CODEWITHSUNDEEP
amazon-web-servicesterraformamazon-rdsamazon-aurora
hassanbsalimi
hassanbsalimi

Reputation: 109

Why does terraform keeps updating parameter group of rds cluster?

I am using terraform 0.13 and latest AWS provider version and it keeps updating aws_rds_cluster_parameter_group resource on each plan and apply. Any ideas why?

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place
Terraform will perform the following actions:
  # aws_rds_cluster_parameter_group.data_db_parameters will be updated in-place
  ~ resource "aws_rds_cluster_parameter_group" "data_db_parameters" {
        arn         = "arn:aws:rds:ap-southeast-2:111111111111:cluster-pg:dev1-data-persistence-rds-pg"
        description = "Managed by Terraform"
        family      = "aurora-postgresql13"
        id          = "dev1-data-persistence-rds-pg"
        name        = "dev1-data-persistence-rds-pg"
        tags        = {}
        tags_all    = {}
        parameter {
            apply_method = "immediate"
            name         = "rds.force_ssl"
            value        = "1"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "ssl"
          + value        = "1"
        }
    }
Plan: 0 to add, 1 to change, 0 to destroy.

Upvotes: 3

Views: 4230

Answers (3)

Prosenjit Sen
Prosenjit Sen

Reputation: 366

If you do not specify apply_method in TF code, the default method immediate will be used. rds.force_ssl is a static parameter and you need to specify apply_method = "pending-reboot" in TF code.

Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group#apply_method

Upvotes: 3

TBeijen
TBeijen

Reputation: 31

I encountered a similar thing when upgrading Aurora mysql from 5.6 to 5.7: log_output re-appeared in every plan output.

However, the configured value in the default paramater group changed from 5.6 to 5.7 (from TABLE to FILE). I suspect since there was no change, AWS API returns empty, TF state is not updated, repeat forever.

So: In this case removing the parameter from TF code and leave it to the default was the solution.

    # plan output example
    + parameter {
          + apply_method = "immediate"
          + name         = "log_output"
          + value        = "FILE"
        }

Upvotes: 1

Marcin
Marcin

Reputation: 238249

Those ghosts updates are a known, long standing issue, as evidenced by this still open, 3 year old issue on GH without a solution.

You can try updating your TF, as 0.13 is a very old version. You can also setup ignore_changes and try if this helps. If nothing works, then there is not much you can do about that. Its AWS provider and/or TF internal issue.

Upvotes: 3

Related Questions