Unable to create an encrypted Aurora cluster from a non-encrypted snapshot

[viggy28]

Hi there,

AWS suggests to create an encrypted Aurora cluster from a non encrypted cluster by taking a snapshot of it and restoring with KMS key id and storage encrypted parameter. I can do that on the console.

Terraform Version

v0.11.3

Terraform Configuration Files

resource "aws_rds_cluster" "default" {
  cluster_identifier           = "${module.naming.aws_db_instance}${var.dr_rebuild_awsregion_date}"
  vpc_security_group_ids       = [
                           "${module.networks.security_groups[format("%s.%s.%s", var.aws_region, var.vpc, "db")]}",
                           "${module.networks.security_groups[format("%s.%s.%s", var.aws_region, var.vpc, "onprem")]}"

  ]

  db_subnet_group_name         = "${module.networks.rds_subnet_groups[format("%s.%s", var.aws_region, var.vpc)]}"
  port                         = "3306"
  database_name                = "${var.db_name}"
  master_username              = "${var.db_username}"
  master_password              = "${var.db_password}"
  apply_immediately            = "${var.db_apply_immediately}"
  db_cluster_parameter_group_name   = "${aws_rds_cluster_parameter_group.default.name}"
  snapshot_identifier          = "${var.db_snapshot_identifier}"
  replication_source_identifier = "${null_resource.aurora_cluster_arn.triggers.replication_source_arn_of_primary_region}"
  storage_encrypted            = "${var.db_storage_encrypted}"
  kms_key_id                   = "${var.db_kms_key_id}"
  
}

#terraform.tfvars file

# Aurora encryption
db_storage_encrypted        = true 
db_kms_key_id               = "arn:aws:kms:us-east-1:111111111:key/111111-1111-1111-1111-111111111"   

Debug Output

Its really huge. Let me know, if there is any thing specific that I can provide.
Outputs:

Cluster endpoint (region): = [
    adb.us-east-1.encryption-benchmark7.vigneshrdev7.nonprod-tmaws.io
]
RDS instance in Tier 2 (region):  = adb-t2-0.us-east-1.encryption-benchmark7.vigneshrdev7.nonprod-tmaws.io,  adb-t2-1.us-east-1.encryption-benchmark7.vigneshrdev7.nonprod-tmaws.io
2018-02-22T23:30:38.541Z [DEBUG] plugin: plugin process exited: path=/bin/terraform-provider-null_v1.0.0_x4
Job succeeded

Crash Output

No crash, it goes through fine.

Expected Behavior

It should have created an encrypted Aurora cluster.

Actual Behavior

It created a non-encrypted Aurora cluster.

https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-clusters.html output
'StorageEncrypted': False,

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

1. terraform init
2. terraform apply

Additional Context

I am using a wrapper around Terraform and also in Gitlab CI, but i don't think thats an issue.

References

[ghost]

This issue has been automatically migrated to hashicorp/terraform-provider-aws#3503 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-aws#3503.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.