RDS Instance Validation Does Not Catch Invalid final_snapshot_identifiers

[jsravencroft]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.14.3
+ provider registry.terraform.io/hashicorp/aws v3.22.0

Affected Resource(s)

• aws_db_instance

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_db_instance" "default" {
  engine = "postgres"
  engine_version = "12.4"

  instance_class = "db.t3.small"
  allocated_storage = 10

  name =  "snaptest"
  username = "snapadmin"
  password = "snappassword"

  vpc_security_group_ids = [ aws_security_group.default.id ]
  db_subnet_group_name = aws_db_subnet_group.default.name

  skip_final_snapshot = false
  final_snapshot_identifier = "99badIdentifier"
}

Debug Output

Panic Output

Expected Behavior

Error: "final_snapshot_identifier" must begin with a letter

  on main.tf line 30, in resource "aws_db_instance" "default":
  30:   final_snapshot_identifier = "99badIdentifier"

Actual Behavior

Validate only:

terraform validate
Success! The configuration is valid.

Apply and Destroy:

aws_db_instance.default: Destroying... [id=terraform-20201223005443384400000001]

Error: error deleting Database Instance "terraform-20201223005443384400000001": InvalidParameterValue: The parameter FinalDBSnapshotIdentifier is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters, digits, and hyphens; and must not end with a hyphen or contain two consecutive hyphens.
	status code: 400, request id: 47a7961d-22fd-4899-9c08-8fa7f17d5db1

Steps to Reproduce

1. terraform validate

or

1. terraform apply
2. terraform destroy

Important Factoids

This bug does permit one to create the RDS instance, only to get an error when destroying. The workaround is to update the final_snapshot_identifer, apply the new value, then delete.

References

• AWS Documentation on RDS Final Snapshots
• Provider Code

This has been released in version 3.24.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!