AWS RDS - Restoring from snapshot doesn't set username & password

[heimweh]

Hi,

I just created a new RDS instance based off a snapshot but couldn't access the DB using the username and password after a successful restore.

I guess for the restore we're using RestoreDBInstanceFromDBSnapshotInput thus we have no way of passing the credentials there so in order for it to work it would have to be followed by a ModifyDBInstanceInput I guess?

Sorry for the slightly weird use case 😃

If you need any more information just let me know.

Terraform Version

0.7.2

Affected Resource(s)

Please list the resources as a list, for example:

• aws_db_instance

Terraform Configuration Files

resource "aws_db_instance" "main" {
  engine                      = "mysql"
  apply_immediately           = true
  skip_final_snapshot         = false
  engine_version              = "${var.engine_version}"
  backup_retention_period     = "${var.backup_retention_period}"
  port                        = "${var.port}"
  publicly_accessible         = "${var.publicly_accessible}"
  auto_minor_version_upgrade  = "${var.auto_minor_version_upgrade}"
  allow_major_version_upgrade = "${var.allow_major_version_upgrade}"
  name                        = "${var.db_name}"
  allocated_storage           = "${var.allocated_storage}"
  instance_class              = "${var.instance_type}"
  storage_type                = "${var.storage_type}"
  final_snapshot_identifier   = "${var.name}-db-final-snapshot"
  username                    = "${var.master_username}"
  password                    = "${var.master_password}"
  iops                        = "${var.iops}"
  multi_az                    = "${var.multi_az}"
  db_subnet_group_name        = "${aws_db_subnet_group.main.id}"
  vpc_security_group_ids      = ["${aws_security_group.main.id}"]
  snapshot_identifier         = "${var.snapshot_identifier}"
}

Debug Output

+ module.rds.aws_db_instance.main
    address:                     "<computed>"
    allocated_storage:           "1000"
    allow_major_version_upgrade: "true"
    apply_immediately:           "true"
    arn:                         "<computed>"
    auto_minor_version_upgrade:  "true"
    availability_zone:           "<computed>"
    backup_retention_period:     "7"
    backup_window:               "<computed>"
    character_set_name:          "<computed>"
    copy_tags_to_snapshot:       "false"
    db_subnet_group_name:        "${aws_db_subnet_group.main.id}"
    endpoint:                    "<computed>"
    engine:                      "mysql"
    engine_version:              "5.6.23"
    final_snapshot_identifier:   "test-db-final-snapshot"
    identifier:                  "<computed>"
    instance_class:              "db.m4.large"
    iops:                        "0"
    kms_key_id:                  "<computed>"
    license_model:               "<computed>"
    maintenance_window:          "<computed>"
    monitoring_interval:         "0"
    monitoring_role_arn:         "<computed>"
    multi_az:                    "false"
    name:                        "mydatabase"
    option_group_name:           "<computed>"
    parameter_group_name:        "<computed>"
    password:                    "<sensitive>"
    port:                        "3306"
    publicly_accessible:         "false"
    replicas.#:                  "<computed>"
    skip_final_snapshot:         "false"
    snapshot_identifier:         "arn:aws:rds:us-east-1:xxxxxxxxxxxx:snapshot:mysnapshot"
    status:                      "<computed>"
    storage_type:                "gp2"
    username:                    "xxx"
    vpc_security_group_ids.#:    "<computed>"

Expected Behavior

When restoring from a snapshot and explicitly passing the username and password arguments I would expect that Terraform should alter the username & password when the instance is available.
This works in CloudFormation.

It's true that it's an optional argument when restoring from a snapshot but it seems like it's being completely ignored in this case. I might be wrong though.

Actual Behavior

Seems like username & password argument is being completely ignored when restoring from a snapshot.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Important Factoids

• Restoring from a shared snapshot from another account
• Actually hitting the 40min timeout when creating the DB, probably not related though

Workaround

For now it seems to be able to work around this by modifying the password and running terraform apply again.

References

• AWS RDS provisioning times out #5831 - RDS timeout issue

[sharmaansh21]

@heimweh Hi i looked into go sdk and i don't think we can update username https://github.com/aws/aws-sdk-go/blob/master/service/rds/api.go#L12164-L12285
but yes update password is possible. I will send a PR for this 👍

[heimweh]

@optimisticanshul Hi, ah yeah that makes sense :) sorry, yeah I was mostly interested in the password change. Awesome! Huge thanks for taking this on so quickly! :)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.