Open dnewman212 opened 1 year ago
Hi @dnewman212 - thank you for filing this issue.
Can you help us reproduce this error by providing the code you're using, and a bit more of the pulumi console output?
Some context, the rds.Instance is created as part of a pulumi component object, the required arguments are prepopulated. The particular snippet responsible for instantiation is below.
If we set the monitoring interval to anything other than 0 and run pulumi up, we create the instance with the monitoring interval we've set. However when we attempt to do an update, the rds instance attempts to update the monitoring interval despite there being no changes made to the instance. In order to get around this we tried to ignore_changes on the monitoring interval, this then caused the update to fail with the error message stating that the monitoring_role_arn cannot be set without a monitoring interval greater than 0, highlighting that it doesn't appear to be retaining the parameter of the monitoring_interval.
self.instance = aws.rds.Instance(
self._base_name,
# We should only be running Pulumi in a maintenance window
# so apply changes immediately
apply_immediately=True,
# Instance settings
identifier=self.parameter_group.name,
instance_class=aws.rds.InstanceType.M5_LARGE,
# Database settings
engine="postgres",
engine_version="13.6",
# db_name=db_name,
username="postgres",
password=self.master_secret.version.secret_string,
auto_minor_version_upgrade=False,
parameter_group_name=self.parameter_group.name,
iam_database_authentication_enabled=True,
# Storage settings
storage_type="gp2",
allocated_storage=16,
max_allocated_storage=100,
# Availability settings
multi_az=True,
# Connectivity settings
db_subnet_group_name=subnet_group.name,
vpc_security_group_ids=[self.security_group.id],
# Backup settings
backup_retention_period=7,
backup_window="08:00-09:00", # 5-6pm AEST
skip_final_snapshot=True,
# Encryption settings
storage_encrypted=True,
kms_key_id=self.key.arn,
# # Logging settings
enabled_cloudwatch_logs_exports=[
"postgresql",
"upgrade",
],
monitoring_interval=5,
monitoring_role_arn=self.role.arn,
performance_insights_enabled=True,
performance_insights_kms_key_id=self.key.arn,
performance_insights_retention_period=7, # Amount of time in days to retain Performance Insights, Valid
# values are 7, 731 (2 years) or a multiple of 31
opts=self.resource_options(
parent=self,
),
)
Exporting the stack state highlights the issue in further detail
{
"urn": "urn:pulumi:develop-daniel.newman::x::x$x:PostgreSQLInstance$aws:rds/instance:Instance::x:x:postgres",
"custom": true,
"id": "postgres-20230110230509353500000006",
"type": "aws:rds/instance:Instance",
"inputs": {
"__defaults": [
"copyTagsToSnapshot",
"deleteAutomatedBackups",
"publiclyAccessible"
],
"allocatedStorage": 16,
"applyImmediately": true,
"autoMinorVersionUpgrade": false,
"backupRetentionPeriod": 7,
"backupWindow": "08:00-09:00",
"copyTagsToSnapshot": false,
"dbSubnetGroupName": "postgres-20230110231725826200000016",
"deleteAutomatedBackups": true,
"enabledCloudwatchLogsExports": [
"postgresql",
"upgrade"
],
"engine": "postgres",
"engineVersion": "13.6",
"iamDatabaseAuthenticationEnabled": true,
"identifier": "postgres-20230110230509353500000006",
