[Enhancement]: Change the VPC for an Amazon RDS DB instance

[DenisBY]

Description

We need to change VPC for RDS. According to AWS documentation, it should be straightforward. However, we are getting the error:

Error: updating RDS DB Subnet Group (rds-prod-20220602121811550200000001): InvalidParameterValue: The new Subnets are not in the same Vpc as the existing subnet group status code: 400

Affected Resource(s) and/or Data Source(s)

• aws_db_subnet_group
• aws_security_group
• aws_db_instance

Potential Terraform Configuration

No response

References

https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/

Would you like to implement a fix?

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[md5]

Can you elaborate on what you're doing? It looks like you have updated the subnet_ids of an existing DB Subnet Group to be subnet IDs from a different VPC?

The docs for ModifyDBSubnetGroup don't mention throwing InvalidParameterValue, but it appears that the API doesn't support changing to subnets that are in a different VPC than the one where the DB Subnet Group was originally created. This matches the behavior of the AWS RDS web console, where you can only choose subnets from the same VPC as the existing subnets that are already in use.

I believe the way the blog post you cite expects you to handle this is to actually create a new DB Subnet Group, so I think that's what you'll want to do here as well. In order to do that, I think you'll need to create it with a different resource identifier in your Terraform config unless you want to muck around with state rm and deleting the old subnet group manually after you have switched the instance to use the new subnet group.

At some level, it would be nice if this provider could detect when you are passing a list of subnets from a new VPC and force the creation of a new DB Subnet Group in that case to replace the old one. It looks like this would be possible if the schema resource implemented CustomizeDiff for the subnet_ids attribute. However, this probably goes too far down the road of reproducing AWS business logic in the provider itself.

[DenisBY]

Thank you for the prompt answer. We created a new VPC and would like to move our RDS DB to this new VPC. Correct, there should be a logic for 'detect when you are passing a list of subnets from a new VPC and force the creation of a new DB Subnet Group in that case to replace the old one'. Like 'create before destroy'. And it seems it's too complicated to use for such edge case.

I did it by manually creating a new DB Subnet Group and with state rm, -refresh-only, import, etc magic.