search

terraform-aws-modules / terraform-aws-rds-aurora

Terraform module to create AWS RDS Aurora resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/rds-aurora/aws
Apache License 2.0
382 stars 551 forks source link

Global flag `performance_insights` needs to be especify in all instances to take effect #444

Closed carlosjgp closed 2 months ago

carlosjgp commented 3 months ago

Description

Can't use the global flag to enable the performance insights

Versions

Reproduction Code [Required]

From the examples... initial state

module "aurora" {
  source = "../../"

  name            = local.name
  engine          = "aurora-postgresql"
  engine_version  = "14.7"
  master_username = "root"
  storage_type    = "aurora-iopt1"
  instances = {
    1 = {
      instance_class          = "db.r5.2xlarge"
      publicly_accessible     = true
      db_parameter_group_name = "default.aurora-postgresql14"
    }
    2 = {
      identifier     = "static-member-1"
      instance_class = "db.r5.2xlarge"
    }
    3 = {
      identifier     = "excluded-member-1"
      instance_class = "db.r5.large"
      promotion_tier = 15
    }
  }

  endpoints = {
    static = {
      identifier     = "static-custom-endpt"
      type           = "ANY"
      static_members = ["static-member-1"]
      tags           = { Endpoint = "static-members" }
    }
    excluded = {
      identifier       = "excluded-custom-endpt"
      type             = "READER"
      excluded_members = ["excluded-member-1"]
      tags             = { Endpoint = "excluded-members" }
    }
  }

  vpc_id               = module.vpc.vpc_id
  db_subnet_group_name = module.vpc.database_subnet_group_name
  security_group_rules = {
    vpc_ingress = {
      cidr_blocks = module.vpc.private_subnets_cidr_blocks
    }
    egress_example = {
      cidr_blocks = ["10.33.0.0/28"]
      description = "Egress to corporate printer closet"
    }
  }

  apply_immediately   = true
  skip_final_snapshot = true

  create_db_cluster_parameter_group      = true
  db_cluster_parameter_group_name        = local.name
  db_cluster_parameter_group_family      = "aurora-postgresql14"
  db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
  db_cluster_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
      }, {
      name         = "rds.force_ssl"
      value        = 1
      apply_method = "immediate"
    }
  ]

  create_db_parameter_group      = true
  db_parameter_group_name        = local.name
  db_parameter_group_family      = "aurora-postgresql14"
  db_parameter_group_description = "${local.name} example DB parameter group"
  db_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
    }
  ]

  enabled_cloudwatch_logs_exports = ["postgresql"]
  create_cloudwatch_log_group     = true

  create_db_cluster_activity_stream     = true
  db_cluster_activity_stream_kms_key_id = module.kms.key_id
  db_cluster_activity_stream_mode       = "async"

  tags = local.tags
}

Add performance insights

# Monitoring. Cloudwatch and Performance Insights
create_monitoring_role                = true
iam_role_name                         = "rds-monitoring"
iam_role_use_name_prefix              = true
iam_role_description                  = "IAM role created by terraform-aws-rds-aurora terraform module"
monitoring_interval                   = 10
performance_insights                  = true
performance_insights_retention_period = 93 # days. 3 Months for production environments

# Apply changes immediately instead of waiting for the next maintenance window
# we want to be in control of when these happen
apply_immediately = true

Apply... See Actual behavior section

if on top of that, I add

instances = {
  1 = {
    instance_class          = "db.r5.2xlarge"
    publicly_accessible     = true
    db_parameter_group_name = "default.aurora-postgresql14"
    performance_insights    = true
  }
  2 = {
    identifier           = "static-member-1"
    instance_class       = "db.r5.2xlarge"
    performance_insights = true
  }
  3 = {
    identifier           = "excluded-member-1"
    instance_class       = "db.r5.large"
    promotion_tier       = 15
    performance_insights = true
  }
}

then it applies correctly. See Expected behavior

Expected behavior

Terraform will perform the following actions:

  # aws_iam_role.rds_enhanced_monitoring[0] will be updated in-place
  ~ resource "aws_iam_role" "rds_enhanced_monitoring" {
      + description           = "IAM role created by terraform-aws-rds-aurora terraform module"
        id                    = "rds-monitoring-sbx2"
        name                  = "rds-monitoring-sbx2"
        tags                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      + enable_local_write_forwarding       = false
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-9892532303865fed5397ae3c43eeefa7" -> "aurora-postgres-sbx2-final-snapshot-68e520c70db2863d65b082b42e2438a1"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (40 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
    }
aws_iam_role.rds_enhanced_monitoring[0]: Modifying... [id=rds-monitoring-sbx2]
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_iam_role.rds_enhanced_monitoring[0]: Modifications complete after 1s [id=rds-monitoring-sbx2]
aws_rds_cluster_instance.this["two"]: Modifications complete after 1m32s [id=aurora-postgres-sbx2-one, 1m40s elapsed]
aws_rds_cluster_instance.this["one"]: Modifications complete after 1m42s [id=aurora-postgres-sbx2-one]

Apply complete! Resources: 0 added, 4 changed, 0 destroyed.

Actual behavior

Terraform will perform the following actions:

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-6ec1a4fd929a19781f98da1e86214d3f" -> "aurora-postgres-sbx2-final-snapshot-53fead4e630e409e776f4e948f9a22d6"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (41 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
    }
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_rds_cluster_instance.this["one"]: Modifying... [id=aurora-postgres-sbx2-one]
aws_rds_cluster_instance.this["two"]: Modifying... [id=aurora-postgres-sbx2-two]
β•·
β”‚ Error: updating RDS Cluster Instance (aurora-postgres-sbx2-one): InvalidParameterCombination: Cannot set PerformanceInsightsRetention without EnablePerformanceInsights
β”‚       status code: 400, request id: eb61a564-3ea1-4248-ab12-0873f403d368
β”‚ 
β”‚   with aws_rds_cluster_instance.this["one"],
β”‚   on main.tf line 160, in resource "aws_rds_cluster_instance" "this":
β”‚  160: resource "aws_rds_cluster_instance" "this" {
β”‚

Additional context

I think that the try statements here to check if the instance configuration overrides the default flag should be coalesce instead...? https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/blob/39146d54a888dee11dc00706e40f1964236394f0/main.tf#L163-L184

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 2 months ago

This issue was automatically closed because of stale in 10 days

carlosjgp commented 1 month ago

Still relvant

github-actions[bot] commented 3 weeks ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.