Closed kwn closed 7 months ago
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
Hey @antonbabenko
Do you mind removing the "stale" label from the issue? I can't control the labels unfortunately.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
Hi guys. After upgrading the
terraform-aws-rds-aurora
module version from 6 to 8 I discovered quite significant issue that might cause that people will be accidentally deleting their databases without any option to restore them. A similar scenario happened to us some time ago, due to an AWS API bug inap-south-1
region. The bug forced cluster recreation, distracted developer didn't read the terraform plan, and we didn't have the deletion protection enabled. Luckily theterraform-aws-rds-aurora
module ver 6/7 was configured to take the final snapshot, so we were able to restore the database.The problem:
Combination of default values for:
skip_final_snapshot
,snapshot_identifier
anddeletion_protection
parameters causes that the final snapshots won't be taken by default. Even if theskip_final_snapshot = false
thesnapshot_identifier = null
by default. The TF AWS RDS provider says:Unlike in ver 6/7,
terraform-aws-rds-aurora
ver 8 man needs to explicitly set the value forsnapshot_identifier
, otherwise the snapshot won't be taken. This might lead to a situation where someone might be under impression that the snapshots will be created automatically, becauseskip_final_snapshot = false
.This inconsistency/issue comes from the TF AWS RDS provider, but I think it would be wise, if the
terraform-aws-modules
team would be smarter than Hashicorp, and set some default value for thesnapshot_identifier
, as it was done in ver 6/7.I'm aware of the
snapshot_identifier and global_cluster_identifier
issue, but why not providing a default value for the snapshot if theglobal_cluster_identifier = null
? I assume there are fairly less cases of global clusters than people not reading all of the module configuration parameters.Versions
Module version [Required]: 8.3.1
Terraform version: 1.5.1
Provider version(s): provider registry.terraform.io/datadog/datadog v3.30.0 provider registry.terraform.io/hashicorp/archive v2.4.0 provider registry.terraform.io/hashicorp/aws v5.17.0 provider registry.terraform.io/hashicorp/local v2.4.0 provider registry.terraform.io/hashicorp/null v3.2.1 provider registry.terraform.io/hashicorp/random v3.5.1 provider registry.terraform.io/mrolla/circleci v0.6.1
Reproduction Code [Required]
Steps to reproduce the behavior:
terraform-aws-rds-aurora
module. Provide only the basic details you need (e.g. name, engine, version).skip_final_snapshot
,snapshot_identifier
anddeletion_protection
Expected behavior
I expect, that due to the
skip_final_snapshot = false
the final snapshot will be taken.Actual behavior
The snapshot is not taken because I wasn't aware that I need to provide a value for another parameter
snapshot_identifier
to take the final snapshot. I lost my database along with the backups.