terraform: How to override AWS RDS final snapshot

Question

Have the following DB resource in tf file:

resource "aws_db_instance" "app_db" {
  count = local.db_count

  allocated_storage     = 5
  max_allocated_storage = 10
  engine                = "postgres"
  instance_class        = "db.t3.micro"
  name                  = var.db_creds["db_name"]
  port                  = 5432
  username              = var.db_creds["username"]
  password              = var.db_creds["password"]

  db_subnet_group_name   = aws_db_subnet_group.database_sg.name
  vpc_security_group_ids = [aws_security_group.app.id]

  final_snapshot_identifier = "${var.environment_deployment_tag}-app-db-snaphot"
}

After destroying DB resource I get this error:

DBSnapshotAlreadyExists: Cannot create the snapshot because a snapshot with the identifier app-db-snaphot already exists

I understand that it is because snapshot with such identifier already exists but I'd like to ask if there is a way to override previous snapshot?

If no and all snapshots should have unique name, I guess format something like this should be fine: final_snapshot_identifier = "${var.environment_deployment_tag}-app-db-snaphot-${timestamp()}"

I wonder how to clean up previous snapshots so on RDS won't be a lot of them? And what is the best approach to manage final snapshot?

Answer 1

If you do want to maintain a final database snapshot and use the final_snapshot_identifier = "${var.environment_deployment_tag}-app-db-snaphot-${timestamp()}" snippet, be sure to add this lifecycle block so that subsequent Terraform plans don't see a "change" every time due to the use of the timestamp() function:

lifecycle {
    ignore_changes = [
      final_snapshot_identifier,
    ]
}

You may also need to replace the : characters from the timestamp() function with - characters by using replace(timestamp(), ":", "-") like so:

final_snapshot_identifier = "${var.environment_deployment_tag}-app-db-snaphot-${replace(timestamp(), ":", "-")}"