Terraform postgresql provider fails to create the role and database after the provision in aws

Question

I'm trying to provision the postgres in the aws also create the database and roles sequentially using the terraform. But getting the below exception and i could not able to create the role/db.

terraform {
  required_providers {
    # postgresql = {
    #   source  = "cyrilgdn/postgresql"
    #   version = "1.15.0"
    # }
    postgresql = {
      source = "terraform-providers/postgresql"
      version = ">=1.7.2"
    }

    helm = {
      source  = "hashicorp/helm"
      version = "2.4.1"
    }
    aws = {
      source  = "hashicorp/aws"
      version = "4.0.0"
    }
  }
}

resource "aws_db_instance" "database" {
  identifier = "dev-test"

  allocated_storage = 100
  storage_type      = "gp2"
  engine            = "postgres"
  engine_version    = "13.4"
  port              = 5432
  instance_class       = "db.t3.micro"
  username                     = "postgres"
  performance_insights_enabled = true
  password                     = "postgres$123"
  db_subnet_group_name         = "some_name"
  vpc_security_group_ids       = ["sg_name"]
  parameter_group_name         = "default.postgres13"
  publicly_accessible          = true
  delete_automated_backups     = false
  storage_encrypted            = true
  tags = {
    Name = "dev-test"
  }
  skip_final_snapshot = true
}

#To create the "raw" database
provider "postgresql" {
  version = ">=1.4.0"
  database         = "raw"
  host             = aws_db_instance.database.address
  port             = aws_db_instance.database.port
  username         = aws_db_instance.database.username
  password         = aws_db_instance.database.password
  sslmode          = "require"
  connect_timeout  = 15
  superuser        = false
  expected_version = aws_db_instance.database.engine_version
}

#creation of the role
resource "postgresql_role" "application_role" {
  provider = postgresql
  name               = "test"
  login              = true
  password           = "test$123"
  encrypted_password = true
  create_database = false
  depends_on         = [aws_db_instance.database]
}

Error -

Error: dial tcp 18.221.183.66:5432: i/o timeout
│
│   with postgresql_role.application_role,
│   on main.tf line 79, in resource "postgresql_role" "application_role":
│   79: resource "postgresql_role" "application_role" {
│
╵

I noticed few people are saying to include the expected_version attribute in the latest version should work. Although including the expected version attribute still the issue persist. I need to provision the postgres in the aws, create the db and roles.

What could be issue with my script ?

Answer 1

As per documentation [1], you are missing the scheme in the postgresql provider:

provider "postgresql" {
  scheme           = "awspostgres"
  database         = "raw"
  host             = aws_db_instance.database.address
  port             = aws_db_instance.database.port
  username         = aws_db_instance.database.username
  password         = aws_db_instance.database.password
  sslmode          = "require"
  connect_timeout  = 15
  superuser        = false
  expected_version = aws_db_instance.database.engine_version
}

Additionally, I am not sure if you can use database = raw or it has to be database = "postgres", which is the default value so it does not have to be specified.

One other note: I do not think you need to specify the provider block in every resource. You just define it once in the required_providers block (like you did for aws provider) and then anything related to that provider will assume using the provider defined. In other words, you should remove the version = ">=1.4.0" from the provider "postgres" and provider = postgresql from the resource "postgresql_role" "application_role" and the code should still work.

---

[1] https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs#aws