aws_db_instance resource used in module results in forcing new resource

[shanewarner]

Summary:

Using aws_db_instance within a module that has variable inputs such as availability_zone, username, and others that have a default value of "", results in a new resource being forced on the omitted option.

Previously, supplying a default variable value of "" would cause terraform to omit the option in the resource if it is not passed into the module.

Terraform Version

0.11

Provider Version

v1.3.0 and above

Affected Resource(s)

aws_db_instance when used in a module with optional defaults using variables and blank defaults

Terraform Configuration Files

Module main.tf:

resource "aws_db_instance" "rds_instance" {
  apply_immediately = "${var.apply_immediately}"
  availability_zone = "${var.rds_availability_zone}"
  allocated_storage = "${var.rds_allocated_storage}"
  backup_retention_period = "${var.backup_retention_period}"
  backup_window = "${var.rds_backup_window}"
  db_subnet_group_name = "${var.db_subnet_group_name}"
  engine = "${var.rds_engine_type}"
  engine_version = "${var.rds_engine_version}"
  identifier = "${var.rds_identifier}"
  instance_class = "${var.rds_instance_class}"
  iops = "${var.rds_iops}"
  license_model = "${var.rds_license_model}"
  maintenance_window = "${var.rds_maintenance_window}"
  multi_az = "${var.rds_is_multi_az}"
  name = "${var.rds_name}"
  option_group_name = "${var.db_option_group}"
  parameter_group_name = "${var.db_parameter_group}"
  password = "${var.rds_password}"
  username = "${var.rds_username}"
  snapshot_identifier = "${var.rds_source_snapshot}"
  storage_type = "${var.rds_storage_type}"
  vpc_security_group_ids = ["${split(",",var.rds_security_group_ids)}"]
  copy_tags_to_snapshot = true

  skip_final_snapshot = "${var.skip_final_snapshot}"
  final_snapshot_identifier = "${length(var.final_snapshot_identifier) > 0 ? 
  var.final_snapshot_identifier : "${var.rds_identifier}-final"}"
}

Module variables.tf:

variable "rds_identifier" {}
variable "rds_iops" { default = 0 }
variable "rds_license_model" { default = "general-public-license"}
variable "rds_is_multi_az" {
    default = "false"
}

variable "rds_storage_type" {
    default = "gp2"
}

variable "rds_allocated_storage" { default = "25"}
variable "rds_availability_zone" { default = "" }
variable "rds_engine_type" { default = "" }
variable "rds_engine_version" { default = "" }
variable "rds_instance_class" {}
variable "rds_name" { default = "" }
variable "rds_password" { default = "" }
variable "rds_security_group_ids" {}
variable "rds_source_snapshot" { default = "" }
variable "rds_username" { default = "" }
variable "db_subnet_group_name" {}

variable "backup_retention_period" {
  default = "35"
}

variable "db_option_group" {
  default = ""
}

variable "db_parameter_group" {
  default = ""
}

variable "setup_dns_alias" { default = 0 }
variable "zone_id" { default = "" }

variable "rds_maintenance_window" { default = "SAT:09:00-SAT:11:00" }
variable "rds_backup_window" { default = "07:00-08:00" }

variable "skip_final_snapshot" { default = false }
variable "final_snapshot_identifier" { default = "" }

Module invocation somewhere else:

module "some_rds" {
  source                 = "../../module-rds"
  apply_immediately      = true
  rds_identifier         = "some-rds-server"
  db_subnet_group_name   = "${aws_db_subnet_group.master_db_subnet_group.name}"
  rds_allocated_storage  = "20"
  rds_engine_type        = "oracle-se2"
  rds_instance_class     = "db.m4.xlarge"
  rds_is_multi_az        = true
  rds_license_model      = "license-included"
  rds_security_group_ids = "${module.some_sg.sg_id}"
  db_parameter_group     = "${aws_db_parameter_group.some_rds.id}"
}

Expected Behavior

On aws provider v1.2.0, this would work perfectly fine with an existing rds server provisioned using the module shown above with the optional variable inputs omitted and their respective defaults of "". It does not work on versions above this in our testing.

Actual Behavior

Terraform wants to force new resource on the aws_db_instance due to optional inputs into the module being omitted. It would seem that the previously working defaults in variables.tf posted above are no longer working and a default value of "" is no longer sufficient and is causing a diff.

Steps to Reproduce

1. terraform plan -target module.some_rds.rds_instance

Terraform will perform the following actions:

-/+ module.some_rds.aws_db_instance.rds_instance (new resource required)
      id:                                "some_rds" => <computed> (forces new resource)
...........
      availability_zone:                 "us-west-2a" => <computed> (forces new resource)
...........
      name:                              "some_name" => <computed> (forces new resource)
...........
      username:                          "some_user" => <computed> (forces new resource)
..........
Plan: 1 to add, 0 to change, 1 to destroy.

References

I believe this to be the same issue as reported here:
hashicorp/terraform#16724

[grzegorzlisowski]

I think it is also related to this issue:

2348

[apparentlymart]

Hi @shanewarner! Sorry for this odd behavior.

This seems like the same thing as #2468, though when I replied there it wasn't clear that this was a regression in AWS provider v1.3.0. Indeed with that extra fact in play I think both of these issues are the same as #2348, caused by a change to the provider framework that was adopted for the AWS provider in v1.3.0.

With that said, I'm going to close this consolidate the discussion into #2348. I'll add some additional notes there to capture a summary of what you reported here. Thanks for reporting this!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!