RDS option group can't delete

[ghost]

This issue was originally opened by @debu99 as hashicorp/terraform#18084. It was migrated here as a result of the provider split. The original body of the issue is below.

---

• module.rds.aws_db_option_group.rds-option-group (destroy): 1 error(s) occurred:

• aws_db_option_group.rds-option-group: Error Deleting DB Option Group: InvalidOptionGroupStateFault: The option group 'rds-5-7-audit-test-test' cannot be deleted because it is in use.
  status code: 400, request id: 16db0e71-751a-497c-9a18-a034631b89fc

actually the rds has already been deleted, but it still can't delete, below is my code
Terraform v0.11.7

resource "aws_db_option_group" "rds-option-group" {
name = "rds-5-7-audit-${lower(var.stage_name)}-${lower(var.environment_name)}"
option_group_description = "MySQL 5.7 Audit Option Group"
engine_name = "mysql"
major_engine_version = "5.7"

option {
option_name = "MARIADB_AUDIT_PLUGIN"

option_settings {
  name  = "SERVER_AUDIT_INCL_USERS"
  value = "root,admin,${random_string.username.result}"
}
option_settings {
  name  = "SERVER_AUDIT_EVENTS"
  value = "QUERY"
}
option_settings {
  name  = "SERVER_AUDIT_FILE_ROTATIONS"
  value = "0"
}

}

tags {
Name = "${var.environment_name} ${var.stage_name} RDS Option Group"
Environment = "${var.environment_name}"
Stage = "${var.stage_name}"
Type = "OptionGroup"
}
}

[avengers009]

If the same option group is used by different resource then we will get this issue, i have no issue on delete, if its only assigned to one resource.

can find the dependency below:
https://www.terraform.io/intro/getting-started/destroy.html

[karnauskas]

The RDS option group is used by final DB snapshot. Terraform doesn't know anything about it. Option group can be removed only when final snapshot is removed.

[baccenfutter]

I still can not destroy the RDS option group even after having deleted the final snapshot on terraform-0.11.8-amd64.

[baccenfutter]

... even after having configured skip_final_snapshot = true in terraform-aws-modules/rds/aws the option group can not be destroyed.

[mattiaperi]

Hi all, I'm in the exactly same baccenfutter condition, even after deleting the final snapshot as well. For the sake of clearness, even via the AWS GUI, I get the same error:

So I would say it's not a Terraform strictly related issue. I contacted AWS support, I keep you posted.
Mattia

[viggy28]

+1 @mattiaperi , don't think its terraform issue.
Same issue on the console too.

[Nareshkg]

Delete options first and try option group.

[mattiaperi]

Hi all, I'm back with AWS feedback.
As far as I could understand, RDS service might take some "system snapshot" that aren't visible to the customer. It seems that these internal RDS snapshots were preventing deletion of the option group as it might take some time to release the association from the option groups after deleting the RDS instance and all the snapshots (at least for those visible to the user).

In my case, I just needed to wait for a couple of days, when I tried again everything went smoothly.

Hope this can help you,
Mattia

[karnauskas]

Couple days.. seems a bit too long.

[mattiaperi]

Hi all, just to be precise: I tried a couple of days later, maybe it was only a matter of minutes/hours, can't say with absolute precision, sorry about that :)
Mattia

[tarpanpathak]

In case this helps:

I had a similar issue when destroying SQL Server Enterprise RDS instances. After waiting for about 30m, I was able to delete the option_group's.

[Constantin07]

v.0.11.10
the option group is deleted successfully only after manually deleting the manual snapshots which have a reference to option group. So it'a a dependency.
It took me 4 mins.
PS: If Amazon stored option group metadata together with snapshot, it wouldn't be a problem.

module.db.module.db_option_group.aws_db_option_group.this: Destroying... (ID: test-db-rds-20181114092554087300000003)
module.db.db_option_group.aws_db_option_group.this: Still destroying... (ID: test-db-rds-20181114092554087300000003, 10s elapsed)
...
module.db.db_option_group.aws_db_option_group.this: Still destroying... (ID: test-db-rds-20181114092554087300000003, 4m0s elapsed)
module.db.module.db_option_group.aws_db_option_group.this: Destruction complete after 4m4s
module.label.null_resource.default: Destroying... (ID: 4234299844036769603)
module.label.null_resource.default: Destruction complete after 0s

[sheelachoudhari]

Any updates on this one please.
I ran into this today with v0.11.11, can't delete/destroy db option group until final snapshot is deleted.

[sushilchaudhari]

Same issue. Unable to destroy option_group though it is not associated with any resource. Is there any way to destroy/skipping it getting to be destroyed?

[chrisminton]

You can attempt to handle it with extended timeouts, not a perfect solution of course: https://www.terraform.io/docs/providers/aws/r/db_option_group.html#timeouts

resource "aws_db_option_group" "options" {
  timeouts {
    delete = "2h"
  }
}

[dspenard]

I manually deleted the associated snapshot and was then able to destroy the option group.

[bhegazy]

Not sure if anyone still have issue with this, I had skip_final_snapshot = true in rds resource then when destroying rds and related resources it works fine but it took around 11 min for option_group to be deleted.

→ terraform version
Terraform v0.12.20

[DownRangeDevOps]

In my case, since I wanted to recreate the RDS instance with the same option group, I just let the destroy fail. Then I imported each option group and re-used them. It was faster than waiting.

[piyat]

I hit this one today trying to rename some rds instances in console (tf can't do it) and reflect those changes in my tf configuration/state. Not convinced there's much that can be done from terraform side.

For instances with no snapshots (no final snapshot, no auto backups) terraform timed out trying to delete option group (it also errored from AWS CLI) on tf apply (where it wanted to -/+ my option_group).

The workaround was to switch option group to the default for my db engine, wait for instance modification to complete (about 5 minutes - realise this is fraught) and then terraform was able to recreate the OG.

In a different instance, where I had auto backup enabled. I tried to preempt the error by switching my instance to use the default option group before running destroy. RDS auto backups are also linked to option group, so the delete still failed.

Spoke to AWS RDS support, and my only option was to disable backups, change option group, enable backups.

Yikes.

[nick4fake]

Unfortunately this bug can not be fixed on the Terraform side. This is a well-known issue with RDS service itself: DB takes some system snapshots that you can't manage or delete. The only solution is to wait for hours/days for it to be automatically deleted. I suggest closing this one as there is literally no solution that could be made on Terraform side except possibly adding some information to the documentation,

[mattiaperi]

I agree with @nick4fake, but adding information documention side would be very helpful IMHO.

[breathingdust]

Going to close this as it doesn't seem resolvable on the provider side.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.