Eliminated problematic special characters from password generation.

Author: BSick7

CHANGELOG.md

@@ -1,3 +1,6 @@
+# 0.13.8 (Apr 17, 2025)
+* Eliminated problematic special characters from password generation.
+
 # 0.13.7 (Mar 17, 2025)
 * Added support for storage auto-scaling.
 

password.tf

@@ -6,7 +6,29 @@ resource "random_password" "this" {
   special = true
 
   // The password for the master database user can include any printable ASCII character except /, ", @, or a space.
-  override_special = "!#$%&*()-_=+[]{}<>:?"
+  // We're also excluding the following characters:
+  // ':' - not allowed by DMS (Database Migration Service)
+  // ';' - not allowed by DMS
+  // '+' - not allowed by DMS
+  // '%' - not allowed by DMS, confuses url encoding
+  // '?' - confuses url encoding
+  // '#' - confuses url encoding
+  // '[' - confuses url encoding
+  // ']' - confuses url encoding
+  // '{' - confuses url encoding
+  // '}' - confuses url encoding
+  // '(' - issues with batch files
+  // ')' - issues with batch files
+  // '&' - issues with batch files
+  // '!' - issues with batch files
+  // '^' - issues with batch files
+  // '<' - issues with batch files
+  // '>' - issues with batch files
+  override_special = "$*-_="
+
+  lifecycle {
+    ignore_changes = [override_special] // Prevent changing passwords for provisioned dbs
+  }
 }
 
 resource "aws_secretsmanager_secret" "password" {