Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Avoid DB proxy diffs for unsupported AZs #40498

Merged
merged 2 commits into from
Dec 9, 2024
Merged

docs: Avoid DB proxy diffs for unsupported AZs #40498

merged 2 commits into from
Dec 9, 2024

Conversation

YakDriver
Copy link
Member

@YakDriver YakDriver commented Dec 9, 2024
edited
Loading

Description

This PR updates the documentation to address an issue where Terraform perpetually shows a diff and recreates an RDS Proxy when one or more specified subnets are in an Availability Zone (AZ) that does not support DB proxies.

Problem

When creating an RDS Proxy, the proxy is successfully created but only includes subnets from supported AZs. If one of the specified subnets is in an unsupported AZ:

  1. The proxy is created with only the subnets in supported AZs (e.g., supported_1 and supported_2 instead of the expected three subnets).
  2. Subsequent Terraform plans detect a difference between the desired state (three subnets) and the actual state (two subnets) and attempt to recreate the proxy. This results in perpetual diffs and recreation cycles.

Root Causes

  • The AWS API does not return an error when unsupported AZs are included, unless fewer than two supported AZs are provided.
  • There is no definitive, up-to-date source of information listing which AZs globally support DB proxies, making it challenging to validate configurations proactively.

Workarounds

Since the problem cannot be fully resolved at this time, this PR provides documentation updates with practical workarounds:

  1. Exclude Unsupported AZs: Use the aws_availability_zones data source to dynamically filter out unsupported AZs when defining subnets.
  2. Ignore Changes: Use the lifecycle ignore_changes meta-argument to suppress Terraform's diff detection for the vpc_subnet_ids argument.

Limitations

  • These workarounds are not foolproof. Excluding unsupported AZs relies on specific knowledge of which AZs to exclude, which is not always available.
  • Ignoring changes with ignore_changes prevents Terraform from managing updates to vpc_subnet_ids, which could lead to configuration drift.

Future Improvements

The best long-term solution would be for the AWS API to return an error when unsupported AZs are included, allowing Terraform to fail fast during resource creation. However, this is not currently possible due to API behavior.

Relations

Closes #17781
Closes #23446

References

Output from Acceptance Testing

% make testacc TESTS=TestAccXXX PKG=ec2

...

@YakDriver YakDriver requested a review from a team as a code owner December 9, 2024 21:27
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2024

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. service/rds Issues and PRs that pertain to the rds service. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. labels Dec 9, 2024
jar-b
jar-b approved these changes Dec 9, 2024
View reviewed changes
Copy link
Member

@jar-b jar-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@YakDriver YakDriver merged commit 829a3bf into main Dec 9, 2024
22 checks passed
@YakDriver YakDriver deleted the d-db-proxy-unsupported-az branch December 9, 2024 22:24
@github-actions github-actions bot added this to the v5.81.0 milestone Dec 9, 2024
terraform-aws-provider bot pushed a commit that referenced this pull request Dec 9, 2024
Update CHANGELOG.md for #40498
ddfaefb
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.81.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jar-b jar-b jar-b approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. service/rds Issues and PRs that pertain to the rds service.
Projects
None yet
Milestone
v5.81.0
Development

Successfully merging this pull request may close these issues.

aws_db_proxy shows perpetual difference if a subnet in an unsupported AZ is provided aws_db_proxy subnet_ids
2 participants
@YakDriver @jar-b