Fix: at_rest_encryption_enabled incorrectly processed

[rsafonseca]

Description

at_rest_encryption_enabled incorrectly processed leading to unexpected replication group state and endless replacement when set to false

Current situation:

• AWS docs specify that the default is false, but this has changed on the API for valkey, new ReplicationGroups are all being created with at_rest_encryption_enabled set to true
• By default, this provider assumes at_rest_encryption_enabled=false, and doesn't include the parameter in the CreateReplicationGroup API call
• When creating a Valkey ReplicationGroup with the provider, unless explicitly specifying at_rest_encryption_enabled=true, every terraform plan/apply will try to recreate the ReplicationGroup, which is a destructive operation

This PR changes at_rest_encryption_enabled from Computed to a normal parameter, so it is included with the CreateReplicationGroup API call

Relations

Relates #39955

References

Output from Acceptance Testing

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

Welcome @rsafonseca 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[gdavison]

Hi @rsafonseca. Thanks for contributing a fix for an issue. Unfortunately, we won't be able to use it. Changing this default value will be a breaking change and will also cause problems for existing deployments. In addition, due to a known issue with Boolean values and the Terraform Plugin SDK, at_rest_encryption_enabled would no longer be able to be disabled.

I've created #40514 to fix this issue

[rsafonseca]

Hi @gdavison , thanks for taking this up.
Your MR only fixes one of the problems, which is the perpetual loop. This property should still be configurable beyond the default though and currently because it's set to Computed it cannot be configured.

As it currently stands, we can't enable it for redis and we can't disable it for valkey, because the property isn't being passed during the Create api call