Terraform-provider-aws: Prevent modification of backup plan rule.schedule

Created on 22 May 2019  ·  7Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

v0.11.14

Affected Resource(s)

  • aws_backup_plan

Terraform Configuration Files

resource "aws_backup_plan" "this" {
  name = "${var.backup_plan_name}"

  rule = {
    rule_name         = "${var.backup_rule_name}"
    target_vault_name = "${aws_backup_vault.this.name}"
    schedule          = "${var.backup_schedule}" //Example cron(10 12 * * ? *)
    start_window      = "${var.minutes_to_start}" 
    completion_window = "${var.minutes_to_complete}" 
    lifecycle         = {
      cold_storage_after = "${var.cold_storage_after_days}"  
      delete_after = "${var.delete_after_days}"
    }
    recovery_point_tags = {
      BackupType = "${var.backup_type_tag}"
      Enviroment = "${var.enviroment_tag}"
    }
  }
}

Debug Output

Panic Output

1 error occurred:
* module.aws-backup.aws_backup_plan.this: 1 error occurred:
* aws_backup_plan.this: error updating Backup Plan: InvalidParameter: 2 validation error(s) found.
- missing required field, UpdateBackupPlanInput.BackupPlan.Rules[0].RuleName.
- missing required field, UpdateBackupPlanInput.BackupPlan.Rules[0].TargetBackupVaultName.

Expected Behavior

The schedule settings should've changed with the configuration that originally created the schedule.

Actual Behavior

The updated schedule does not get applied.

Steps to Reproduce

Create a backup plan with a set schedule. Once created and deployed, change the schedule by adding a minute or changing the hour.

  1. terraform apply

Important Factoids

  • backups fetch resources by tags
  • IAM role has both managed policies for backup and restore

    References

  • #0000
bug servicbackup
Source
picture carlospgarciat
👍6

All 7 comments

I am also running into this bug. My workaround is to manually remove the plan and have terraform recreate it.

Terraform v0.11.14
+ provider.aws v2.13.0
querry43 picture querry43 on 5 Jun 2019

Also getting this. Changing from:

resource "aws_backup_plan" "advanced" {
  name = "${var.environment}-Advanced"

  rule {
    rule_name         = "Daily"
    target_vault_name = "${aws_backup_vault.advanced.id}"
    schedule          = "cron(0 5 ? * 1-5,7 *)"
    start_window      = 60
    completion_window = 360

    recovery_point_tags = {
      BackupRule  = "Daily"
      BackupVault = "${aws_backup_vault.advanced.id}"
      Environment = "${var.environment}"
    }

    lifecycle {
      delete_after = 7
    }
  }

  rule {
    rule_name         = "Weekly"
    target_vault_name = "${aws_backup_vault.advanced.id}"
    schedule          = "cron(0 5 ? * 6 *)"
    start_window      = 60
    completion_window = 3600

    recovery_point_tags = {
      BackupRule  = "Weekly"
      BackupVault = "${aws_backup_vault.advanced.id}"
      Environment = "${var.environment}"
    }

    lifecycle {
      cold_storage_after = 60
      delete_after       = 180
    }
  }

  tags = {
    BackupPlan      = "${var.environment}-Advanced"
    Environment     = "${var.environment}"
    ServiceProvider = "Rackspace"
    Terraform       = "true"
  }
}

To:

resource "aws_backup_plan" "advanced" {
  name = "${var.environment}-Advanced"

  rule {
    rule_name         = "Daily"
    target_vault_name = "${aws_backup_vault.advanced.id}"
    schedule          = "cron(0 2 ? * 1-5,7 *)" # CHANGE HERE
    start_window      = 60
    completion_window = 360

    recovery_point_tags = {
      BackupRule  = "Daily"
      BackupVault = "${aws_backup_vault.advanced.id}"
      Environment = "${var.environment}"
    }

    lifecycle {
      delete_after = 7
    }
  }

  rule {
    rule_name         = "Weekly"
    target_vault_name = "${aws_backup_vault.advanced.id}"
    schedule          = "cron(0 2 ? * 6 *)" # CHANGE HERE
    start_window      = 60
    completion_window = 3600

    recovery_point_tags = {
      BackupRule  = "Weekly"
      BackupVault = "${aws_backup_vault.advanced.id}"
      Environment = "${var.environment}"
    }

    lifecycle {
      cold_storage_after = 60
      delete_after       = 180
    }
  }

  tags = {
    BackupPlan      = "${var.environment}-Advanced"
    Environment     = "${var.environment}"
    ServiceProvider = "Rackspace"
    Terraform       = "true"
  }
}

Results in:

Error: Error applying plan:

2 error(s) occurred:

* aws_backup_plan.advanced: 1 error(s) occurred:

* aws_backup_plan.advanced: error updating Backup Plan: InvalidParameter: 2 validation error(s) found.
- missing required field, UpdateBackupPlanInput.BackupPlan.Rules[0].RuleName.
- missing required field, UpdateBackupPlanInput.BackupPlan.Rules[0].TargetBackupVaultName.

Terraform v0.11.13
+ provider.aws v2.13.0

UPDATE: on a more basic example this doesn't appear to happen.

This:

resource "aws_backup_plan" "basic" {
  name = "${var.environment}-Basic"

  rule {
    rule_name         = "Daily"
    target_vault_name = "${aws_backup_vault.basic.id}"
    schedule          = "cron(0 5 ? * * *)"
  }
}

To this:

resource "aws_backup_plan" "basic" {
  name = "${var.environment}-Basic"

  rule {
    rule_name         = "Daily"
    target_vault_name = "${aws_backup_vault.basic.id}"
    schedule          = "cron(0 5 ? * * *)"
  }

  rule {
    rule_name         = "Weekly"
    target_vault_name = "${aws_backup_vault.basic.id}"
    schedule          = "cron(0 5 ? * * *)"
  }
}

To this:

resource "aws_backup_plan" "basic" {
  name = "${var.environment}-Basic"

  rule {
    rule_name         = "Daily"
    target_vault_name = "${aws_backup_vault.basic.id}"
    schedule          = "cron(0 6 ? * * *)" # CHANGE HERE
  }

  rule {
    rule_name         = "Weekly"
    target_vault_name = "${aws_backup_vault.basic.id}"
    schedule          = "cron(0 5 ? * * *)"
  }
}

And back to a single rule again causes no errors.

dannyleesmith picture dannyleesmith on 5 Jun 2019

Updated module syntax and tried using v0.12.1 = Same thing.
PS: The work around works but is a pain to destroy and re-create every time.

carlospgarciat picture carlospgarciat on 5 Jun 2019
👍1

This is the same error as https://github.com/terraform-providers/terraform-provider-aws/issues/8431.

ewbankkit picture ewbankkit on 26 Oct 2019

The fixes for these issues has been merged and will release with version 2.34.0 of the Terraform AWS Provider, on Thursday. Thanks to @ewbankkit for the implementation.

bflad picture bflad on 29 Oct 2019
🚀1

This has been released in version 2.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

bflad picture bflad on 31 Oct 2019
🚀1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 29 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ·  3Comments
ccslamstack picture ccslamstack  ·  3Comments
hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments