Hello,
I have a aws_db_instance that is already created, and wanted to now encrypt the DB by adding the storage_encrypted = true argument, but upon doing a terraform plan, the plan attempts to destroy the database, which is what I definitely do not want. How can I get around this and not destroy the DB, and add encryption?:
resource "aws_db_instance" "postgres" {
allocated_storage = var.db_allocated_storage
storage_type = "gp2"
engine = "postgres"
storage_encrypted = true # new argument I am trying to add
instance_class = var.db_instance_class
name = var.db_name
username = var.db_username
skip_final_snapshot = true
password = random_password.db_password.result
deletion_protection = true
vpc_security_group_ids = [aws_security_group.my_security_group.id]
db_subnet_group_name = aws_db_subnet_group.my_subnet_group.id
copy_tags_to_snapshot = true
multi_az = terraform.workspace == "prod" ? true : false
lifecycle {
prevent_destroy = true
}
}
The terraform plan attempt gives this:
Resource aws_db_instance.postgres has lifecycle.prevent_destroy set, but the plan calls for this resource to be destroyed. To avoid this error and continue with the plan, either disable lifecycle.prevent_destory or reduce the scope of the plan using the -target flag
well, I wasn’t trying to destroy the db instance, but does adding the storage_encrypted = true mean that has to happen for the encryption to occur? I am just trying to figure out a way to work around this.