Search code examples
mysqlterraformamazon-iamrdsterraform-provider-aws

Not able to create mysql user with AWSAuthenticationPlugin with terraform

I am trying to create a MySQL user to use with IAM, and I am using terraform to do this.

This is what I am trying to accomplish :

CREATE USER 'lambda' IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS';

with 

provider "mysql" {
  alias    = "kadamb-test"
  endpoint = "${aws_db_instance.kadamb-test.endpoint}"
  username = "${aws_db_instance.kadamb-test.username}"
  password = "${aws_db_instance.kadamb-test.password}"
}


resource "mysql_user" "kadamb-test-iam-user" {
  provider = "mysql.kadamb-test"
  user = "kadamb_test_user"
  host = "%"
  auth_plugin = "AWSAuthenticationPlugin"
  tls_option = ""
}

This is the output when I am running terraform-apply:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + mysql_user.kadamb-test-iam-user
      id:          <computed>
      auth_plugin: "AWSAuthenticationPlugin"
      host:        "%"
      user:        "kadamb_test_user"


Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

mysql_user.kadamb-test-iam-user: Creating...
  auth_plugin: "" => "AWSAuthenticationPlugin"
  host:        "" => "%"
  user:        "" => "kadamb_test_user"

Error: Error applying plan:

1 error(s) occurred:

* mysql_user.kadamb-test-iam-user: 1 error(s) occurred:

* mysql_user.kadamb-test-iam-user: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

I am reading the documentation and trying to debug what is going wrong, but couldn't find anything.

Can anyone help me with this?

Solution

  • Just changing tls_option = "" to tls_option = "NONE", solved my problem.
    I am not sure, how and what difference did it make, but I was able to create the user with this.