Unable to connect on an Aurora serverless cluster

[JeremieCharest]

Hi, I'm unable to connect on an Mysql Aurora serverless cluster to create a schema. The mysql cli can do it from the same host with the same configuration.

Terraform Version

• I tried with 0.13.5 and 0.12.29
• I tried with 1.7.0, 1.8.0 and 1.9.0 of mysql provider

Terraform Configuration Files

To reproduce the issue the configuration was hardcoded and schema isolated.

provider mysql {
  version = "~> 1.9"

  endpoint = "MY_SERVERLESS.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com:3306"
  username = "MY_USER"
  password = "MY_PASSWORD"
}

resource mysql_database mysql_schema {
  name = var.schema
  default_character_set = "utf8"
  default_collation = "utf8_general_ci"

  lifecycle {
    prevent_destroy = true
  }
}

Debug Output

mysql_database.mysql_schema: Still creating... [4m30s elapsed]
mysql_database.mysql_schema: Still creating... [4m40s elapsed]
mysql_database.mysql_schema: Still creating... [4m50s elapsed]
Error: Could not connect to server: Error 1045: Access denied for user 'MY_USER'@'10.1.0.114' (using password: YES)

Expected Behavior

I should be able to connect on Aurora serverless cluster like the mysql cli

Actual Behavior

Mysql provider can't connect to the serverless cluster and from the output it didn't seem to have used my endpoint configuration

Steps to Reproduce

1. Terraform the cluster in a first run
2. Confirm that the provider configuration is correct by connecting with mysql cli
3. terraform apply only the schema creation

Important Factoids

I run my Terraform from a bastion host and it can connect to the db with mysql cli from the same host/creds. There's no proxy involved and I don't know where the denied ip from TF output come (I don't have subnets or dns server with that range). I tried to change TF and provider version, enable/disable tls, use ip/dns. We don't have env var to configure mysql connection.

Mysql cli
Both command are successful :

mysql -h MY_SERVERLESS.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com -p -u MY_USER

# or with ips found by dig
mysql -h 10.X.X.X -p -u MY_USER

Dig

# dig MY_SERVERLESS.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26987
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;MY_SERVERLESS.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com. IN	A

;; ANSWER SECTION:
MY_SERVERLESS.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com. 5 IN CNAME	vpce-xxxx-xxx.vpce-svc-xx.us-east-1.vpce.amazonaws.com.
vpce-xxxx-xxx.vpce-svc-xx.us-east-1.vpce.amazonaws.com. 60 IN A 10.X.X.X
vpce-xxxx-xxx.vpce-svc-xx.us-east-1.vpce.amazonaws.com. 60 IN A 10.Y.Y.Y