Description
Description
I have a RDS database I created with this module, which has been using a password from the random_password resource, which I have then stored in a Secret Manager Secret separately. I want to switch this database to use the self-managed master password, and I want to manage the timing of the rotation of this. However, when making the changes and trying to apply the code, I get the following issue in the plan step:
│ Error: Invalid index
│
│ on .terraform/modules/db/modules/db_instance/main.tf line 217, in resource "aws_secretsmanager_secret_rotation" "this":
│ 217: secret_id = aws_db_instance.this[0].master_user_secret[0].secret_arn
│ ├────────────────
│ │ aws_db_instance.this[0].master_user_secret is empty list of object
│
│ The given key does not identify an element in this collection value: the collection has no elements.
- ✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]: 6.10.0
-
Terraform version: 1.8.3
-
Provider version(s):
- provider registry.terraform.io/hashicorp/aws v5.89.0
- provider registry.terraform.io/hashicorp/random v3.7.1
Reproduction Code [Required]
Initially created the database with this configuration:
module "db" {
source = "terraform-aws-modules/rds/aws"
version = "6.10.0"
identifier = "test-database"
engine = "postgres"
engine_version = "14.12"
family = "postgres14"
major_engine_version = "14"
instance_class = "db.t4g.micro"
allocated_storage = 20
max_allocated_storage = 100
storage_type = "gp3"
storage_encrypted = true
manage_master_user_password = false
password = random_password.master_password.result
iam_database_authentication_enabled = true
db_name = "amplifi"
username = "amplifi"
port = 5432
multi_az = false
db_subnet_group_name = "default"
vpc_security_group_ids = ["sg-xxxxxxxxxxxxxxx"]
maintenance_window = "Sun:04:00-Sun:07:00"
backup_window = "02:00-04:00"
backup_retention_period = 7
skip_final_snapshot = true
deletion_protection = false
apply_immediately = true
create_db_parameter_group = true
}Then modified the configuration as follows:
module "db" {
source = "terraform-aws-modules/rds/aws"
version = "6.10.0"
identifier = "test-database"
engine = "postgres"
engine_version = "14.12"
family = "postgres14"
major_engine_version = "14"
instance_class = "db.t4g.micro"
allocated_storage = 20
max_allocated_storage = 100
storage_type = "gp3"
storage_encrypted = true
manage_master_user_password = true
manage_master_user_password_rotation = true
master_user_password_rotation_schedule_expression = "cron(0 22 ? * SAT *)"
master_user_password_rotation_duration = "1h"
master_user_password_rotate_immediately = false
iam_database_authentication_enabled = true
db_name = "amplifi"
username = "amplifi"
port = 5432
multi_az = false
db_subnet_group_name = "default"
vpc_security_group_ids = ["sg-xxxxxxxxxxxxxxx"]
maintenance_window = "Sun:04:00-Sun:07:00"
backup_window = "02:00-04:00"
backup_retention_period = 7
skip_final_snapshot = true
deletion_protection = false
apply_immediately = true
create_db_parameter_group = true
}Running terraform plan after changing the configuration as above yields the error above. If I set manage_master_user_password_rotation to false, the error is not raised. But I want to manage the password rotation timing.
Expected behavior
I should be able to make this configuration change and apply it in one go.
Actual behavior
The above error is raised at the plan stage.