Global cluster upgrade not redirecting to minor version correctly

[tbright92]

Terraform and AWS Provider Version

Terraform Core Version
1.14.1

AWS Provider Version
6.24.0

Affected Resource(s) or Data Source(s)

aws_rds_global_cluster

Expected Behavior

When attempting a minor version upgrade (in our case, 17.5 to 17.6), an error is thrown that ModifyGlobalCluster only supports major version upgrades, then it will attempt a minor version upgrade using ModifyDbCluster for each member.

Actual Behavior

An error is thrown when calling ModifyGlobalCluster, but there is no minor version upgrade attempt afterwards to call ModifyDbCluster for each member.

Relevant Error/Panic Output

Error: upgrading major version of RDS Global Cluster (global-cluster-name): modifying RDS Global Cluster (global-cluster-name) EngineVersion: operation error RDS: ModifyGlobalCluster, https response error StatusCode: 400, RequestID: b59f1dbf-877b-48a0-bc8c-86fb1c72d957, api error InvalidParameterValue: ModifyGlobalCluster doesn't support minor version upgrades for Aurora global databases. To upgrade to a newer minor version, call ModifyDBCluster for each member of your global cluster.

Sample Terraform Configuration

Click to expand configuration

resource "aws_rds_global_cluster" "example" {
  global_cluster_identifier = "global-test"
  engine                    = "aurora-postgresql"
  engine_version            = var.engine_version
  deletion_protection       = var.deletion_protection
  storage_encrypted         = true

  timeouts {
    create = "30m"
    update = "120m"
    delete = "30m"
  }
}

resource "aws_rds_cluster" "primary" {
  master_username           = "username"
  master_password           = "password123"
  engine                    = "aurora-postgresql"
  engine_version            = var.engine_version
  global_cluster_identifier = aws_rds_global_cluster.example.id
  cluster_identifier        = "test-primary-cluster"
  storage_encrypted         = true

  allow_major_version_upgrade         = true
  apply_immediately                   = true
  deletion_protection                 = var.deletion_protection
  enabled_cloudwatch_logs_exports     = var.enabled_cloudwatch_logs_exports
  iam_database_authentication_enabled = var.iam_database_authentication_enabled
  kms_key_id                          = data.aws_kms_key.primary.arn
  backup_retention_period             = var.backup_retention_period
  preferred_backup_window             = var.preferred_backup_window
  preferred_maintenance_window        = var.preferred_maintenance_window
  skip_final_snapshot                 = var.skip_final_snapshot
  final_snapshot_identifier           = "${var.naming_prefix}-final-snapshot-${replace(timestamp(), ":", "-")}"
  copy_tags_to_snapshot               = true

  db_subnet_group_name   = aws_db_subnet_group.db_subnet.name
  vpc_security_group_ids = [aws_security_group.db_sg.id]
  availability_zones     = var.primary_availability_zones

  lifecycle {
    ignore_changes = [
      final_snapshot_identifier,
      replication_source_identifier
    ]
  }

  timeouts {
    create = "120m"
    delete = "120m"
    update = "120m"
  }
}

resource "aws_rds_cluster_instance" "primary" {
  count = var.primary_instance_count

  cluster_identifier = aws_rds_cluster.primary.id
  engine             = "aurora-postgresql"
  identifier         = "test-primary-cluster-instance"

  db_subnet_group_name            = aws_db_subnet_group.db_subnet.name
  performance_insights_enabled    = true
  performance_insights_kms_key_id = data.aws_kms_key.primary.arn
  apply_immediately               = true
  copy_tags_to_snapshot           = true
  preferred_maintenance_window    = var.preferred_maintenance_window
  instance_class                  = var.instance_class
  auto_minor_version_upgrade      = var.auto_minor_version_upgrade

  timeouts {
    create = "60m"
    delete = "60m"
    update = "60m"
  }
}

resource "aws_rds_cluster" "secondary" {
  provider                  = aws.secondary-region-provider
  engine                    = "aurora-postgresql"
  engine_version            = var.engine_version
  global_cluster_identifier = aws_rds_global_cluster.example.id
  cluster_identifier        = "test-secondary-cluster"
  storage_encrypted         = true

