I used Terraform to bring up an AWS RDS SQL Server DB with deletion_protection set to true. Now, I am trying to delete the database and hence I tried to first run {terraform apply} with deletion_protection set to false, and I got the following error:
Error: error deleting Database Instance "awsworkerdb-green": InvalidParameterCombination: Cannot delete protected DB Instance, please disable deletion protection and try again.
status code: 400, request id: 7e787deb-af03-4016-9baa-471ab9c0ae1c
Then I tried to directly do {terraform destroy} using the same TF code with deletion_protection set to false, I got the following error:
Error: error deleting Database Instance "awsworkerdb-green": InvalidParameterCombination: Cannot delete protected DB Instance, please disable deletion protection and try again.
status code: 400, request id: 9a95ef70-8738-4a31-b0cd-cf10ef05bdec
How does one go about deleting this database instance using terraform?
This would be two distinct API invocations, and therefore two consecutive Terraform executions with two different config modifications:
Modify deletion_protection to be false in your config, and apply your changes to the RDS instance.
Remove the RDS from the config and apply, or destroy the RDS resource directly. Either action will delete the RDS instance.
You can't. You have to do it manually using AWS console or AWS CLI with modify-db-instance. The entire point of deletion protection is so that the rds instance is not easy to delete, and you have to explicitly modify it for that.
From cli use below
aws rds modify-db-instance --db-instance-identifier <DB_IDENTIFIER> --region <DB_REGION> --no-deletion-protection --apply-immediately
Related
I am receiving the following errors in the EC2 CloudWatch Agent logs, /var/logs/awslogs.log:
I verified the EC2 has a role:
And the role has the correct policies:
I have set the correct region in /etc/awslogs/awscli.conf:
I noticed that running aws configure list in the EC2 gives this:
Is this incorrect? Should it list the profile (EC2_Cloudwatch_Profile) there?
I was using terraform and reprovisioning by doing:
terraform destroy && terraform apply
Looks like due to IAM being a global service it is "eventually consistent" and not "immediately consistent", when the profile instance was destroyed, the terraform apply began too quickly. Despite the "destroy" being complete, the arn for the previous profile instance was still there, and was re-used. However, the ID changed to a new ID.
Replacing the EC2 would bring it up to speed with the correct ID. However, my solution is to just wait longer between terraform destroy and apply.
I am trying to create a rds aurora global database with autoscaling enabled based on CPU threshold but when I try to destroy the autoscaled instances that are not deleted by terraform is this a bug? Is there a workaround or am I missing something?
I used this module https://github.com/umotif-public/terraform-aws-rds-aurora/blob/master/main.tf
line 391 create auto-scaling of aurora rds
But the autoscaled instance state is not maintained by terraform and deleting the autoscale resource didn't work
Error message: Error: error deleting RDS Cluster InvalidDBClusterStateFault: Cluster cannot be deleted, it still contains DB instances in non-deleting state. status code: 400, request id: b62f33ee-57d8-4887-9cad-3cbf6229b4ac
Error: Error deleting DB parameter group: InvalidDBParameterGroupState: One or more database instances are still members of this parameter group my-parameter-group, so the group cannot be deleted status code: 400, request id: 8a501e66-39e5-4365-ba33-7667894b9cf6
The only way I have done this is by manually deleting it before executing the command from terraform, but it does not make sense
Version: 5.7.mysql_aurora.2.07.2
i am trying to link lambda function when my RDS get inserted using lambda_async. but was not able to reach it with an error
#63996 - Lambda API returned error: Missing IAM Credentials for specified aws_default_lambda_role
i have followed each and every step carefully but getting above error. :(
i have followed the documentation at
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Lambda.html
and
Call AWS Lambda from Aurora RDS Stored Procedure Permissions Issue.
please help!!
actually i was placing lambda role in parameter group value. replacing with RDS IAM role solve my issue thanks!!
I found this answer: https://www.reddit.com/r/aws/comments/b2b9k4/new_rds_cluster_management_screen_missing_manage/ on which they sugest to add an IAM role for the cluster.
For that go to the RDS Cluster and under Connectivity & security tab, go to Manage IAM roles and add the desired role.
Note: You may need to enable also IAM DB authentication under Configuration tab.
Note2: Reboot your DB instance to apply changes.
I'm trying to deploy Metabase on AWS Beanstalk following the official documentation.
Unfortunately, I'm getting the following errors every time:
Stack named 'awseb-e-mbmm95mkdq-stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The following resource(s) failed to create: [AWSEBRDSDBSecurityGroup].
Creating RDS database security group named: awseb-e-mbmm95mkdq-stack-awsebrdsdbsecuritygroup-lixrbjq6lh5x failed Reason: Either the resource does not exist, or you do not have the required permissions.
Any ideas how to fix it?
Here's how I was able to fix this issue. I created an RDS db instance from the RDS console, then created a snapshot of that instance. Enter Elastic Beanstalk console, then from Configuration modify Database and use the snapshot created. Remember also to add environment properties in the Configuration / Software console.
I currently want to deploy a simple Django app in AWS using Elastic Beanstalk and RDS, following this tutorial: http://www.1strategy.com/blog/2017/05/23/tutorial-django-elastic-beanstalk/. To create the Beanstalk app I use the command eb create --scale 1 -db -db.engine postgres -db.i db.t2.micro.
In the creation process, the tool fails to create the [AWSEBRDSDBSecurityGroup]. Here is the output:
2018-07-28 06:07:51 ERROR Stack named 'awseb-e-ygq5xuvccr-stack' aborted
operation. Current state: 'CREATE_FAILED' Reason: The following resource(s)
failed to create: [AWSEBRDSDBSecurityGroup].
2018-07-28 06:07:51 ERROR Creating RDS database security group named:
awseb-e-ygq5xuvccr-stack-awsebrdsdbsecuritygroup-oj71kkwnaaag failed Reason:
Either the resource does not exist, or you do not have the required permissions.
I am using an access token with full administrator rights.
How can I solve this issue?
Are you sure you want to use a DB Security group and not a VPC Security group? AFAIK, db security groups should no longer be needed in new accounts, you should just be able to attach an existing VPC security group directly to your instance.
If you do need it, then its most likely one of these:
A badly worded error for hitting the limits for max db security groups
You actually don't have the admin permissions as you claimed.
Do try out and let us know what you find.