Terraform: Unable to create RDS Parameter Group and add to instance

Hi @darend

Thanks for opening the issue here, if you use the interpolation syntax, then you can effectively tell AWS that the db_parameter_group should be created before the instance. E.g.

resource "aws_db_instance" "database" {
  identifier = "database"
  ...
  parameter_group_name = "${aws_db_parameter_group.databae.name}"
  ...

}

resource "aws_db_parameter_group" "database" {
  name   = "database"
  family = "postgres9.5"

  parameter {
    name         = "rds.force_ssl"
    value        = "1"
    apply_method = "pending-reboot"
  }
}

This will then work as expected

Hope it helps

Paul

doh, thanks!

Let me know if it doesn't work, we should make this a little more clear TBH

@stack72 I confirmed it works by:

• removing PG from instance and then deleting the PG
• added back the PG and the instance dependency on it using interpolation

aws_db_parameter_group.database: Creating...
  arn:                               "" => "<computed>"
  description:                       "" => "Managed by Terraform"
  family:                            "" => "postgres9.5"
  name:                              "" => "daren"
  parameter.#:                       "" => "1"
  parameter.2349693848.apply_method: "" => "pending-reboot"
  parameter.2349693848.name:         "" => "rds.force_ssl"
  parameter.2349693848.value:        "" => "1"
aws_db_parameter_group.database: Creation complete
aws_db_instance.database: Modifying...
  parameter_group_name: "default.postgres9.5" => "daren"
aws_db_instance.database: Still modifying... (10s elapsed)
aws_db_instance.database: Still modifying... (20s elapsed)
aws_db_instance.database: Still modifying... (30s elapsed)
aws_db_instance.database: Modifications complete

Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

Relatedly, I did find that I could not go back to the default RDS PG by removing the parameter_group_name declaration. It showed no change in plan/apply. I did it via the AWS console, but imagine specifying the RDS default PG name would have worked.

Here is the error when you try to remove the PG from the instance and delete then delete it:

* aws_db_parameter_group.database: InvalidDBParameterGroupState: One or more database instances are still members of this parameter group daren, so the group cannot be deleted
    status code: 400, request id: 5a334bf7-bb14-11e6-9a09-af86b91a2621

I can open a new issue is this is not already known

@stack72 @darend I am having similar issues for Aurora. The errors I am getting are:

• aws_rds_cluster_parameter_group.aurora_ssl: 1 error(s) occurred:

• aws_rds_cluster_parameter_group.aurora_ssl: Error modifying DB Cluster Parameter Group: InvalidParameterValue: Could not find parameter with name: rds.force_ssl
  status code: 400, request id: 76169ea1-921d-11e7-9c86-1f334abe320e

• aws_db_parameter_group.aurora_ssl: 1 error(s) occurred:

• aws_db_parameter_group.aurora_ssl: Error modifying DB Parameter Group: InvalidParameterValue: Could not find parameter with name: rds.force_ssl
  status code: 400, request id: 761761c6-921d-11e7-8bdc-adf654e2fa41

Is this because the parameter groups haven't been made yet while they are trying to attach to the Cluster and Instance? Below is my code for the Parameter Groups and Cluster and Instance:

#for the cluster
resource "aws_rds_cluster_parameter_group" "aurora_ssl" {
  name        = "database"
  family      = "aurora5.6"

  parameter {
    name         = "rds.force_ssl"
    value        = "1"
    apply_method = "pending-reboot"
  }
}

#for the instance
resource "aws_db_parameter_group" "aurora_ssl" {
  name   = "database"
  family = "aurora5.6"

  parameter {
    name         = "rds.force_ssl"
    value        = "1"
    apply_method = "pending-reboot"
  }
}

#Building the cluster for the Aurora Instances
resource "aws_rds_cluster" "ice_cluster" {
  cluster_identifier      = "ice-aurora-cluster"
  database_name           = "ICE_AURORA"
  master_username         = "${var.aurora_username}"
  master_password         = "${var.aurora_password}"
  backup_retention_period = "${var.backup_retention_period}"
  preferred_backup_window = "${var.preferred_backup_window}"
  preferred_maintenance_window = "${var.preferred_maintenance_window}"
  storage_encrypted       = true
  db_subnet_group_name    = "${aws_db_subnet_group.db_sg_ice.id}"
  skip_final_snapshot     = "${var.skip_final_snapshot}"
  vpc_security_group_ids  = ["${aws_security_group.aurora_security_group.id}"]
  apply_immediately       = "${var.apply_immediately}"
  db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_ssl.name}"
}

#building the instance to go into the cluster
resource "aws_rds_cluster_instance" "cluster_instances" {
  count              = "${var.count}"
  identifier         = "ice-aurora-cluster-${count.index}"
  cluster_identifier = "${aws_rds_cluster.ice_cluster.id}"
  instance_class     = "${var.instance_class}"
  publicly_accessible = "${var.publicly_accessible}"
  db_subnet_group_name = "${aws_db_subnet_group.db_sg_ice.id}"
  apply_immediately  = "${var.apply_immediately}"
  preferred_maintenance_window = "${var.preferred_maintenance_window}"
  auto_minor_version_upgrade = "${var.auto_minor_version_upgrade}"
  db_parameter_group_name = "${aws_db_parameter_group.aurora_ssl.name}"

}

Apologies- this is the first time I have asked a question on here, help is appreciated

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.