Creating an AWS RDS instance fails with unable to find the subnet group ; succeeds on re-run (withou

[Graham Nicholls]

/*

DB Subnets

 */

resource "aws_db_subnet_group" "dbsng01dat01ppew${var.environmentnumber}x" {

    name = "dbsng01dat01ppew${var.environmentnumber}x"

    description = "RDS - Postgres - Preprod ${var.environmentnumber}"

    subnet_ids = ["${aws_subnet.sn01dat01a.id}", "${aws_subnet.sn01dat01b.id}", "${aws_subnet.sn01dat01c.id}"]

    tags {

        Name = "RDS - Postgres"

    }

}

/*

RDS 

 */

 resource "aws_db_instance" "rd01dat00" {

  allocated_storage    = 100

  engine               = "postgres"

  engine_version       = "9.3.2"

  instance_class       = "${var.rd01class}"

  identifier           = "rd01dat00ppdew${var.environmentnumber}x"

  # Username and password storage here is sub optimal. Should replace this step with a replicate_source_db removing the need for this 

  username             = "${var.pguser}"

  password             = "${var.pgpass}"

  db_subnet_group_name = "dbsng01dat01ppew${var.environmentnumber}x"

  # parameter_group_name = ""

}

That's the relevant code (I think); the failure is :

* aws_db_instance.rd01dat00: Error creating DB Instance: DBSubnetGroupNotFoundFault: DBSubnetGroup 'dbsng01dat01ppew3x' not found.

If I rerun the terraform apply, it sees the group (which has been successfully created), and it works.

Anyone else seeing this behaviour, or am I doing something daft?

Thanks

Graham Nicholls

[Clint Shryock]

Hey Grahm –

Terraform uses the configuration file(s) to build a dependency graph, based on interpolations inside the files. I see in your example config that you're familiar referencing variables, however there is no interpolation between the db subnet and the db itself. 

For example, in your DB configuration you have this:

  db_subnet_group_name = "dbsng01dat01ppew${var.environmentnumber}x"

While this matches the name of your Subnet group, Terraform cannot infer any real relationship between the two. As a result they have no relationship and Terraform attempts to create them in parallel, when in reality the Subnet group needs to exist before the DB can be created. The reason it works the second time is because by that time, the Subnet group exists and is available. 

Instead of having the aws_db_subnet_group  resource with a dynamic name in the configuration like so:

  resource "aws_db_subnet_group" "dbsng01dat01ppew${var.environmentnumber}x"

Try giving it a consistent name and then referencing it in the DB:

  db_subnet_group_name = "${aws_db_subnet_group.somesubnetname.name}"

That will tell Terraform that the Subnet group needs to be created successfully first, and then move on to the DB. If you cannot use a consistent name, then an explicit "depends_on" in the DB configuration should work:

  

  resource "aws_db_instance" "rd01dat00" {

    depends_on = ["aws_db_subnet_group.dbsng01dat01ppew${var.environmentnumber}x"]

    [...]

  }

Let us know if that doesn't work!

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/80ac454c-85bf-43c5-b295-6e89a5dcb818%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Clint

[Graham Nicholls]

Hey, Clint, thanks for responding - it's much appreciated.

Sadly, I'm off the project for the moment, so I'm not sure I can test this. I'll pass your email on to the chap who is working on this.

I had a feeling it was something like this, but couldn't quite get there.  I also noticed from the docs that I should not be using a db_security group if  it's in a VPC.

I'd like to just say thanks for terraform - what a great piece of software, and thanks for the response, too.

You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/gc2_VQiRwDg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAMN_gXFxj5uexSAnqYnk5CT4jKs-DbFJZPJqwWWJYxPr%2B49p3Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Graham Nicholls

Rock Computer Consultancy Limited.