Merge pull request #11 from DNXLabs/enhanced_monitoring

Add enhanced monitoring to the RDS resource
DNXLabs · Dec 16, 2021 · e098086 · e098086
2 parents e3a9703 + b5e209d
commit e098086
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -50,6 +50,7 @@
 | kms\_key\_arn | KMS Key ARN to use a CMK instead of default shared key, when storage\_encrypted is true | `string` | `""` | no |
 | major\_engine\_version | Specifies the major version of the engine that this option group should be associated with | `string` | `""` | no |
 | max\_allocated\_storage | Argument higher than the allocated\_storage to enable Storage Autoscaling, size in GB. 0 to disable Storage Autoscaling | `number` | `0` | no |
+| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | `number` | `0` | no |
 | multi\_az | Deploy multi-az instance database | `bool` | `false` | no |
 | name | Name of this RDS Database | `string` | n/a | yes |
 | option\_group\_description | The description of the option group | `string` | `"Managed by Terraform"` | no |

diff --git a/_variables.tf b/_variables.tf
@@ -284,4 +284,10 @@ variable "publicly_accessible" {
   description = "(Optional) Bool to control if instance is publicly accessible"
   type        = bool
   default     = false
-}
+}
+
+variable "monitoring_interval" {
+  type        = number
+  description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance"
+  default     = 0
+}
diff --git a/rds.tf b/rds.tf
@@ -30,6 +30,8 @@ resource "aws_db_instance" "rds_db" {
   deletion_protection             = var.deletion_protection
   performance_insights_enabled    = var.performance_insights_enabled
   enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
+  monitoring_interval             = var.monitoring_interval
+  monitoring_role_arn             = var.monitoring_interval > 0 ? aws_iam_role.rds_monitoring[count.index].arn : ""
 
   tags = {
     Backup = var.backup
@@ -88,4 +90,24 @@ resource "aws_db_option_group" "rds_custom_db_og" {
   lifecycle {
     create_before_destroy = true
   }
-}
+}
+
+resource "aws_iam_role" "rds_monitoring" {
+  count = var.monitoring_interval > 0 ? 1 : 0
+
+  name                = "rds-${var.database_name}-enhanced-monitoring"
+  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"]
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "monitoring.rds.amazonaws.com"
+        }
+      },
+    ]
+  })
+}