Upgrade Aiven Provider for Terraform from v2 to v3#

This article will walk you through upgrading the Aiven Terraform Provider from v2 to v3.

Major changes in v3#

Aiven Terraform Provider has a detailed changelog but the main additions in v3 are:

Generic aiven_vpc_peering_connection replaced with provider specific resources
Generic aiven_service_user replaced with service specific resources
Generic aiven_database replaced with service specific resources

Upgrade Aiven Terraform provider#

Update the Aiven Terraform Provider by editing the providers block of your script to include the latest version of the Aiven Terraform Provider (v3.8.1 at the time of writing):

terraform {
  required_providers {
    aiven = {
      source  = "aiven/aiven"
      version = ">=3.0.0, < 4.0.0"
    }
  }
}

Tip

You might need to run terraform init -upgrade for the provider version upgrade to take place.

Update to provider specific VPC peering connection resource syntax#

V3 of the Aiven Terraform Provider moves away from using aiven_vpc_peering_connection as a resource, and instead provides provider specific resources such as aiven_azure_vpc_peering_connection. Since we probably don’t want to destroy existing resources and make new ones, this guide will help you perform the migration safely.

Warning

Since aiven_vpc_peering_connection and the new one such as aiven_azure_vpc_peering_connection are different kinds of resources, simply rewriting the code would cause destructive actions. These steps will preserve your resources.

Please also note that running terraform state mv <a> <b> is not recommended because these are different resource types.

Tip

Backup your Terraform state file terraform.tfstate (if available), just in case of potential rollback.

To safely make this change you will:

Change the code
Remove old resource from the state
Import already existing resource to the Terraform state.

To change from the old aiven_vpc_peering_connection to the new aiven_azure_vpc_peering_connection resource, the resource type should be changed. Any references to aiven_vpc_peering_connection.foo.* should be updated to instead read aiven_azure_vpc_peering_connection.foo.* instead.

Here’s an example showing the update in action:

- resource "aiven_vpc_peering_connection" "foo" {
    vpc_id                = data.aiven_project_vpc.vpc.id
-   peer_cloud_account    = "Azure subscription ID"
-   peer_vpc              = "Azure virtual network name of the peered VPC"
    peer_azure_app_id     = "Azure app registration id in UUID4 form"
    peer_azure_tenant_id  = "Azure tenant id in UUID4 form"
    peer_resource_group   = "Azure resource group name of the peered VPC"
  }

+ resource "aiven_azure_vpc_peering_connection" "foo" {
    vpc_id                = data.aiven_project_vpc.vpc.id
+   azure_subscription_id = "Azure subscription ID"
+   vnet_name             = "Azure virtual network name of the peered VPC"
    peer_azure_app_id     = "Azure app registration id in UUID4 form"
    peer_azure_tenant_id  = "Azure tenant id in UUID4 form"
    peer_resource_group   = "Azure resource group name of the peered VPC"
  }

Check the current state of the world:
```
terraform state list | grep azure
```
Remove the resource from the control of Terraform:
```
terraform state rm aiven_vpc_peering_connection.foo
```
Tip

Use the -dry-run flag to see this change before it is actually made

Add the resource back to Terraform by importing it as a new resource with the new type:

terraform import aiven_azure_vpc_peering_connection.foo project_name/vpc_id/azure_subscription_id/vnet_name

Check that the import is going to run as you expect:
```
terraform plan
```
Apply the new configuration:
```
terraform apply
```
Note

You can follow a similar approach to update aiven_database and aiven_service_user resources, which have been deprecated in v3 of the provider.