Terraform-provider-aws: FinalSnapshotIdentifier is required when a final snapshot is required

Created on 21 Jun 2018 · 12Comments · Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @ujjwalGargFS as hashicorp/terraform#18285. It was migrated here as a result of the provider split. The original body of the issue is below._

Terraform Version

Terraform v0.11.7
+ provider.aws v1.22.0

Terraform Configuration Files

resource "aws_rds_cluster" "aurora-cluster-ci" {
  cluster_identifier        = "aurora-cluster-ci"
  engine                    = "aurora-mysql"
  availability_zones        = ["us-east-1a", "us-east-1b", "us-east-1c"]
  database_name             = "${var.rds_dbname}"
  master_username           = "${var.rds_username}"
  master_password           = "${var.rds_password}"
  backup_retention_period   = 5
  engine_version            = "5.7.16"
  preferred_backup_window   = "07:00-09:00"
  apply_immediately         = true
  final_snapshot_identifier = "ci-aurora-cluster-backup"
  skip_final_snapshot       = true
}

Debug Output

1 error(s) occurred:

* aws_rds_cluster.aurora-cluster-ci (destroy): 1 error(s) occurred:

* aws_rds_cluster.aurora-cluster-ci: RDS Cluster FinalSnapshotIdentifier is required when a final snapshot is required

Crash Output

Expected Behavior

"aurora-cluster-ci" should get destroyed

Actual Behavior

Steps to Reproduce

Additional Context

References

servicrds upstream-terraform

Source

hashibot[bot]

👍28

Most helpful comment

In my case I had to manually edit the .tfstate file and set "skip_final_snapshot" to true. Then it worked.

chuleh on 27 Jul 2019

👍25 ❤3

All 12 comments

Hi @ujjwalGargFS 👋 Sorry you ran into unexpected behavior here.

Was the skip_final_snapshot attribute changed at the same time as the resource deletion? If so, does it work if you apply that change first, then try deleting the resource?

bflad on 21 Jun 2018

👍3

This error occurs, when we don't include this "final_snapshot_identifier" when you build.

delete it manually, and try build with "final_snapshot_identifier = foo" and destroy, it works for me.

avengers009 on 21 Jun 2018

👍5

avengers009 on 21 Jun 2018

Given the sharp edges in RDS w.r.t. snapshots, maybe final_snapshot_identifier should just be required, with a note that you have to fill it in even if skip_final_snapshot is ever set true ?

lkd on 14 Aug 2018

👍18

Somewhat related to this. In the documentation, it says that when final_snapshot_identifier is omitted no final snapshot will be made. However, that is not the case since I get the same issue on delete when I omit it.

Jonathan-7 on 14 Sep 2018

👍19

During the creation of RDS instance, if any kind of error happened (for example: failed to set the engine version), the attribute skip_final_snapshot is not written in the terraform state, which will cause annoying issue when running terraform destroy. It's really a critical issue for our automation script as we want all partial-update resources must be cleaned up in case of failures.

dohoangkhiem on 4 Jan 2019

The workaround that worked in my case was to set the skip_final_snapshot argument to true - one can set this after creating the DB instance - apply the change and then delete the instance.

futtetennista on 2 May 2019

👍8

I just came across this issue and although I find it relatively simple to workaround just like @futtetennista mentioned, I think it could be easily avoided. According to aws_db_instance documentation the valueskip_final_snapshot is by default set to false, which means a snapshot will be created, therefore it will require a name. Couple of improvement ideas come to my mind: 1) Make skip_final_snapshot a required value. Even though it seems confusing the value is optional but mandatory when it comes to destroy the resource, I believe it has more to do with how AWS is designed to work rather than how Terraform works. 2) Document this behavior in the resource documentation and explain that AWS is expecting this values to be present when the resources will be deleted.

HebertCL on 21 May 2019

👍7

Just hit this - is it possible to make it so 'skip_final_snapshot' can be changed as part of a destroy, and that it doesn't need applying first? Or is this just intended/expected behaviour?

edmundcraske on 29 May 2019

So an easy way I got around this was to set 'skip_final_snapshot' = true and apply the change to the rds cluster. Once the change applied, I then deleted the rds cluster and added the updated changes I wanted to make to the cluster.