource "aws_dynamodb_table" "MyTable" {
        # (most things hidden)

      + attribute {
          + name = "SomeId"
          + type = "N"
        }
      - attribute {
          - name = "SomeId" -> null
          - type = "S" -> null
        }
    }

I also found a report of this happening with Global Secondary Indexes:

github-actions[bot] commented 6 months ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

github-actions[bot] commented 4 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.