aws_db_instance: false positive not being covered by IaC #1687
Description
Description
I am currently testing driftctl on our pipelines. In the project I am running it on, it claims that our aws_db_instance is not covered by IaC.
This seems to be a false positive, as it is created and managed by Terraform.
Environment
- OS: Ubuntu / Alpine
- driftctl version: v0.39.0
- terraform version: v1.5.6
- terraform providers versions:
- provider registry.terraform.io/cloudposse/awsutils v0.18.1
- provider registry.terraform.io/gitlabhq/gitlab v16.3.0
- provider registry.terraform.io/hashicorp/aws v5.15.0
- provider registry.terraform.io/hashicorp/local v2.4.0
- provider registry.terraform.io/hashicorp/null v3.2.1
- provider registry.terraform.io/hashicorp/random v3.5.1
- provider registry.terraform.io/hashicorp/time v0.9.1
- provider registry.terraform.io/jianyuan/sentry v0.11.2
Running driftctl scan --only-unmanaged results in:
Found resources not covered by IaC:
aws_db_instance:
- my-demo-dbHowever, it is part of the tfstate that is being parsed by driftctl:
{
"module": "module.rds_postgres_db",
"mode": "managed",
"type": "aws_db_instance",
"name": "default",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 2,
"attributes": {
"address": "my-demo-db.xxxxxxxxxxxxxx.xxxxxxxxxxxxxx.rds.amazonaws.com",
"allocated_storage": 21,
"allow_major_version_upgrade": true,
"apply_immediately": true,
"arn": "arn:aws:rds:xxxxxxxxxxxxxx:xxxxxxxxxxxxx",
"auto_minor_version_upgrade": true,
"availability_zone": "xxxxxxxxxxxxxxb",
"backup_retention_period": 7,
"backup_target": "region",
"backup_window": "22:00-03:00",
"blue_green_update": [],
"ca_cert_identifier": "rds-ca-2019",
"character_set_name": "",
"copy_tags_to_snapshot": true,
"custom_iam_instance_profile": "",
"customer_owned_ip_enabled": false,
"db_name": "xxxxxxxxx",
"db_subnet_group_name": "my-demo-db",
"delete_automated_backups": true,
"deletion_protection": true,
"domain": "",
"domain_iam_role_name": "",
"enabled_cloudwatch_logs_exports": [
"postgresql",
"upgrade"
],
"endpoint": "my-demo-db.xxxxxxxxxxxxxx.xxxxxxxxxxxxxx.rds.amazonaws.com:5432",
"engine": "postgres",
"engine_version": "15.3",
"engine_version_actual": "15.3",
"final_snapshot_identifier": "my-demo-db-final-snapshot",
"hosted_zone_id": "XXXXXXXXXXXXXXX",
"iam_database_authentication_enabled": false,
"id": "db-XXXXXXXXXXXXXXX",
"identifier": "my-demo-db",
"identifier_prefix": "",
"instance_class": "db.t4g.small",
"iops": 3000,
"kms_key_id": "arn:aws:kms:xxxxxxxxxxxxxx:xxxxxxxxx:key/xxxxxx-xxxxxxx-xxxxxxxxx",
"latest_restorable_time": "2023-09-04T12:09:30Z",
"license_model": "postgresql-license",
"listener_endpoint": [],
"maintenance_window": "mon:03:00-mon:04:00",
"manage_master_user_password": null,
"master_user_secret": [],
"master_user_secret_kms_key_id": null,
"max_allocated_storage": 50,
"monitoring_interval": 0,
"monitoring_role_arn": "",
"multi_az": false,
"nchar_character_set_name": "",
"network_type": "IPV4",
"option_group_name": "my-demo-db-20230809074118965400000001",
"parameter_group_name": "my-demo-db-20230809074118974000000002",
"password": "xxxxxxxxxxxxxxxxxxxxxx",
"performance_insights_enabled": false,
"performance_insights_kms_key_id": "",
"performance_insights_retention_period": 0,
"port": 5432,
"publicly_accessible": false,
"replica_mode": "",
"replicas": [],
"replicate_source_db": "",
"resource_id": "db-xxxxxxxxxxxxxxxxxx",
"restore_to_point_in_time": [],
"s3_import": [],
"skip_final_snapshot": false,
"snapshot_identifier": "",
"status": "available",
"storage_encrypted": true,
"storage_throughput": 125,
"storage_type": "gp3",
"tags": {
"Name": "my-demo-db",
"Namespace": "my",
"Stage": "demo"
},
"tags_all": {
"Name": "my-demo-db",
"Namespace": "my",
"Stage": "demo"
},
"timeouts": {
"create": "40m",
"delete": "60m",
"update": "80m"
},
"timezone": "",
"username": "xxxxxxxxxxxxx",
"vpc_security_group_ids": [
"sg-xxxxxxxxxxxxx"
]
},
"sensitive_attributes": [],
"private": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"dependencies": [
"data.aws_availability_zones.available",
"module.dynamic_subnets.aws_subnet.private",
"module.dynamic_subnets.data.aws_availability_zones.default",
"module.dynamic_subnets.data.aws_vpc.default",
"module.kms_rds_key.aws_kms_key.default",
"module.rds_postgres_db.aws_db_option_group.default",
"module.rds_postgres_db.aws_db_parameter_group.default",
"module.rds_postgres_db.aws_db_subnet_group.default",
"module.rds_postgres_db.aws_security_group.default",
"module.vpc.aws_vpc.default",
"random_string.rds_password"
]
}
]
},How to reproduce
module "rds_postgres_db" {
source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=0.43.0"
namespace = "my"
stage = "demo"
name = "db"
# Instance config
instance_class = "db.t4g.small"
storage_type = "gp3"
allocated_storage = 20
# Database Engine config
engine = "postgres"
engine_version = "15.3"
db_parameter_group = "postgres15"
allow_major_version_upgrade = true
apply_immediately = true
# Network config
vpc_id = vpc-1234567
subnet_ids = [...]
database_name = "demo"
database_user = "demo"
database_password = "random"
}Possible Solution
Additional context