Terraform-provider-aws: RDS option group can't delete

Created on 20 May 2018  Â·  19Comments  Â·  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @debu99 as hashicorp/terraform#18084. It was migrated here as a result of the provider split. The original body of the issue is below._

  • module.rds.aws_db_option_group.rds-option-group (destroy): 1 error(s) occurred:

  • aws_db_option_group.rds-option-group: Error Deleting DB Option Group: InvalidOptionGroupStateFault: The option group 'rds-5-7-audit-test-test' cannot be deleted because it is in use.
    status code: 400, request id: 16db0e71-751a-497c-9a18-a034631b89fc

actually the rds has already been deleted, but it still can't delete, below is my code
Terraform v0.11.7

resource "aws_db_option_group" "rds-option-group" {
name = "rds-5-7-audit-${lower(var.stage_name)}-${lower(var.environment_name)}"
option_group_description = "MySQL 5.7 Audit Option Group"
engine_name = "mysql"
major_engine_version = "5.7"

option {
option_name = "MARIADB_AUDIT_PLUGIN"

option_settings {
  name  = "SERVER_AUDIT_INCL_USERS"
  value = "root,admin,${random_string.username.result}"
}
option_settings {
  name  = "SERVER_AUDIT_EVENTS"
  value = "QUERY"
}
option_settings {
  name  = "SERVER_AUDIT_FILE_ROTATIONS"
  value = "0"
}

}

tags {
Name = "${var.environment_name} ${var.stage_name} RDS Option Group"
Environment = "${var.environment_name}"
Stage = "${var.stage_name}"
Type = "OptionGroup"
}
}

bug servicrds upstream
Source
picture hashibot[bot]
👍13

Most helpful comment

The RDS option group is used by final DB snapshot. Terraform doesn't know anything about it. Option group can be removed only when final snapshot is removed.

picture karnauskas on 16 Aug 2018
👍7

All 19 comments

If the same option group is used by different resource then we will get this issue, i have no issue on delete, if its only assigned to one resource.

can find the dependency below:
https://www.terraform.io/intro/getting-started/destroy.html

avengers009 picture avengers009 on 21 Jun 2018

The RDS option group is used by final DB snapshot. Terraform doesn't know anything about it. Option group can be removed only when final snapshot is removed.

karnauskas picture karnauskas on 16 Aug 2018
👍7

I still can not destroy the RDS option group even after having deleted the final snapshot on terraform-0.11.8-amd64.

baccenfutter picture baccenfutter on 13 Sep 2018
👍4

... even after having configured skip_final_snapshot = true in terraform-aws-modules/rds/aws the option group can not be destroyed.

baccenfutter picture baccenfutter on 13 Sep 2018
👍6

Hi all, I'm in the exactly same baccenfutter condition, even after deleting the final snapshot as well. For the sake of clearness, even via the AWS GUI, I get the same error:

schermata 2018-09-19 alle 09 52 18

So I would say it's not a Terraform strictly related issue. I contacted AWS support, I keep you posted.
Mattia

mattiaperi picture mattiaperi on 19 Sep 2018
😕1

+1 @mattiaperi , don't think its terraform issue.
Same issue on the console too.

viggy28 picture viggy28 on 4 Oct 2018

Delete options first and try option group.

Nareshkg picture Nareshkg on 5 Oct 2018

Hi all, I'm back with AWS feedback.
As far as I could understand, RDS service might take some "system snapshot" that aren't visible to the customer. It seems that these internal RDS snapshots were preventing deletion of the option group as it might take some time to release the association from the option groups after deleting the RDS instance and all the snapshots (at least for those visible to the user).

In my case, I just needed to wait for a couple of days, when I tried again everything went smoothly.

Hope this can help you,
Mattia

mattiaperi picture mattiaperi on 5 Oct 2018
😄6 😕3

Couple days.. seems a bit too long.

karnauskas picture karnauskas on 5 Oct 2018
👎7 👍3

Hi all, just to be precise: I tried a couple of days later, maybe it was only a matter of minutes/hours, can't say with absolute precision, sorry about that :)
Mattia

mattiaperi picture mattiaperi on 5 Oct 2018
👍3

In case this helps:

I had a similar issue when destroying SQL Server Enterprise RDS instances. After waiting for about 30m, I was able to delete the option_group's.

tarpanpathak picture tarpanpathak on 11 Oct 2018

v.0.11.10
the option group is deleted successfully only after manually deleting the manual snapshots which have a reference to option group. So it'a a dependency.
It took me 4 mins.
PS: If Amazon stored option group metadata together with snapshot, it wouldn't be a problem.

module.db.module.db_option_group.aws_db_option_group.this: Destroying... (ID: test-db-rds-20181114092554087300000003)
module.db.db_option_group.aws_db_option_group.this: Still destroying... (ID: test-db-rds-20181114092554087300000003, 10s elapsed)
...
module.db.db_option_group.aws_db_option_group.this: Still destroying... (ID: test-db-rds-20181114092554087300000003, 4m0s elapsed)
module.db.module.db_option_group.aws_db_option_group.this: Destruction complete after 4m4s
module.label.null_resource.default: Destroying... (ID: 4234299844036769603)
module.label.null_resource.default: Destruction complete after 0s
Constantin07 picture Constantin07 on 14 Nov 2018
👍1

Any updates on this one please.
I ran into this today with v0.11.11, can't delete/destroy db option group until final snapshot is deleted.

sheelachoudhari picture sheelachoudhari on 29 Apr 2019

Same issue. Unable to destroy option_group though it is not associated with any resource. Is there any way to destroy/skipping it getting to be destroyed?

sushilchaudhari picture sushilchaudhari on 29 May 2019
👍4

You can attempt to handle it with extended timeouts, not a perfect solution of course: https://www.terraform.io/docs/providers/aws/r/db_option_group.html#timeouts

resource "aws_db_option_group" "options" {
  timeouts {
    delete = "2h"
  }
}
chrisminton picture chrisminton on 15 Aug 2019

I manually deleted the associated snapshot and was then able to destroy the option group.

dspenard picture dspenard on 12 Dec 2019

Not sure if anyone still have issue with this, I had skip_final_snapshot = true in rds resource then when destroying rds and related resources it works fine but it took around 11 min for option_group to be deleted.

→ terraform version
Terraform v0.12.20
bhegazy picture bhegazy on 11 Feb 2020
👍2

In my case, since I wanted to recreate the RDS instance with the same option group, I just let the destroy fail. Then I imported each option group and re-used them. It was faster than waiting.

techfishio picture techfishio on 19 Feb 2020
👍2 😄1

I hit this one today trying to rename some rds instances in console (tf can't do it) and reflect those changes in my tf configuration/state. Not convinced there's much that can be done from terraform side.

For instances with no snapshots (no final snapshot, no auto backups) terraform timed out trying to delete option group (it also errored from AWS CLI) on tf apply (where it wanted to -/+ my option_group).

The workaround was to switch option group to the default for my db engine, wait for instance modification to complete (about 5 minutes - realise this is fraught) and then terraform was able to recreate the OG.

In a different instance, where I had auto backup enabled. I tried to preempt the error by switching my instance to use the default option group before running destroy. RDS auto backups are also linked to option group, so the delete still failed.

Spoke to AWS RDS support, and my only option was to disable backups, change option group, enable backups.

Yikes.

piyat picture piyat on 2 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

andywirv picture andywirv  Â·  3Comments
ccslamstack picture ccslamstack  Â·  3Comments
reedloden picture reedloden  Â·  3Comments
EmmN picture EmmN  Â·  3Comments
gothrek22 picture gothrek22  Â·  3Comments