-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: in 5.27.0 aws_elasticache_replication_group forces auth_token to be enabled on all redis clusters #34589
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
Also, it's worth mentioning that downgrade path is not possible due to: |
We run the plan for the second time and now it says |
Thanks for raising this issue. I also encountered the same issue and observed the same behaviour where running first time gave the above error and in the next run it worked fine with Wondering if any change it did to the state file or is there any fix delivered? |
We've encountered the same issue as described above. Having failed on the first apply, a replan also showed no updates. |
Relates #34460 |
This functionality has been released in v5.28.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Core Version
1.6.4
AWS Provider Version
5.27.0
Affected Resource(s)
aws_elasticache_replication_group
Expected Behavior
The provider doesn't want to force enable auth_token on aws_elasticache_replication_group that was created without this setting.
Actual Behavior
We are using RBAC authentication with
aws_security_group
,aws_elasticache_user
andaws_elasticache_user_group
:This is the module we use:
We also have a development variation of this module which doesn't require authentication:
user_group_ids
parameter is missing andtransit_encryption_enabled = false
.When we upgraded to 5.27.0 the RBAC-authenticated one showed:
plan:
apply:
Unauthenticated:
plan: the same as for authenticated
apply:
So it seems that sending to AWS API the supposedly default
auth_token_update_strategy
force-enables alsoauth_token
on clusters where this is not desired.Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
N/A
Steps to Reproduce
Create aws_elasticache_replication_group without auth_token with older version of aws provider and try to upgrade to 5.27.0
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: