`aws_db_instance` has a `default` value minor version, but conflicts with `auto_minor_version_upgrade` `true`

aaa · September 15, 2022, 1:45pm

I have an aws_db_instance configuration used to deploy multiple environments. An issue I ran into was that the engine_version was defined in our vars.tf as,

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13.3"
}

But then in my aws_db_instance in main.tf I had,

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true
  ...
}

However, during an maintenance window and unbeknownst to me, AWS upgraded the RDS postgres instance to 13.4, and so when a deploy was tried and terraform apply was run, TF returned a 400 error,

InvalidParameterCombination: Cannot upgrade postgres from 13.4 to 13.3

So, what is the solution for this, can we just specify major version in my variable definition and have it as the below instead, not specifying the minor version (keeping in mind the format is major.minor for postgres) ?:

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13"  # not specifying minor version and moving away from our previous "13.3"
}

Note, I do not want major version upgrades to be allowed.

If we can’t do the above do, could I perhaps still have say “13.3” in the variable definition, and then put in our aws_db_instance resource definition this:

lifecycle {
  ignore_changes = [engine_version]
}

And then be sure to also specify in the aws_db_instance resource that allow_major_version_upgrade be false, which in total would result in this?:

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true
  allow_major_version_upgrade = false
  ...
  lifecycle {
    ignore_changes = [engine_version]
  }
}

Just trying to prevent this 400 error and also major version upgrades at the same time, and keeping my Postgres versions the same between different environments that use the same TF configuration.

Thank you!

Note: Looks like others have struggled with this too:

github.com/hashicorp/terraform-provider-aws

Unable to ignore changes to RDS minor engine version

opened 11:36PM - 20 Jul 17 UTC

closed 07:24PM - 10 Mar 21 UTC

joshuaspence

enhancement service/rds

We are using the `aws_db_instance` resource for managing RDS instances and I jus…t came across an issue that arises from the use of `auto_minor_version_upgrade`. Basically, we have some Terraform configuration that looks like this: ``` resource "aws_db_instance" "master" { allocated_storage = 128 engine = "mysql" engine_version = "5.7.10" instance_class = "db.r3.large" storage_type = "gp2" apply_immediately = true auto_minor_version_upgrade = true allow_major_version_upgrade = true # The other parameters are not relevant. } ``` During one of our scheduled maintenance windows, Amazon have kindly upgrade this RDS instance from MySQL 5.7.10 to 5.7.17 (which is expected due to `auto_minor_version_upgrade`). As such, `terraform plan` now shows the following change to be applied: ``` ~ aws_db_instance.master engine_version: "5.7.17" => "5.7.10" ``` I can workaround this by adding `engine_version` to `ignore_changes`, but doing so would prevent me from updating the major engine version. Ideally, I would be able to ignore changes only to the minor/patch version.

stuart-c · September 17, 2022, 5:56pm

We just ensure we update the code to match the new patch version whenever AWS does an update - it is very obvious when the change is needed as an apply would fail and a plan would chow an unexpected change.

aaa · September 18, 2022, 4:16pm

@stuart-c , thanks for the feedback. I just tried something very simple that I questioned whether or not it was a possible solution. Since minor updates for postgres should be safe, ie 13.x, I only specified the major version in the default value of the "db-engine-version" variable:

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13"
}

auto_minor_version_upgrade = true was set to true in the aws_db_instance:

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true

And then minor updates were part of the plan which I don’t have a problem with. To make sure there was not version drift for postgres between environments, I also specified the same maintenance_window property time for the aws_db_instance.

I think this resolves things fine.