`aws_db_instance` has a `default` value minor version, but conflicts with `auto_minor_version_upgrade` `true`

I have an aws_db_instance configuration used to deploy multiple environments. An issue I ran into was that the engine_version was defined in our vars.tf as,

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13.3"
}

But then in my aws_db_instance in main.tf I had,

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true
  ...
}

However, during an maintenance window and unbeknownst to me, AWS upgraded the RDS postgres instance to 13.4, and so when a deploy was tried and terraform apply was run, TF returned a 400 error,

InvalidParameterCombination: Cannot upgrade postgres from 13.4 to 13.3

So, what is the solution for this, can we just specify major version in my variable definition and have it as the below instead, not specifying the minor version (keeping in mind the format is major.minor for postgres) ?:

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13"  # not specifying minor version and moving away from our previous "13.3"
}

Note, I do not want major version upgrades to be allowed.

If we can’t do the above do, could I perhaps still have say “13.3” in the variable definition, and then put in our aws_db_instance resource definition this:

lifecycle {
  ignore_changes = [engine_version]
}

And then be sure to also specify in the aws_db_instance resource that allow_major_version_upgrade be false, which in total would result in this?:

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true
  allow_major_version_upgrade = false
  ...
  lifecycle {
    ignore_changes = [engine_version]
  }
}

Just trying to prevent this 400 error and also major version upgrades at the same time, and keeping my Postgres versions the same between different environments that use the same TF configuration.

Thank you!

Note: Looks like others have struggled with this too:

We just ensure we update the code to match the new patch version whenever AWS does an update - it is very obvious when the change is needed as an apply would fail and a plan would chow an unexpected change.

@stuart-c , thanks for the feedback. I just tried something very simple that I questioned whether or not it was a possible solution. Since minor updates for postgres should be safe, ie 13.x, I only specified the major version in the default value of the "db-engine-version" variable:

variable "db-engine-version {
  type = string
  description = "DB engine version"
  default = "13"
}

auto_minor_version_upgrade = true was set to true in the aws_db_instance:

resource "aws_db_instance" "default" {
  ...
  engine               = "postgres"
  engine_version       =  var.db-engine-version
  auto_minor_version_upgrade = true

And then minor updates were part of the plan which I don’t have a problem with. To make sure there was not version drift for postgres between environments, I also specified the same maintenance_window property time for the aws_db_instance.

I think this resolves things fine.