We are using Terraform's aws_db_instance to create an RDS PostgreSQL instance. When we set enabled_cloudwatch_logs_exports, this creates a CloudWatch Log Group for RDS logs.
Next, we'd like to set the retention period for this Log Group to 7 days, rather than its default "Never expire" setting. However, we're unable to do this using aws_cloudwatch_log_group, since the Log Group already exists but is not directly managed by Terraform.
Minimum reproducible example:
# foo.tf
resource "aws_db_instance" "foo" {
allocated_storage = 10
db_name = "mydb"
engine = "postgres"
engine_version = "12"
instance_class = "db.t3.micro"
username = "foo"
password = "foobarbaz"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["postgresql"]
}
resource "aws_cloudwatch_log_group" "bar" {
name = "/aws/rds/instance/${aws_db_instance.foo.id}/postgresql"
retention_in_days = 7
}
This leads to the error below:
Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/rds/instance/terraform-/postgresql' already exists.
How can we tell terraform within this module (foo.tf) to manage the Log Group that is implicitly created by aws_db_instance?
Caveats: I cannot use terraform import here. This must stay contained within Terraform modules.
There's no way to do what you want now that the resources already exist in AWS. The only option now is to use terraform import.
If you are trying to make this module reusable, and want to prevent this issue from happening again in the future, then you should add a depends_on to the aws_db_instance resource, so that it waits for the aws_cloudwatch_log_group resource to exist, before creating the database resource. If the log group already exists, then AWS will just use it instead of trying to create it for you automatically.