Cannot destroy aws_db_proxy_target: InvalidParameterCombination error

[seanfdnn]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.15.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.66.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

Affected Resource(s)

• aws_db_proxy_target

Terraform Configuration Files

resource "aws_db_proxy" "this" {
  name                   = module.db_proxy_label.id
  debug_logging          = false
  engine_family          = "POSTGRESQL"
  idle_client_timeout    = 1800
  require_tls            = true
  role_arn               = aws_iam_role.role_for_db_proxy.arn
  vpc_security_group_ids = [aws_security_group.db_clients.id]
  vpc_subnet_ids         = data.aws_db_subnet_group.this.subnet_ids

  auth {
    auth_scheme = "SECRETS"
    description = module.db_proxy_label.id
    iam_auth    = "REQUIRED"
    secret_arn  = aws_secretsmanager_secret.rds_auth_for_lambda_db_proxy.arn
  }
}

resource "aws_db_proxy_default_target_group" "default" {
  db_proxy_name = aws_db_proxy.this.name

  connection_pool_config {
    connection_borrow_timeout    = 120
    max_connections_percent      = 100
    max_idle_connections_percent = 50
    session_pinning_filters      = ["EXCLUDE_VARIABLE_SETS"]
  }
}

resource "aws_db_proxy_target" "default" {
  db_instance_identifier = aws_rds_cluster.this.id
  db_proxy_name          = aws_db_proxy.this.name
  target_group_name      = aws_db_proxy_default_target_group.default.name
}

Debug Output

module.database.aws_db_proxy_target.default: Destroying... [redacted/default/TRACKED_CLUSTER/redacted-prod-db]
╷
│ Error: Error deregistering DB Proxy target: InvalidParameterCombination: Must specify either DB instance identifier or DB cluster identifier, not both.
│ 	status code: 400,

Expected Behavior

The aws_db_proxy resource was destroyed successfully.

Actual Behavior

Destruction failed with InvalidParameterCombination. Presumably the provider is providing both the instance and DB cluster identifier, which AWS rejects as it only expects one or the other.

Steps to Reproduce

1. terraform apply
2. terraform destroy

Important Factoids

Target group is an Aurora cluster; [id=redacted/default/TRACKED_CLUSTER/redacted-prod-db]

References

https://docs.aws.amazon.com/cli/latest/reference/rds/deregister-db-proxy-targets.html

[seanfdnn]

Same error occurs with most recent versions:

Terraform v1.0.11
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.68.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

[jorenvh1]

Any update or workaround for this one? I get the same error with provider version 5.26.0 when I try to remove an rds proxy instance