AWS RDS SubnetGroups via Terraform



We have terraform cdktf processes creating RDS instances. The terraform apply works fine on existing subnet groups. However, if subnet group and db instances are called on same terraform apply, it is unable to find the subnet group(Although the subnet group has been created correctly, during the Apply).

Is there a lag or any additional permissions required to ensure both can be created on the same terraform apply?

PS: Error: DBSubnetGroupNotFoundFault: DBSubnetGroup SampleSubnetGroup not found. status code:404, request id:#####

Note, when we check AWS , the subnetgroup has been created. Now, if we rerun the Terraform Apply(without any changes), the process succeeds, as it picks up on the newly created subnet group and creates the RDS instance.

Please also note, when running Terraform Destroy, we observe same behavior , all resources are destroyed, but we are unable to destroy subnet group with below error, however on a rerun of Terraform destroy, the subnet group gets destroyed.

Error on destroy: Cannot delete the subnet group #name because at least one database is still using it. However when checking AWS, this is not the case, as the database had been destroyed successfully.

Thank you!

  • Please provide sample code snipplets that show the database instance and database subnetgroup definitions.

asked a year ago632 views
2 Answers

This is a strange one as Terraform knows all about the dependency that the aws_db_instance resource has on the aws_db_subnet_group, and it knows to park the provisioing of the RDS instance until the subnet group is fully created. And RDS is not exactly some niche, obscure thing that not much attention has been given to, it would have been one of the first thing to have been done, and done properly.

This is definitely a brand new subnet group that is being created from scratch, and not a pre-existing one that's being imported?

You also don't have some setup where two (or more) apply jobs are running in parallel and are not aware of each other (this sounds daft even as I'm typing it), such that job #1 tries to create the database before job #2 has finished creating the subnet group? But then you try it again and job #1 succeeds because the old job #2 has now finished?

Depending on how big and complicated your environment is you could try running terraform show and it will list all the dependecies that Terraform understands is present in your code. terraform graph will give a graphical representation of the same, although for anything more than the most basic environment this quickly becomes a big mess of lines.

Good luck, and I'm interested to know what the outcome of this is.

profile picture
answered a year ago
profile picture
reviewed a year ago
  • Precisely. We are using cdktf for deployment, which is development kit over terraform. So the subnet function runs first, only then the sb instance function is called. As mentioned, error occurs only when using the subnet created on same apply. If we are reusing a subnet, we do not have this error. For uninterrupted automation via cdktf, we want the subnetgroup to be recognized by the db instance immediately

    No, the sample subnet group and db instance is created in sequence, one after the other. As this is POC on a dev account, we do not have any other parrarel processes running, as the cdktf deploy is deploying the first database.

Accepted Answer

It is hard to say without seeing the actual error, but you may want to try using "depends_on" to specify the dependency.

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions