Skip to content

BC break from 0.30.0 to 0.30.2 #134

New issue
New issue
Open
Open
BC break from 0.30.0 to 0.30.2#134
Labels
bug🐛 An issue with the system
@ipc-zpg

Description

@ipc-zpg
ipc-zpg
opened on Aug 18, 2025

Describe the Bug

Updating from 0.30.0 to 0.30.2 causes SSM parameter to be deleted.

see also: #127

code was:

module "documentdb_cluster" {
  source = "cloudposse/documentdb-cluster/aws"

  # NOTE: DO NOT UPGRADE TO 0.30.1.  It has some strange password behaviour. see - https://github.com/cloudposse/terraform-aws-documentdb-cluster/issues/127
  version = "0.30.0"

  name = "${var.env}-shared-docdb"

  allowed_security_groups    = local.docdb_security_groups
  apply_immediately          = true
  auto_minor_version_upgrade = true
  cluster_family             = "docdb5.0"

  cluster_parameters = [{
    name         = "tls"
    value        = "enabled"
    apply_method = "pending-reboot"
  }]

  preferred_backup_window      = "01:00-03:00"
  preferred_maintenance_window = "fri:03:00-fri:05:00"

  cluster_size              = var.documentdb_instance_count
  engine_version            = "5.0.0"
  master_username           = "redacted"
  instance_class            = var.documentdb_instance_type
  ssm_parameter_enabled     = true
  ssm_parameter_path_prefix = "/${var.env}/docdb/master-password/"
  subnet_ids                = module.vpc.private_subnets
  vpc_id                    = module.vpc.vpc_id
  ca_cert_identifier        = "rds-ca-rsa2048-g1" # https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html
}

the plan shows:

  # module.documentdb_cluster.module.ssm_write_db_password.aws_ssm_parameter.default["/wibble/docdb/master-password/wibble-shared-docdb"] will be destroyed
  # (because key ["/wibble/docdb/master-password/wibble-shared-docdb"] is not in for_each map)

The only diff for this plan is:

diff --git a/platform/documentdb.tf b/platform/documentdb.tf
index redacted 100644
--- a/platform/documentdb.tf
+++ b/platform/documentdb.tf
@@ -9,7 +9,7 @@ module "documentdb_cluster" {
   source = "cloudposse/documentdb-cluster/aws"

   # NOTE: DO NOT UPGRADE TO 0.30.1.  It has some strange password behaviour. see - https://github.com/cloudposse/terraform-aws-documentdb-cluster/issues/127
-  version = "0.30.0"
+  version = "0.30.2"

   name = "${var.env}-shared-docdb"

Expected Behavior

This is a minor release, and should therefore not have any changes in the plan.

Steps to Reproduce

Upgrade from 0.30.0 to 0.30.2

Screenshots

No response

Environment

No response

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug🐛 An issue with the system

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions