features: enabled_cloudwatch_logs_exports, publicly_accessible and op…

…tion_group_name (#9) * First commit * Fixed option_group description * Added option to public rds * terraform fmt * terraform-docs: automated update action Co-authored-by: jrpradojr <[email protected]>
DNXLabs · Nov 15, 2021 · e3a9703 · e3a9703
1 parent bf22ccf
commit e3a9703
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@
 | cluster\_parameters | A list of Cluster parameters (map) to apply | `list(map(string))` | `[]` | no |
 | count\_aurora\_instances | Number of Aurora Instances | `number` | `"1"` | no |
 | create\_cluster\_parameter\_group | Whether to create a cluster parameter group | `bool` | `false` | no |
-| create\_db\_option\_group | (Optional) Create a database option group | `bool` | `true` | no |
+| create\_db\_option\_group | (Optional) Create a database option group | `bool` | `false` | no |
 | create\_db\_parameter\_group | Whether to create a database parameter group | `bool` | `false` | no |
 | create\_db\_subnet\_group | Create a Subnet group? | `bool` | `false` | no |
 | database\_name | Database Name | `string` | `""` | no |
@@ -39,6 +39,7 @@
 | db\_subnet\_group\_subnet\_ids | List of Subnet IDs for the RDS Subnet Group | `list(any)` | `[]` | no |
 | db\_type | Valid values are: rds, aurora or serverless | `string` | n/a | yes |
 | deletion\_protection | The database can't be deleted when this value is set to true. | `bool` | `false` | no |
+| enabled\_cloudwatch\_logs\_exports | (Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine) | `any` | `null` | no |
 | engine | n/a | `string` | n/a | yes |
 | engine\_version | n/a | `string` | `""` | no |
 | environment\_name | Environment name to use as a prefix to this DB | `string` | n/a | yes |
@@ -54,12 +55,14 @@
 | option\_group\_description | The description of the option group | `string` | `"Managed by Terraform"` | no |
 | option\_group\_name | Name of the option group | `string` | `null` | no |
 | option\_group\_use\_name\_prefix | Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix | `bool` | `true` | no |
+| option\_name | (Required) The Name of the Option | `string` | `""` | no |
 | options | A list of Options to apply. | `any` | `[]` | no |
 | parameter\_group\_description | The description of the DB parameter group | `string` | `"Managed by Terraform"` | no |
 | parameter\_group\_name | Name of the DB parameter group to associate or create | `string` | `null` | no |
 | performance\_insights\_enabled | Enable performance insights on instance | `bool` | `false` | no |
 | port | Port number for this DB (usually 3306 for MySQL and 5432 for Postgres) | `number` | n/a | yes |
 | preferred\_backup\_window | Preferred Backup Window | `string` | `"07:00-09:00"` | no |
+| publicly\_accessible | (Optional) Bool to control if instance is publicly accessible | `bool` | `false` | no |
 | retention | Snapshot retention period in days | `number` | n/a | yes |
 | secret\_method | Use ssm for SSM parameters store which is the default option, or secretsmanager for AWS Secrets Manager | `string` | `"ssm"` | no |
 | skip\_final\_snapshot | Skips the final snapshot if the database is destroyed programatically | `bool` | `false` | no |

diff --git a/_variables.tf b/_variables.tf
@@ -202,7 +202,7 @@ variable "family" {
 variable "create_db_option_group" {
   description = "(Optional) Create a database option group"
   type        = bool
-  default     = true
+  default     = false
 }
 
 variable "option_group_name" {
@@ -268,3 +268,20 @@ variable "secret_method" {
   type        = string
   default     = "ssm"
 }
+
+variable "enabled_cloudwatch_logs_exports" {
+  description = "(Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine)"
+  default     = null
+}
+
+variable "option_name" {
+  description = "(Required) The Name of the Option"
+  type        = string
+  default     = ""
+}
+
+variable "publicly_accessible" {
+  description = "(Optional) Bool to control if instance is publicly accessible"
+  type        = bool
+  default     = false
+}
diff --git a/rds.tf b/rds.tf
@@ -4,29 +4,32 @@ resource "random_string" "rds_db_password" {
 }
 
