Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't create RDS from snapshot when using shared subnet #9303

Open
zilman opened this issue Jul 10, 2019 · 7 comments
Open

Can't create RDS from snapshot when using shared subnet #9303

zilman opened this issue Jul 10, 2019 · 7 comments

Comments

@zilman
Copy link

@zilman zilman commented Jul 10, 2019

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.14
provider.aws v2.10.0-v2.18.0

Terraform Configuration Files

resource "aws_db_instance" "default" {
  // allocated_storage      = "20"
  // engine                 = "mysql"
  // engine_version         = "5.6"
  identifier             = "main"
  snapshot_identifier    = "dev-baseline-auto"
  instance_class         = "db.t2.small"
  skip_final_snapshot    = true
  storage_encrypted      = false
  publicly_accessible    = false

  vpc_security_group_ids = ["${aws_security_group.rds.id}"]
  db_subnet_group_name   = "${aws_db_subnet_group.rds.name}"
}

Debug Output

2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/07/10 16:15:14 [DEBUG] DB Instance restore from snapshot configuration: {
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   AutoMinorVersionUpgrade: true,
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   CopyTagsToSnapshot: false,
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   DBInstanceClass: "db.t2.small",
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   DBInstanceIdentifier: "main",
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   DBSnapshotIdentifier: "dev-baseline-auto",
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   DBSubnetGroupName: "rds_main",
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   DeletionProtection: false,
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   Engine: "mysql",
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   PubliclyAccessible: false,
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   Tags: []
2019-07-10T16:15:14.775+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: }
2019-07-10T16:15:14.776+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/07/10 16:15:14 [DEBUG] [aws-sdk-go] DEBUG: Request rds/RestoreDBInstanceFromDBSnapshot Details:
2019-07-10T16:15:14.776+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Action=RestoreDBInstanceFromDBSnapshot&AutoMinorVersionUpgrade=true&CopyTagsToSnapshot=false&DBInstanceClass=db.t2.small&DBInstanceIdentifier=main&DBSnapshotIdentifier=dev-baseline-auto&DBSubnetGroupName=rds_main&DeletionProtection=false&Engine=mysql&PubliclyAccessible=false&Tags=&Version=2014-10-31
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/07/10 16:15:16 [DEBUG] [aws-sdk-go] <ErrorResponse xmlns="http://rds.amazonaws.com/doc/2014-10-31/">
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   <Error>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:     <Type>Sender</Type>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:     <Code>InvalidParameterValue</Code>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:     <Message>The specified VPC vpc-064827fe944738b6a is a shared VPC, please explicitly provide an EC2 security group.</Message>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   </Error>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:   <RequestId>5768d5de-65a5-4c6c-8e8b-9e8e52ba9c13</RequestId>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: </ErrorResponse>
2019-07-10T16:15:16.385+0200 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/07/10 16:15:16 [DEBUG] [aws-sdk-go] DEBUG: Validate Response rds/RestoreDBInstanceFromDBSnapshot failed, not retrying, error InvalidParameterValue: 

Expected Behavior

An RDS instance should have been created from the specified snapshot.

Actual Behavior

Failed to create.

Steps to Reproduce

Create a VPC and three subnets in account A
Share subnets with account B (via AWS RAM)

Create Subnet Group (aws_db_subnet_group) referencing the three shared subnets in account B
Create Security Group in account B

Create RDS from snapshot in account B - Fails
Create RDS in account B without referencing a snapshot - Works

Important Factoids

This is a multi-account setup using shared VPC resources via AWS RAM (https://docs.aws.amazon.com/ram/latest/userguide/getting-started-shared.html).

Temporary Workaround

Adding provider = "aws.vpc" and creating the aws_security_group, aws_db_subnet_group, and aws_db_instance in account A (the account where the VPC was created and the subnets are shared from) works.

All of that should be equally possible in account B and this is rather suboptimal.

Additional Info

Creating the RDS from snapshot in account B by hand works as expected, so we can establish this is possible.

In the debug logs the requests generated are identical when attempting to create the resources in account B or A but with A it simply succeeds with no errors.

@deuscapturus

This comment has been minimized.

Copy link

@deuscapturus deuscapturus commented Oct 9, 2019

Ran into the same issue.

@mvillumsen

This comment has been minimized.

Copy link

@mvillumsen mvillumsen commented Oct 28, 2019

This is still an issue in version 2.33.0 of the AWS provider (using Terraform v0.12.10) when using the terraform-aws-rds-aurora module (i.e. when creating an aws_rds_cluster_instance).

@Schinjo

This comment has been minimized.

Copy link

@Schinjo Schinjo commented Oct 30, 2019

+1 when using terraform-aws-modules/rds/aws
version = "2.5.0"

@bailantilles7

This comment has been minimized.

Copy link

@bailantilles7 bailantilles7 commented Nov 5, 2019

+1 when using terraform-aws-modules/rds/aws or the rds_instance resource

@ijaveed

This comment has been minimized.

Copy link

@ijaveed ijaveed commented Dec 10, 2019

+1 Terraform v0.11.7 Are there any timelines when this will be fixed?

@msmagoo87

This comment has been minimized.

Copy link

@msmagoo87 msmagoo87 commented Jan 9, 2020

+1 I just ran in to this issue myself.
Terraform v0.12.13 + provider.aws v2.31.0

Is there a fix in the works?

@jamengual

This comment has been minimized.

Copy link

@jamengual jamengual commented Jan 9, 2020

please fix :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can鈥檛 perform that action at this time.