From f8da9788ddc0e63024bba0a5b13f91415d5a0984 Mon Sep 17 00:00:00 2001 From: Jeremias - DNX Date: Fri, 17 Dec 2021 10:16:00 +1100 Subject: [PATCH 1/3] add enhanced monitoring to the rds resource --- _variables.tf | 8 +++++++- rds.tf | 24 +++++++++++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/_variables.tf b/_variables.tf index c142b2c..94582bb 100644 --- a/_variables.tf +++ b/_variables.tf @@ -284,4 +284,10 @@ variable "publicly_accessible" { description = "(Optional) Bool to control if instance is publicly accessible" type = bool default = false -} \ No newline at end of file +} + +variable "monitoring_interval" { + type = number + description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance" + default = 0 +} diff --git a/rds.tf b/rds.tf index f43b3ba..cb9b440 100644 --- a/rds.tf +++ b/rds.tf @@ -30,6 +30,8 @@ resource "aws_db_instance" "rds_db" { deletion_protection = var.deletion_protection performance_insights_enabled = var.performance_insights_enabled enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + monitoring_interval = var.monitoring_interval + monitoring_role_arn = var.monitoring_interval > 0 ? aws_iam_role.rds_monitoring[count.index].arn : "" tags = { Backup = var.backup @@ -88,4 +90,24 @@ resource "aws_db_option_group" "rds_custom_db_og" { lifecycle { create_before_destroy = true } -} \ No newline at end of file +} + +resource "aws_iam_role" "rds_monitoring" { + count = var.monitoring_interval > 0 ? 1 : 0 + + name = "rds-${var.database_name}-enhanced-monitoring" + managed_policy_arns = [ "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" ] + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + Service = "monitoring.rds.amazonaws.com" + } + }, + ] + }) +} From 902d620eaf3b189480a2d0a5e410dda1e5a5b64c Mon Sep 17 00:00:00 2001 From: Jeremias - DNX Date: Fri, 17 Dec 2021 10:17:40 +1100 Subject: [PATCH 2/3] lint fix --- rds.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rds.tf b/rds.tf index cb9b440..843883e 100644 --- a/rds.tf +++ b/rds.tf @@ -95,8 +95,8 @@ resource "aws_db_option_group" "rds_custom_db_og" { resource "aws_iam_role" "rds_monitoring" { count = var.monitoring_interval > 0 ? 1 : 0 - name = "rds-${var.database_name}-enhanced-monitoring" - managed_policy_arns = [ "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" ] + name = "rds-${var.database_name}-enhanced-monitoring" + managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"] assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ From b5e209d9494292ad72f920ad96f9f10b2cba73fe Mon Sep 17 00:00:00 2001 From: jeremiasroma Date: Thu, 16 Dec 2021 23:17:52 +0000 Subject: [PATCH 3/3] terraform-docs: automated update action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index edb1a14..51db1ae 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ | kms\_key\_arn | KMS Key ARN to use a CMK instead of default shared key, when storage\_encrypted is true | `string` | `""` | no | | major\_engine\_version | Specifies the major version of the engine that this option group should be associated with | `string` | `""` | no | | max\_allocated\_storage | Argument higher than the allocated\_storage to enable Storage Autoscaling, size in GB. 0 to disable Storage Autoscaling | `number` | `0` | no | +| monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | `number` | `0` | no | | multi\_az | Deploy multi-az instance database | `bool` | `false` | no | | name | Name of this RDS Database | `string` | n/a | yes | | option\_group\_description | The description of the option group | `string` | `"Managed by Terraform"` | no |