  allow_major_version_upgrade         = true
  apply_immediately                   = true
  deletion_protection                 = var.deletion_protection
  enabled_cloudwatch_logs_exports     = var.enabled_cloudwatch_logs_exports
  iam_database_authentication_enabled = var.iam_database_authentication_enabled
  kms_key_id                          = data.aws_kms_key.secondary.arn
  backup_retention_period             = var.backup_retention_period
  preferred_backup_window             = var.preferred_backup_window
  preferred_maintenance_window        = var.preferred_maintenance_window
  skip_final_snapshot                 = var.skip_final_snapshot
  final_snapshot_identifier           = "${var.naming_prefix}-final-snapshot-${replace(timestamp(), ":", "-")}"
  copy_tags_to_snapshot               = true
  source_region                       = var.primary_region

  db_subnet_group_name   = aws_db_subnet_group.db_subnet_secondary.name
  vpc_security_group_ids = [aws_security_group.db_sg_secondary.id]
  availability_zones     = var.secondary_availability_zones

  lifecycle {
    ignore_changes = [
      final_snapshot_identifier,
      replication_source_identifier
    ]
  }

  timeouts {
    create = "90m"
    delete = "90m"
    update = "90m"
  }

  depends_on = [
    aws_rds_cluster_instance.primary
  ]
}

resource "aws_rds_cluster_instance" "secondary" {
  count = var.secondary_instance_count

  provider           = aws.secondary-region-provider
  cluster_identifier = aws_rds_cluster.secondary.id
  engine             = "aurora-postgresql"
  identifier         = "test-secondary-cluster-instance"

  db_subnet_group_name            = aws_db_subnet_group.db_subnet_secondary.name
  performance_insights_enabled    = true
  performance_insights_kms_key_id = data.aws_kms_key.secondary.arn
  apply_immediately               = true
  copy_tags_to_snapshot           = true
  preferred_maintenance_window    = var.preferred_maintenance_window
  instance_class                  = coalesce(var.secondary_instance_class, var.instance_class)
  auto_minor_version_upgrade      = var.auto_minor_version_upgrade

  timeouts {
    create = "90m"
    delete = "90m"
    update = "90m"
  }
}

Steps to Reproduce

1. terraform apply with any newer minor version

Debug Logging

Click to expand log output

09:22:32.592 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m01s elapsed]
  09:22:42.593 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m11s elapsed]
  09:22:52.597 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m21s elapsed]
  09:23:02.600 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m31s elapsed]
  09:23:12.604 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m41s elapsed]
  09:23:22.608 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 119m51s elapsed]
  09:23:32.608 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 120m01s elapsed]
  09:23:42.612 STDOUT terraform: aws_rds_global_cluster.global: Still modifying... [id=global-cluster-name, 120m11s elapsed]
  09:23:48.967 STDERR terraform: ╷
  09:23:48.971 STDERR terraform: │ Error: upgrading major version of RDS Global Cluster (global-cluster-name): modifying RDS Global Cluster (global-cluster-name) EngineVersion: operation error RDS: ModifyGlobalCluster, https response error StatusCode: 400, RequestID: b59f1dbf-877b-48a0-bc8c-86fb1c72d957, api error InvalidParameterValue: ModifyGlobalCluster doesn't support minor version upgrades for Aurora global databases. To upgrade to a newer minor version, call ModifyDBCluster for each member of your global cluster.

GenAI / LLM Assisted Development

n/a

Important Facts and References

From what I can tell, it appears the error message may have changed recently that determines whether a minor version upgrade is performed on a global cluster (our last minor version upgrade was in September 2024, we've only completed major version upgrades until now, so not sure exactly when the change may have occurred).

Referencing this issue and this line of code, compared to the error I'm seeing, the message used to be "only supports Major Version Upgrades" but is now "doesn't support minor version upgrades" which has caused this bug.

Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.

[github-actions]

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v6.27.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!