"instanceClass": "db.m5.large",
"kmsKeyId": "arn:aws:kms:ap-southeast-2:164323444665:key/39aeaa64-b9b0-475a-99c3-8646e96839fc",
"maxAllocatedStorage": 100,
"monitoringInterval": 5,
"monitoringRoleArn": "arn:aws:iam::031943300167:role/x-monitoring-20230111075116053200000001",
"multiAz": true,
"parameterGroupName": "postgres-20230110230509353500000006",
"password": {
"4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
"ciphertext": "AAABAIrnAzTHmt0WsjlcZcwqFYLnItpnezFcQrAuTtoOAECvTXcHNxNDNDYD9+CrzzrfOZLcn2Lz11t7a1aUuI9pz8Vyi/IDNgl/N2M8RlZsYcNlpjSNaDXpzCsEbRr7EM3Gimg4sYEi2HvuWvzRYEfbJZa4yZqI9qQBZ0MvgqydpwQjqgdcFg7fmeQxqSSyiaa59TccKOz2ICBmdbijjuFf"
},
"performanceInsightsEnabled": true,
"performanceInsightsKmsKeyId": "arn:aws:kms:ap-southeast-2:164323444665:key/39aeaa64-b9b0-475a-99c3-8646e96839fc",
"performanceInsightsRetentionPeriod": 7,
"publiclyAccessible": false,
"skipFinalSnapshot": true,
"storageEncrypted": true,
"storageType": "gp2",
"username": "postgres",
"vpcSecurityGroupIds": [
"sg-0450e1f47773edbec"
]
},
"outputs": {
"__meta": "{\"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0\":{\"create\":2400000000000,\"delete\":3600000000000,\"update\":4800000000000},\"schema_version\":\"1\"}",
"address": "postgres-20230110230509353500000006.cqtc0vprgvvw.ap-southeast-2.rds.amazonaws.com",
"allocatedStorage": 16,
"applyImmediately": true,
"arn": "arn:aws:rds:ap-southeast-2:031943300167:db:postgres-20230110230509353500000006",
"autoMinorVersionUpgrade": false,
"availabilityZone": "ap-southeast-2c",
"backupRetentionPeriod": 7,
"backupWindow": "08:00-09:00",
"blueGreenUpdate": null,
"caCertIdentifier": "rds-ca-2019",
"characterSetName": "",
"copyTagsToSnapshot": false,
"customIamInstanceProfile": "",
"customerOwnedIpEnabled": false,
"dbName": "",
"dbSubnetGroupName": "postgres-20230110231725826200000016",
"deleteAutomatedBackups": true,
"deletionProtection": false,
"domain": "",
"domainIamRoleName": "",
"enabledCloudwatchLogsExports": [
"postgresql",
"upgrade"
],
"endpoint": "postgres-20230110230509353500000006.cqtc0vprgvvw.ap-southeast-2.rds.amazonaws.com:5432",
"engine": "postgres",
"engineVersion": "13.6",
"engineVersionActual": "13.6",
"hostedZoneId": "Z32T0VRHXEXS0V",
"iamDatabaseAuthenticationEnabled": true,
"id": "postgres-20230110230509353500000006",
"identifier": "postgres-20230110230509353500000006",
"identifierPrefix": "postgres-",
"instanceClass": "db.m5.large",
"iops": 0,
"kmsKeyId": "arn:aws:kms:ap-southeast-2:164323444665:key/39aeaa64-b9b0-475a-99c3-8646e96839fc",
"latestRestorableTime": "2023-01-11T10:59:36Z",
"licenseModel": "postgresql-license",
"maintenanceWindow": "sun:17:07-sun:17:37",
"maxAllocatedStorage": 100,
"monitoringInterval": 0,
"monitoringRoleArn": "arn:aws:iam::031943300167:role/x-monitoring-20230111075116053200000001",
"multiAz": true,
"name": "",
"ncharCharacterSetName": "",
"networkType": "IPV4",
"optionGroupName": "default:postgres-13",
"parameterGroupName": "postgres-20230110230509353500000006",
"password": {
"4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
"ciphertext": "x"
},
"performanceInsightsEnabled": true,
"performanceInsightsKmsKeyId": "arn:aws:kms:ap-southeast-2:164323444665:key/39aeaa64-b9b0-475a-99c3-8646e96839fc",
"performanceInsightsRetentionPeriod": 7,
