AWS RDS Cannot revoke vpc security group membership because it is not in the authorized state

Question

I am trying to change the RDS instance DB subnet group but i am getting this error

Cannot revoke vpc security group membership because it is not in the authorized state

I have tried to do this from terraform still the same , i have created a snapshot to create a new rds instances but you can not created because the database already there and i don't won't to delete the rds because it is production database, i have given a full access to the account that i am trying to do this operation.

Any idea how this can be solved?

Yaroslav Kovalevskyi · Answer 1 · 2023-08-27T11:44:49.513

1

I had the same case and next steps helped me resolve it:

Create a snapshot of your DB
Restore DB from snapshot with new parameters
Exclude your DB from tfstate list:
```
terraform state rm <path_to_your_db>
```

Import newly created db:

terraform import <path_to_your_db(same as in step 3)> <db_identifier_from_restored_db>

After it, terraform can manage your DB, and it will be with desired VPC properties (subnets, security groups, etc)

edited Aug 27 '23 at 11:44

answered Aug 27 '23 at 11:35

Yaroslav Kovalevskyi

33
5

To make the database leave this error yes your correct , The issue is from aws provider terraform when you try to change the DB subnet from the terraform will stuck and can not be revoked , what i did was changing the DB subnet manually from console then change the terraform state and others things, you can update the answer so i can confirm this as accept answer. – Zheer Ardalan Aug 29 '23 at 08:34

AWS RDS Cannot revoke vpc security group membership because it is not in the authorized state

1 Answers1