Terraform-provider-aws: Require final_snapshot_identifier when skip_final_snapshot = false.

Created on 13 Jun 2017 · 10Comments · Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @davecozz as hashicorp/terraform#14449. It was migrated here as part of the provider split. The original body of the issue is below._

Terraform Version

0.9.4

Affected Resource(s)

aws_db_instance
aws_rds_cluster

Expected Behavior

Now that skip_final_snapshot defaults to false it would be nice if final_snapshot_identifier was required when skip_final_snapshot == false.

Actual Behavior

TF currently allows an RDS instance/cluster to be created without specifying any final_snapshot_identifier, which subsequently requires manual intervention when trying to delete the resource:

1 error(s) occurred:

* aws_db_instance.my_aws_db (destroy): 1 error(s) occurred:

* aws_db_instance.my_aws_db: DB Instance FinalSnapshotIdentifier is required when a final snapshot is required

Steps to Reproduce

Create RDS instance using default skip_final_snapshot value (false) without specifying a final_snapshot_identifier attribute.
Attempt to destroy RDS instance.
Log into AWS console and manually delete. :(

bug servicrds

Source

hashibot

👍12

Most helpful comment

+1 This is an issue I have experienced.

madmod on 21 Aug 2017

👍9

All 10 comments

+1 This is an issue I have experienced.

madmod on 21 Aug 2017

👍9

+1 I am experiencing the same issue. Can we expect to have a near term resolution for this?

bansriyar on 3 Oct 2017

I know this is hacky, but to work around this, I had to edit my .tfstate and change it to:

                            "copy_tags_to_snapshot": "false",
                            "skip_final_snapshot": "true",

in order to bypass it.

drmikecrowe on 13 Oct 2017

👍1

Any updates on this issue? I used the solution from @drmikecrowe in the meantime.

brandonawells on 13 Oct 2017

That's correct @drmikecrowe, but in that case you won't have the snapshot. Add "final_snapshot_identifier": "your-finalsnapshot-identifier" below skip_final_snapshot in your tfstate file and the snapshot will be created when you destroy the resource.

jepma on 20 Oct 2017

@jepma I think (but I'm pulling the from memory of several days ago) there's something wonky with the default variables and tfstate: I believe If you set "skip_final_snapshot": "true" then "copy_tags_to_snapshot": "true" was still the default.

When I tried to destroy the test RDS instance, it failed because of the copy_tags_to_snapshot was trying to execute, but I wasn't creating a snapshot.

drmikecrowe on 20 Oct 2017

Ok! In my case I wanted the snapshot but did not provide the identifier. So, the failure popped up. The fix is fairly easy to implement within the Go code so if I have some spare time left this weekend I will try to create a PR.

jepma on 20 Oct 2017

I ran into this too. Didn't need a final snapshot so just manually deleted the cluster via AWS console, then ran terraform destroy to start over again -- seems fine.

jvelonis on 12 Nov 2018

A workaround for this would be to change 'skip_final_snapshot' to true, run 'terraform apply' and _then_ run 'terraform destroy'... It would be good if Terraform took the value from config rather than state for this though!