Reputation: 619
Terraform to enable RDS Performance Insights
I enabled performance insights from the console manually, which created the KMS key. Later when I ran terraform, it gives me this error, which is understandable -- it cannot replace the existing KMS key
InvalidParameterCombination: You can't change your Performance Insights KMS key. status code: 400
However, after I disabled performance insights from the RDS console, and re-run the terraform, the error persists. My expectation was that it will now create a new KMS key, thus there shouldn't be any need to "change" the KMS key. Why does the error persist?
PS: I tried terraform import as well, but it didn't work either.
Edit: This is the TF code:
resource "aws_db_instance" "db" {
# This has been in the config before
kms_key_id = module.kms.kms_key_arn
...
# These are new code to enable performance insights from terraform
performance_insights_enabled = var.performance_insights_enabled
performance_insights_kms_key_id = var.performance_insights_enabled ? module.kms.kms_key_arn : ""
...
}
PS: the KMS key, as the comment says above, has been there under "Customer Managed Keys" with the rds instance before this change. As I enabled performance insights from the console, AWS created a new KMS key under "AWS Managed Keys". After I disabled performance insights, the key is still there and I am concerned about how to deal with it (recommendation is to not delete the key but I believe it's no longer being used now).
My expectation is that after disabling performance insights, the terraform, with the new code, can link the existing customer-managed KMS key to performance insights.
Upvotes: 3
Views: 5614
Answers (2)
Reputation: 13187
I'm a bit late to the party, but I ran into the same issue and managed to solve it.
I had set up the Cluster without performance insights initially, then later tried to enable it and terraform got stuck in a state where it couldn't enable it with the following error:
An error occurred (InvalidParameterCombination) when calling the ModifyDBCluster operation: You can't change your Performance Insights KMS key.
I also tried enabling it through the CLI and Console, but I got the same errors, until I passed all three performance insights parameters at the same time:
aws rds modify-db-cluster --db-cluster-identifier <cluster-id> \
--performance-insights-retention-period 7 \
--enable-performance-insights --performance-insights-kms-key-id <kms-arn>
The next Terraform plan showed no changes, i.e., after a state refresh it recognized the changes.
Upvotes: 0
Reputation: 1
Maybe console is not doing as it should be. Please try with CLI: aws rds modify-db-instance --db-instance-identifier sample-db-instance --no-enable-performance-insights
Upvotes: 0
Related Questions
- Multiple DBs on a same aws_rds_cluster_instance
- terraform restore an RDS backup
- Create database schema with terraform
- Creating RDS Instances from Snapshot Using Terraform
- Terraform destroying RDS instance and retaining automated backups
- Terraform - using rds snapshot when available
- Create aws rds instance using terraform?
- Terraform resource recreation dynamic AWS RDS instance counts
- AWS Cloudformation to enable Performance Insights
- RDS Cluster and DB Instance concept