Global flag performance_insights needs to be especify in all instances to take effect

[carlosjgp]

same as #444

Description

Can't use the global flag to enable the performance insights

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 9.3.1

• Terraform version: 1.5.6

• Provider version(s): 5.42.0

Reproduction Code [Required]

From the examples... initial state

module "aurora" {
  source = "../../"

  name            = local.name
  engine          = "aurora-postgresql"
  engine_version  = "14.7"
  master_username = "root"
  storage_type    = "aurora-iopt1"
  instances = {
    1 = {
      instance_class          = "db.r5.2xlarge"
      publicly_accessible     = true
      db_parameter_group_name = "default.aurora-postgresql14"
    }
    2 = {
      identifier     = "static-member-1"
      instance_class = "db.r5.2xlarge"
    }
    3 = {
      identifier     = "excluded-member-1"
      instance_class = "db.r5.large"
      promotion_tier = 15
    }
  }

  endpoints = {
    static = {
      identifier     = "static-custom-endpt"
      type           = "ANY"
      static_members = ["static-member-1"]
      tags           = { Endpoint = "static-members" }
    }
    excluded = {
      identifier       = "excluded-custom-endpt"
      type             = "READER"
      excluded_members = ["excluded-member-1"]
      tags             = { Endpoint = "excluded-members" }
    }
  }

  vpc_id               = module.vpc.vpc_id
  db_subnet_group_name = module.vpc.database_subnet_group_name
  security_group_rules = {
    vpc_ingress = {
      cidr_blocks = module.vpc.private_subnets_cidr_blocks
    }
    egress_example = {
      cidr_blocks = ["10.33.0.0/28"]
      description = "Egress to corporate printer closet"
    }
  }

  apply_immediately   = true
  skip_final_snapshot = true

  create_db_cluster_parameter_group      = true
  db_cluster_parameter_group_name        = local.name
  db_cluster_parameter_group_family      = "aurora-postgresql14"
  db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
  db_cluster_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
      }, {
      name         = "rds.force_ssl"
      value        = 1
      apply_method = "immediate"
    }
  ]

  create_db_parameter_group      = true
  db_parameter_group_name        = local.name
  db_parameter_group_family      = "aurora-postgresql14"
  db_parameter_group_description = "${local.name} example DB parameter group"
  db_parameter_group_parameters = [
    {
      name         = "log_min_duration_statement"
      value        = 4000
      apply_method = "immediate"
    }
  ]

  enabled_cloudwatch_logs_exports = ["postgresql"]
  create_cloudwatch_log_group     = true

  create_db_cluster_activity_stream     = true
  db_cluster_activity_stream_kms_key_id = module.kms.key_id
  db_cluster_activity_stream_mode       = "async"

  tags = local.tags
}

Add performance insights

# Monitoring. Cloudwatch and Performance Insights
create_monitoring_role                = true
iam_role_name                         = "rds-monitoring"
iam_role_use_name_prefix              = true
iam_role_description                  = "IAM role created by terraform-aws-rds-aurora terraform module"
monitoring_interval                   = 10
performance_insights                  = true
performance_insights_retention_period = 93 # days. 3 Months for production environments

# Apply changes immediately instead of waiting for the next maintenance window
# we want to be in control of when these happen
apply_immediately = true

Apply... See Actual behavior section

if on top of that, I add

instances = {
  1 = {
    instance_class          = "db.r5.2xlarge"
    publicly_accessible     = true
    db_parameter_group_name = "default.aurora-postgresql14"
    performance_insights    = true
  }
  2 = {
    identifier           = "static-member-1"
    instance_class       = "db.r5.2xlarge"
    performance_insights = true
  }
  3 = {
    identifier           = "excluded-member-1"
    instance_class       = "db.r5.large"
    promotion_tier       = 15
    performance_insights = true
  }
}

then it applies correctly. See Expected behavior

Expected behavior

Terraform will perform the following actions:

  # aws_iam_role.rds_enhanced_monitoring[0] will be updated in-place
  ~ resource "aws_iam_role" "rds_enhanced_monitoring" {
      + description           = "IAM role created by terraform-aws-rds-aurora terraform module"
        id                    = "rds-monitoring-sbx2"
        name                  = "rds-monitoring-sbx2"
        tags                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (9 unchanged attributes hidden)
    }

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      + enable_local_write_forwarding       = false
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-9892532303865fed5397ae3c43eeefa7" -> "aurora-postgres-sbx2-final-snapshot-68e520c70db2863d65b082b42e2438a1"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (40 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_enabled          = false -> true
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (28 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_enabled          = false -> true
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (32 unchanged attributes hidden)
        }
    }
aws_iam_role.rds_enhanced_monitoring[0]: Modifying... [id=rds-monitoring-sbx2]
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_iam_role.rds_enhanced_monitoring[0]: Modifications complete after 1s [id=rds-monitoring-sbx2]
aws_rds_cluster_instance.this["two"]: Modifications complete after 1m32s [id=aurora-postgres-sbx2-one, 1m40s elapsed]
aws_rds_cluster_instance.this["one"]: Modifications complete after 1m42s [id=aurora-postgres-sbx2-one]

Apply complete! Resources: 0 added, 4 changed, 0 destroyed.

