search

terraform-aws-modules / terraform-aws-rds-aurora

Terraform module to create AWS RDS Aurora resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/rds-aurora/aws
Apache License 2.0
385 stars 573 forks source link

No way to Manipulate DataAPI in Aurora Serverless V2 #464

Closed TiagoJVO closed 3 months ago

TiagoJVO commented 3 months ago

Description

TLDR: In Aurora Serverless V2 manipulating enable_http_endpoint only applies on resource creation, subsequent changes of the property will lead to every reconciliation to try to apply changes due to interpreting a difference between the resource and the definition, but leading to no change (as in, keeps reconciling every 12h applying no change).

If you set enable_http_endpoint to true at creation time, it is correctly set via EnableHttpEndpoint mentioned on the following API documentation page: AWS CreateDBCluster Operation

When it comes to modification of said option, I see it is implemented in the code as: terraform-provider-aws code

The issue is, the EnableHttpEndpoint passed to ModifyDBCluster action works only for Aurora Serverless V1. This means if the cluster has been created with HTTP Data API disabled, enabling it via this API parameter will work only for v1. V2, which we use, has a completely separate action, mentioned here: AWS EnableHttpEndpoint Operation

This does not seem to be supported by the provider, and the path seems to be forking the code depending on the version, and for v2 calling the separate operation instead of modifying the cluster.

Versions

Reproduction Code [Required]

variable "region" {
  default = "us-west-2"
}

module "my_db" {
  source      = "terraform-aws-modules/rds-aurora/aws"
  version     = "~> 7.1"
  engine      = "aurora-postgresql"
  engine_mode = "provisioned"
  engine_version = 13.12
  instance_class = "db.serverless"
  # https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.Aurora_Fea_Regions_DB-eng.Feature.Data_API.html#Concepts.Aurora_Fea_Regions_DB-eng.Feature.Data_API.apg
  enable_http_endpoint = true
  name = "case-number-157917"
  subnets = [ "subnet-06259998c0dab749d", "subnet-02856b15739009107" ]
  apply_immediately = true
}

Steps to reproduce the behavior:

  1. Apply the above TF
  2. Verify the DB is created with DataAPI enabled
  3. change enable_http_endpoint to false
  4. apply TF
  5. verify DataAPI is not disabled
  6. every subsequent reconcile will find a difference and try to apply the modification, but no modification is done (consuming resources)

Expected behavior

enable_http_endpoint to manipulate DataAPI toggle for Aurora Serverless v2

Actual behavior

enable_http_endpoint only works on Creation time for Aurora Serverless v2

Additional context

This is specially important to be implemented now as AWS Announced the retirement of Aurora Serverless V1 by December 2024, and all databases will be migrated to v2 (if not migrated by ourselves).

github-actions[bot] commented 2 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.