Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: terraform doesn't change DynamoDB correctly when AutoScaling enabled #572

Closed
chunyong-lin opened this issue Jan 16, 2018 · 5 comments
Closed
Assignees

Comments

@chunyong-lin
Copy link
Contributor

chunyong-lin commented Jan 16, 2018

Background

Terraform failed to update DynamoDB AutoScaling target due to invalid value set provisionedThroughput.readCapacityUnits and provisionedThroughput.writeCapacityUnits to -1.

Description

When terraform is making change to provisionedThroughput.readCapacityUnits and provisionedThroughput.writeCapacityUnits, it will set it to -1 first, and then change it to new value we set. However, -1 is invalid value to AWS API. The error message is sent to CloudWatch event, and there is no error output from terraform plan or terraform apply.

The error message in CloudWatch event is 2 validation errors detected: Value '-1' at 'provisionedThroughput.writeCapacityUnits' failed to satisfy constraint: Member must have value greater than or equal to 1; Value '-1' at 'provisionedThroughput.readCapacityUnits' failed to satisfy constraint: Member must have value greater than or equal to 1

Desired Change

Prevent terraform to change provisionedThroughput.readCapacityUnits and provisionedThroughput.writeCapacityUnits set to -1 before new value kicks in.

@chunyong-lin chunyong-lin self-assigned this Jan 16, 2018
@chunyong-lin
Copy link
Contributor Author

chunyong-lin commented Jan 27, 2018

Open the issue in terraform repo to get support hashicorp/terraform-provider-aws#3155

@chunyong-lin
Copy link
Contributor Author

I found out there is a post in AWS development discussion forums (you need to login to your aws console to have read permission), it mentioned that
- Application Auto Scaling automatically creates the SLR in your account when you call RegisterScalableTarget or PutScalingPolicy if you have the IAM CreateServiceLinkedRole permission.

This requirement affects dynamodb table when the autoscale is enabled also. Because in our terraform code, it creates a IAM role for dynamodb autoscale. But eventually, aws will use the service role it created when registering a scale target for autoscale.

The idea to solve this problem is we probably will force to use DynamoDB Autoscaling which is configurable currently. So we can remove the IAM we create for DynamoDB table and use auto-created one instead.

@austinbyers
Copy link
Contributor

Closed via #623

@easyawslearn
Copy link

Observed that suggestion of using the Default role provided by AWS, but couldn't found the solutions for what changes require if i want to use my custom IAM role, Please suggest.

@chunyong-lin
Copy link
Contributor Author

Hi @vijaypatel1985 A work around it is to use AWS created service role dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable. Please refer to our code at here.

This service role should be existed when enabled autoscale. You can double check it using aws cli if you have list and get iam roles permission.

aws iam get-role --role-name AWSServiceRoleForApplicationAutoScaling_DynamoDBTable

You also can check the role existence from aws console.

Let me know if you have questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants