[Bug]: aws_docdb_cluster availability_zones attribute is different than what was set

[rgl]

Terraform Core Version

1.8.2

AWS Provider Version

5.47.0

Affected Resource(s)

aws_docdb_cluster and aws_rds_cluster

Expected Behavior

Expected the aws_docdb_cluster and aws_rds_cluster resources to return the configured availability_zones

Actual Behavior

aws_docdb_cluster.availability_zones returns more zones than what was configured at creation time.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Please note that module.vpc.azs has two azs, eu-west-1a and eu-west-1a.

# see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster
resource "aws_docdb_cluster" "example" {
  cluster_identifier           = var.cluster_name
  availability_zones           = module.vpc.azs
  db_subnet_group_name         = module.vpc.database_subnet_group_name
  vpc_security_group_ids       = [aws_security_group.example_docdb.id]
  port                         = local.example_docdb_port
  engine                       = "docdb"
  engine_version               = "5.0.0"
  master_username              = "master"
  master_password              = "Ex0mple!" # TODO move to a secret.
  preferred_maintenance_window = "mon:00:00-mon:03:00"
  preferred_backup_window      = "04:00-06:00"
  backup_retention_period      = 1 # [days]. min 1.
  skip_final_snapshot          = true
  apply_immediately            = true
  lifecycle {
    ignore_changes = [
      # TODO why is this changing from 2 to 3 azs after initial creation?
      availability_zones,
    ]
  }
}

Steps to Reproduce

1. Deploy a aws_docdb_cluster into two availability zones using terraform apply.
2. Run terraform apply again.
3. Notice that terraform apply wants to recreate the aws_docdb_cluster because it thinks a third zone eu-west-1c is being removed. Also notice that we've initially created the aws_docdb_cluster with two azs, not three! So it seems there's a bug somewhere.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

This is related to https://github.com/hashicorp/terraform-provider-aws/issues/19451.

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @rgl 👋 Thank you for taking the time to raise this! Are you able to supply debug logs (redacted as needed) so that we have that information to reference? Without a working reproduction example, we'll need that in order to deduce what's happening.

[rgl]

Ah, sorry, I forgot to include the repo. The full repo is at https://github.com/rgl/terraform-aws-documentdb-example. The relevant parts, I think, are:

• https://github.com/rgl/terraform-aws-documentdb-example/blob/main/vpc.tf
• https://github.com/rgl/terraform-aws-documentdb-example/blob/main/docdb.tf

I'm sorry, but I will not even try to redact the terraform logs, that file is too complex/unknown for doing that. If there is anything particular that you want to see, let me known. Thou, that repo should be enough to reproduce the problem.

[ltavira-bch]

I get the same issue. Until now, the only solution i got was to add the new az manually to the code . This makes almost impossible to develop an automation for different workspaces.

[rgl]

Oh, this also happens with the aws_rds_cluster resource... :-(

[justinretzolk]

Hey @rgl 👋 Thank you for taking the time to raise this! In the case of aws_rds_cluster, that behavior is expected and noted in the documentation:

RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply

I suspect this may be the case for DocDB as well, but can't find any specific documentation to support that. If you supply 3 AZs, does the issue persist?

[rgl]

@justinretzolk oh, I've missed that part of the documentation... thanks for pointing it out!

by any chance, can you/HashiCorp ask AWS for clarification? and maybe crosslink the two documentations? this provider and aws rds docs.