 resource "aws_db_instance" "rds_db" {
-  count                        = var.db_type == "rds" ? 1 : 0
-  allocated_storage            = var.allocated_storage
-  max_allocated_storage        = var.max_allocated_storage
-  storage_type                 = "gp2"
-  engine                       = var.engine
-  engine_version               = var.engine_version
-  instance_class               = var.instance_class
-  name                         = var.database_name
-  backup_retention_period      = var.retention
-  identifier                   = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier
-  username                     = var.user
-  password                     = random_string.rds_db_password.result
-  db_subnet_group_name         = try(aws_db_subnet_group.rds_subnet_group[0].id, var.db_subnet_group_id)
-  vpc_security_group_ids       = [aws_security_group.rds_db.id]
-  apply_immediately            = var.apply_immediately
-  skip_final_snapshot          = var.skip_final_snapshot
-  snapshot_identifier          = var.snapshot_identifier != "" ? var.snapshot_identifier : null
-  kms_key_id                   = var.kms_key_arn
-  multi_az                     = var.multi_az
-  storage_encrypted            = var.storage_encrypted
-  parameter_group_name         = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : ""
-  deletion_protection          = var.deletion_protection
-  performance_insights_enabled = var.performance_insights_enabled
+  count                           = var.db_type == "rds" ? 1 : 0
+  publicly_accessible             = var.publicly_accessible
+  allocated_storage               = var.allocated_storage
+  max_allocated_storage           = var.max_allocated_storage
+  storage_type                    = "gp2"
+  engine                          = var.engine
+  engine_version                  = var.engine_version
+  instance_class                  = var.instance_class
+  name                            = var.database_name
+  backup_retention_period         = var.retention
+  identifier                      = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier
+  username                        = var.user
+  password                        = random_string.rds_db_password.result
+  db_subnet_group_name            = try(aws_db_subnet_group.rds_subnet_group[0].id, var.db_subnet_group_id)
+  vpc_security_group_ids          = [aws_security_group.rds_db.id]
+  apply_immediately               = var.apply_immediately
+  skip_final_snapshot             = var.skip_final_snapshot
+  snapshot_identifier             = var.snapshot_identifier != "" ? var.snapshot_identifier : null
+  kms_key_id                      = var.kms_key_arn
+  multi_az                        = var.multi_az
+  storage_encrypted               = var.storage_encrypted
+  parameter_group_name            = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : ""
+  option_group_name               = var.create_db_option_group == true ? aws_db_option_group.rds_custom_db_og[count.index].name : ""
+  deletion_protection             = var.deletion_protection
+  performance_insights_enabled    = var.performance_insights_enabled
+  enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
 
   tags = {
     Backup = var.backup
@@ -37,8 +40,7 @@ resource "aws_db_instance" "rds_db" {
 resource "aws_db_parameter_group" "rds_custom_db_pg" {
   count = var.create_db_parameter_group ? 1 : 0
 
-  name = var.parameter_group_name
-  #name_prefix = local.name_prefix
+  name        = var.parameter_group_name
   description = var.parameter_group_description
   family      = var.family
 
@@ -55,6 +57,34 @@ resource "aws_db_parameter_group" "rds_custom_db_pg" {
     "Name" = var.parameter_group_name
   }
 
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+
+resource "aws_db_option_group" "rds_custom_db_og" {
+  count = var.create_db_option_group ? 1 : 0
+
+  name                     = var.option_group_name
+  option_group_description = var.option_group_description
+  engine_name              = var.engine
+  major_engine_version     = var.major_engine_version
+  option {
+    option_name = var.option_name
+    dynamic "option_settings" {
+      for_each = var.options
+      content {
+        name  = option_settings.value.name
+        value = option_settings.value.value
+      }
+    }
+  }
+
+  tags = {
+    "Name" = var.option_group_name
+  }
+
   lifecycle {
     create_before_destroy = true
   }