[Bug]: Provider-aws-rds ParameterGroup Resource Does Not Throttle

[Bug]: provider-aws-rds ParameterGroup resource does not throttle

As we continue to push the boundaries of cloud infrastructure management, it's essential to identify and address potential issues that can impact our users. In this article, we'll delve into a critical bug affecting the provider-aws-rds ParameterGroup resource, which fails to throttle when modified by a composition. This can lead to an excessive amount of logs being generated, resulting in a massive bill from AWS Cloudtrail.

Is there an existing issue for this?

Before we dive into the details, let's confirm whether this issue has been reported before. After conducting a thorough search, we found that this is a new issue that hasn't been addressed in the existing Crossplane documentation.

Affected Resource(s)

The ParameterGroup Managed resource is the primary focus of this bug. When modified by a composition, the setting is accepted as valid and applied but will be rejected by AWS. This rejection triggers a reconcile war, leading to an excessive amount of logs being generated. As a result, AWS Cloudtrail API will throttle, causing a significant increase in costs.

Resource MRs required to reproduce the bug

Unfortunately, we don't have any specific MRs to reproduce this bug. However, we'll provide a detailed step-by-step guide to help you replicate the issue.

Steps to Reproduce

To observe this bug, follow these steps:

1. Attempt to set track_io_timing = "1" on a Postgres14 ParameterGroup.
2. The setting will appear to be applied fine, but you'll eventually receive a response from AWS indicating that the parameter is not modifiable.

Here's an example of the response you'll receive:

"requestParameters": {
	"dBParameterGroupName": "sampleparamgroup",
	"parameters": [
		{
			"parameterName": "track_io_timing",
			"parameterValue": "1",
			"isModifiable": false,
			"applyMethod": "immediate"
		}
	]
}

What happened?

When excessive API retries are made, we expected the system to throttle or generate an error indicating that the setting is not taking. However, Crossplane continues to aggressively re-apply the setting, leading to a nearly 100k bill from Cloudtrail by month's end.

Relevant Error Output Snippet

Unfortunately, we don't have any relevant error output snippets to share at this time.

Crossplane Version

We're using Crossplane version 1.91.1.

Provider Version

The provider version is 1.

Kubernetes Version

Our Kubernetes version is 1.30.

Kubernetes Distribution

We're using EKS as our Kubernetes distribution.

Additional Info

We don't have any additional information to share at this time.

In conclusion, the provider-aws-rds ParameterGroup resource fails to throttle when modified by a composition, leading to an excessive amount of logs being generated and a significant increase in costs. We've provided a detailed step-by-step guide to help you replicate the issue. We urge the Crossplane community to address this critical bug and implement a global backoff rule to prevent the sheer volume of logs being generated.

To mitigate this issue, we recommend the following:

1. Implement a global backoff rule to prevent the excessive number of logs being generated.
2. Update the provider-aws-rds ParameterGroup resource to throttle when modified by a composition.
3. Provide a clear error message indicating that the setting is not modifiable.

By addressing this critical bug, we can ensure that our users have a seamless experience when managing their cloud infrastructure with Crossplane.
[Bug]: provider-aws-rds ParameterGroup resource does not throttle - Q&A

In our previous article, we discussed a critical bug affecting the provider-aws-rds ParameterGroup resource, which fails to throttle when modified by a composition. This can lead to an excessive amount of logs being generated, resulting in a massive bill from AWS Cloudtrail. In this article, we'll provide a Q&A section to address some of the most frequently asked questions related to this bug.

Q: What is the root cause of this bug?

A: The root cause of this bug is that the provider-aws-rds ParameterGroup resource fails to throttle when modified by a composition. This leads to an excessive amount of logs being generated, resulting in a massive bill from AWS Cloudtrail.

Q: What are the symptoms of this bug?

A: The symptoms of this bug include:

• An excessive amount of logs being generated
• A massive bill from AWS Cloudtrail
• The provider-aws-rds ParameterGroup resource failing to throttle when modified by a composition

Q: How can I reproduce this bug?

A: To reproduce this bug, follow these steps:

1. Attempt to set track_io_timing = "1" on a Postgres14 ParameterGroup.
2. The setting will appear to be applied fine, but you'll eventually receive a response from AWS indicating that the parameter is not modifiable.

Q: What is the expected behavior of the provider-aws-rds ParameterGroup resource?

A: The expected behavior of the provider-aws-rds ParameterGroup resource is to throttle when modified by a composition. This means that if the resource is modified multiple times, it should only apply the changes once and then stop.

Q: What is the current behavior of the provider-aws-rds ParameterGroup resource?

A: The current behavior of the provider-aws-rds ParameterGroup resource is to fail to throttle when modified by a composition. This leads to an excessive amount of logs being generated, resulting in a massive bill from AWS Cloudtrail.

Q: How can I mitigate this bug?

A: To mitigate this bug, you can implement a global backoff rule to prevent the excessive number of logs being generated. You can also update the provider-aws-rds ParameterGroup resource to throttle when modified by a composition.

Q: What is the impact of this bug on my AWS bill?

A: The impact of this bug on your AWS bill can be significant. If the provider-aws-rds ParameterGroup resource fails to throttle when modified by a composition, it can lead to an excessive amount of logs being generated, resulting in a massive bill from AWS Cloudtrail.

Q: How can I prevent this bug from occurring in the future?

A: To prevent this bug from occurring in the future, you can implement a global backoff rule to prevent the excessive number of logs being generated. You can also update the provider-aws-rds ParameterGroup resource to throttle when modified by a composition.

In conclusion, the provider-aws-rds ParameterGroup resource fails to throttle when modified by a composition, leading to an excessive amount of logs being generated and a significant increase in costs. We've provided a Q&A section to address some of the most frequently asked questions related to this bug. We urge the Crossplane community to address this critical bug and implement a global backoff rule to prevent the sheer volume of logs being generated.

To mitigate this bug, we recommend the following:

1. Implement a global backoff rule to prevent the excessive number of logs being generated.
2. Update the provider-aws-rds ParameterGroup resource to throttle when modified by a composition.
3. Provide a clear error message indicating that the setting is not modifiable.

By addressing this critical bug, we can ensure that our users have a seamless experience when managing their cloud infrastructure with Crossplane.