New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Cannot use manage master password in Secrets Manager when creating RDS from snapshot #31509
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
Hey @jarten-mlg 👋 Thank you for taking the time to raise this! So that we have the necessary information in order to look into this, can you supply a sample Terraform configuration as well as debug logs (redacted as needed)? |
Hi @justinretzolk, there aren't debug logs as there no errors, however I have this snippet below that shows the resource I am creating from the RDS snapshot, however you follow the steps listed in the description you should be able to recreate the same output: resource "aws_db_instance" "rds_01" {
identifier = "rds-01"
instance_class = "db.t3.micro"
#allocated_storage = 200
storage_type = "gp2"
#max_allocated_storage = 1000
#engine = "mysql"
#engine_version = "8.0.32"
storage_encrypted = true
auto_minor_version_upgrade = true
backup_retention_period = "7"
copy_tags_to_snapshot = true
delete_automated_backups = true
manage_master_user_password = true
snapshot_identifier = "rds-test1"
db_subnet_group_name = aws_db_subnet_group.rds_db_subnet_group.name
availability_zone = "us-east-1a"
vpc_security_group_ids = [aws_security_group_rds.id]
multi_az = false
parameter_group_name = "default.mysql8.0"
publicly_accessible = false
skip_final_snapshot = true
iam_database_authentication_enabled = true
tags = merge(var.tags, {Name = "rds-01"})
} |
My Process:
Terraform State File
AWS Configuration ()
|
Anyone have an update on this issue? |
The resourceInstanceCreate function when creating from a snapshot does not appear to include checking manage_master_user_password & master_user_secret_kms_key_id to add changes as a ModifyDb action after the restore from snapshot action as it does when creating from a replica source db. |
This functionality has been released in v5.22.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Core Version
1.3.9
AWS Provider Version
4.64.0
Affected Resource(s)
aws_db_instance
Expected Behavior
When using:
manage_master_user_password = true
to store the RDS password in secrets manager when restoring from a snapshot:
snapshot_identifier = "snapshot-name"
Actual Behavior
The RDS instance will be created from the snapshot but still use the original password from the snapshot.
If I comment out the line:
manage_master_user_password = true
do a terraform apply, and then uncomment the line, and terraform apply again, THEN it will store the credentials in secrets manager.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
manage_master_user_password = true
snapshot_identifier = "rds-test1"
Steps to Reproduce
The RDS instance will be created from the snapshot but still use the original password from the snapshot.
If I comment out the line:
manage_master_user_password = true
do a terraform apply, and then uncomment the line, and terraform apply again, THEN it will store the credentials in secrets manager.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: