Global flag `performance_insights` needs to be especify in all instances to take effect

[carlosjgp]

same as #444

Description

Can't use the global flag to enable the performance insights

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 9.3.1

• Terraform version: 1.5.6

• Provider version(s): 5.42.0

Reproduction Code [Required]

From the examples... initial state

module "aurora" {
  source = "../../"

  name            = local.name
  engine          = "aurora-postgresql"
  engine_version  = "14.7"
  master_username = "root"
  storage_type    = "aurora-iopt1"
  instances = {
    1 = {
      instance_class          = "db.r5.2xlarge"
      publicly_accessible     = true
      db_parameter_group_name = "default.aurora-postgresql14"
    }
    2 = {
      identifier     = "static-member-1"
      instance_class = "db.r5.2xlarge"
    }
    3 = {
      identifier     = "excluded-member-1"
      instance_class = "db.r5.large"
      promotion_tier = 15
    }
  }

  endpoints = {
    static = {
      identifier     = "static-custom-endpt"
      type           = "ANY"
      static_members = ["static-member-1"]
      tags           = { Endpoint = "static-members" }
    }
    excluded = {
      identifier       = "excluded-custom-endpt"
      type             = "READER"
      excluded_members = ["excluded-member-1"]
      tags             = { Endpoint = "excluded-members" }
    }
  }

  vpc_id               = module.vpc.vpc_id
  db_subnet_group_name = module.vpc.database_subnet_group_name
  security_group_rules = {
    vpc_ingress = {
      cidr_blocks = module.vpc.private_subnets_cidr_blocks
    }
    egress_example = {
      cidr_blocks = ["10.33.0.0/28"]
      description = "Egress to corporate printer closet"
    }
  }

  apply_immediately   = true
  skip_final_snapshot = true

  create_db_cluster_parameter_group      = true
  db_cluster_parameter_group_name        = local.name
  db_cluster_parameter_group_family      = "aurora-postgresql14"
  db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
  db_cluster_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
      }, {
      name         = "rds.force_ssl"
      value        = 1
      apply_method = "immediate"
    }
  ]

  create_db_parameter_group      = true
  db_parameter_group_name        = local.name
  db_parameter_group_family      = "aurora-postgresql14"
  db_parameter_group_description = "${local.name} example DB parameter group"
  db_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
    }
  ]

  enabled_cloudwatch_logs_exports = ["postgresql"]
  create_cloudwatch_log_group     = true

  create_db_cluster_activity_stream     = true
  db_cluster_activity_stream_kms_key_id = module.kms.key_id
  db_cluster_activity_stream_mode       = "async"

  tags = local.tags
}

Add performance insights

# Monitoring. Cloudwatch and Performance Insights
create_monitoring_role                = true
iam_role_name                         = "rds-monitoring"
iam_role_use_name_prefix              = true
iam_role_description                  = "IAM role created by terraform-aws-rds-aurora terraform module"
monitoring_interval                   = 10
performance_insights                  = true
performance_insights_retention_period = 93 # days. 3 Months for production environments

# Apply changes immediately instead of waiting for the next maintenance window
# we want to be in control of when these happen
apply_immediately = true

Apply... See Actual behavior section

if on top of that, I add

instances = {
  1 = {
    instance_class          = "db.r5.2xlarge"
    publicly_accessible     = true
    db_parameter_group_name = "default.aurora-postgresql14"
    performance_insights    = true
  }
  2 = {
    identifier           = "static-member-1"
    instance_class       = "db.r5.2xlarge"
    performance_insights = true
  }
  3 = {
    identifier           = "excluded-member-1"
    instance_class       = "db.r5.large"
    promotion_tier       = 15
    performance_insights = true
  }
}

then it applies correctly. See Expected behavior

Expected behavior

Terraform will perform the following actions:

  # aws_iam_role.rds_enhanced_monitoring[0] will be updated in-place
  ~ resource "aws_iam_role" "rds_enhanced_monitoring" {
      + description           = "IAM role created by terraform-aws-rds-aurora terraform module"
        id                    = "rds-monitoring-sbx2"
        name                  = "rds-monitoring-sbx2"
        tags                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      + enable_local_write_forwarding       = false
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-9892532303865fed5397ae3c43eeefa7" -> "aurora-postgres-sbx2-final-snapshot-68e520c70db2863d65b082b42e2438a1"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (40 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
    }
aws_iam_role.rds_enhanced_monitoring[0]: Modifying... [id=rds-monitoring-sbx2]
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_iam_role.rds_enhanced_monitoring[0]: Modifications complete after 1s [id=rds-monitoring-sbx2]
aws_rds_cluster_instance.this["two"]: Modifications complete after 1m32s [id=aurora-postgres-sbx2-one, 1m40s elapsed]
aws_rds_cluster_instance.this["one"]: Modifications complete after 1m42s [id=aurora-postgres-sbx2-one]

Apply complete! Resources: 0 added, 4 changed, 0 destroyed.

Actual behavior

Terraform will perform the following actions:

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-6ec1a4fd929a19781f98da1e86214d3f" -> "aurora-postgres-sbx2-final-snapshot-53fead4e630e409e776f4e948f9a22d6"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (41 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
    }
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_rds_cluster_instance.this["one"]: Modifying... [id=aurora-postgres-sbx2-one]
aws_rds_cluster_instance.this["two"]: Modifying... [id=aurora-postgres-sbx2-two]
╷
│ Error: updating RDS Cluster Instance (aurora-postgres-sbx2-one): InvalidParameterCombination: Cannot set PerformanceInsightsRetention without EnablePerformanceInsights
│       status code: 400, request id: eb61a564-3ea1-4248-ab12-0873f403d368
│ 
│   with aws_rds_cluster_instance.this["one"],
│   on main.tf line 160, in resource "aws_rds_cluster_instance" "this":
│  160: resource "aws_rds_cluster_instance" "this" {
│ 

Additional context

I think that the try statements here to check if the instance configuration overrides the default flag should be coalesce instead...? https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/blob/39146d54a888dee11dc00706e40f1964236394f0/main.tf#L163-L184

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days