"port": 5432,
"publiclyAccessible": false,
"replicaMode": "",
"replicas": [],
"replicateSourceDb": "",
"resourceId": "db-DFGKYKFITB6SARJXHNF6DJZEKQ",
"restoreToPointInTime": null,
"s3Import": null,
"securityGroupNames": [],
"skipFinalSnapshot": true,
"status": "available",
"storageEncrypted": true,
"storageThroughput": 0,
"storageType": "gp2",
"tags": {},
"tagsAll": {
"x": "default"
},
"timezone": "",
"username": "postgres",
"vpcSecurityGroupIds": [
"sg-0450e1f47773edbec"
]
},
"parent": "urn:pulumi:develop-daniel.newman::x::x:x$x:aws:rds:PostgreSQLInstance::x:x:postgres",
],
"provider": "urn:pulumi:develop-daniel.newman::x::pulumi:providers:aws::x::484907b6-8fa3-4c67-b240-67b946d8c464",
"propertyDependencies": {
"allocatedStorage": null,
"applyImmediately": null,
"autoMinorVersionUpgrade": null,
"backupRetentionPeriod": null,
"backupWindow": null,
"dbSubnetGroupName": [
"urn:pulumi:develop-daniel.newman::x::x:x$x:aws:rds:PostgreSQLInstance$aws:rds/subnetGroup:SubnetGroup::x:x:postgres"
],
"enabledCloudwatchLogsExports": null,
"engine": null,
"engineVersion": null,
"iamDatabaseAuthenticationEnabled": null,
"identifier": [
"urn:pulumi:develop-daniel.newman::x::x:x$xr:aws:rds:PostgreSQLInstance$aws:rds/parameterGroup:ParameterGroup::x:x:postgres"
],
"instanceClass": null,
"kmsKeyId": [
"urn:pulumi:develop-daniel.newman::x::x:x$x:aws:rds:PostgreSQLInstance$aws:kms/key:Key::x~x:x:postgres"
],
"maxAllocatedStorage": null,
"monitoringInterval": null,
"monitoringRoleArn": [
"urn:pulumi:develop-daniel.newman::x::x:x$aws:iam/role:Role::x:x:postgres"
],
"multiAz": null,
"parameterGroupName": [
"urn:pulumi:develop-daniel.newman::x::x:x:xx$x:aws:rds:PostgreSQLInstance$aws:rds/parameterGroup:ParameterGroup::x:x:postgres"
],
"password": [
"urn:pulumi:develop-daniel.newman::x::x:x:xx$x:aws:rds:PostgreSQLInstance$aws:secretsmanager/secretVersion:SecretVersion::x:x:postgres:postgres:secret-version"
],
"performanceInsightsEnabled": null,
"performanceInsightsKmsKeyId": [
"urn:pulumi:develop-daniel.newman::x::x:x:xx$x:aws:rds:PostgreSQLInstance$aws:kms/key:Key::security~x:x:postgres"
],
"performanceInsightsRetentionPeriod": null,
"skipFinalSnapshot": null,
"storageEncrypted": null,
"storageType": null,
"username": null,
"vpcSecurityGroupIds": [
"urn:pulumi:develop-daniel.newman::x::x:x:xx$x:aws:rds:PostgreSQLInstance$aws:ec2/securityGroup:SecurityGroup::x:x:postgres"
]
},
"additionalSecretOutputs": [
"password"
]
},
What happened?
rds.Instance fails to retain the value of monitoring_interval as an output and instead displays a perpetual diff. This cannot be ignored as monitoring_role_arn will fail with the default value of 0
Steps to reproduce
aws.rds.Instance(..., monitoring_interval=5, monitoring_role_arn=temp.arn )
Expected Behavior
monitoring_interval value is retained as an output
Actual Behavior
monitoring_interval value remains at the default value (0)
Output of
pulumi about
CLI
Version 3.49.0 Go Version go1.19.3 Go Compiler gc
Plugins NAME VERSION aws 5.24.0 azure 5.27.0 okta 3.16.0 python unknown random 4.8.2 tls 4.6.1
Host OS Microsoft Windows Server 2019 Datacenter Version 10.0.17763 Build 17763 Arch x86_64
This project is written in python: version='3.10.4 '
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).