Actual behavior

Terraform will perform the following actions:

  # aws_rds_cluster.this[0] will be updated in-place
  ~ resource "aws_rds_cluster" "this" {
      ~ final_snapshot_identifier           = "aurora-postgres-sbx2-final-snapshot-6ec1a4fd929a19781f98da1e86214d3f" -> "aurora-postgres-sbx2-final-snapshot-53fead4e630e409e776f4e948f9a22d6"
        id                                  = "aurora-postgres-sbx2"
        tags                                = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (41 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["one"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-one"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_rds_cluster_instance.this["two"] will be updated in-place
  ~ resource "aws_rds_cluster_instance" "this" {
        id                                    = "aurora-postgres-sbx2-two"
      ~ performance_insights_retention_period = 0 -> 7
        tags                                  = {
            "managed_by" = "terraform"
            "project"    = "linq-tactical-infra"
        }
        # (29 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Changes to Outputs:
  ~ cluster_instances                                 = {
      ~ one = {
            id                                    = "aurora-postgres-sbx2-one"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
      ~ two = {
            id                                    = "aurora-postgres-sbx2-two"
          ~ performance_insights_retention_period = 0 -> 7
            tags                                  = {
                managed_by = "terraform"
                project    = "linq-tactical-infra"
            }
            # (33 unchanged attributes hidden)
        }
    }
aws_rds_cluster.this[0]: Modifying... [id=aurora-postgres-sbx2]
aws_rds_cluster.this[0]: Modifications complete after 0s [id=aurora-postgres-sbx2]
aws_rds_cluster_instance.this["one"]: Modifying... [id=aurora-postgres-sbx2-one]
aws_rds_cluster_instance.this["two"]: Modifying... [id=aurora-postgres-sbx2-two]
╷
│ Error: updating RDS Cluster Instance (aurora-postgres-sbx2-one): InvalidParameterCombination: Cannot set PerformanceInsightsRetention without EnablePerformanceInsights
│       status code: 400, request id: eb61a564-3ea1-4248-ab12-0873f403d368
│ 
│   with aws_rds_cluster_instance.this["one"],
│   on main.tf line 160, in resource "aws_rds_cluster_instance" "this":
│  160: resource "aws_rds_cluster_instance" "this" {
│ 

Additional context

I think that the try statements here to check if the instance configuration overrides the default flag should be coalesce instead...?

terraform-aws-rds-aurora/main.tf

Lines 163 to 184 in 39146d5

	apply_immediately = try(each.value.apply_immediately, var.apply_immediately)
	auto_minor_version_upgrade = try(each.value.auto_minor_version_upgrade, var.auto_minor_version_upgrade)
	availability_zone = try(each.value.availability_zone, null)
	ca_cert_identifier = var.ca_cert_identifier
	cluster_identifier = aws_rds_cluster.this[0].id
	copy_tags_to_snapshot = try(each.value.copy_tags_to_snapshot, var.copy_tags_to_snapshot)
	db_parameter_group_name = var.create_db_parameter_group ? aws_db_parameter_group.this[0].id : try(each.value.db_parameter_group_name, var.db_parameter_group_name)
	db_subnet_group_name = local.db_subnet_group_name
	engine = var.engine
	engine_version = var.engine_version
	identifier = var.instances_use_identifier_prefix ? null : try(each.value.identifier, "${var.name}-${each.key}")
	identifier_prefix = var.instances_use_identifier_prefix ? try(each.value.identifier_prefix, "${var.name}-${each.key}-") : null
	instance_class = try(each.value.instance_class, var.instance_class)
	monitoring_interval = try(each.value.monitoring_interval, var.monitoring_interval)
	monitoring_role_arn = var.create_monitoring_role ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn
	performance_insights_enabled = try(each.value.performance_insights_enabled, var.performance_insights_enabled)
	performance_insights_kms_key_id = try(each.value.performance_insights_kms_key_id, var.performance_insights_kms_key_id)
	performance_insights_retention_period = try(each.value.performance_insights_retention_period, var.performance_insights_retention_period)
	# preferred_backup_window - is set at the cluster level and will error if provided here
	preferred_maintenance_window = try(each.value.preferred_maintenance_window, var.preferred_maintenance_window)
	promotion_tier = try(each.value.promotion_tier, null)
	publicly_accessible = try(each.value.publicly_accessible, var.publicly_accessible)