diff --git a/README.md b/README.md index d0c3907..edb1a14 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ | cluster\_parameters | A list of Cluster parameters (map) to apply | `list(map(string))` | `[]` | no | | count\_aurora\_instances | Number of Aurora Instances | `number` | `"1"` | no | | create\_cluster\_parameter\_group | Whether to create a cluster parameter group | `bool` | `false` | no | -| create\_db\_option\_group | (Optional) Create a database option group | `bool` | `true` | no | +| create\_db\_option\_group | (Optional) Create a database option group | `bool` | `false` | no | | create\_db\_parameter\_group | Whether to create a database parameter group | `bool` | `false` | no | | create\_db\_subnet\_group | Create a Subnet group? | `bool` | `false` | no | | database\_name | Database Name | `string` | `""` | no | @@ -39,6 +39,7 @@ | db\_subnet\_group\_subnet\_ids | List of Subnet IDs for the RDS Subnet Group | `list(any)` | `[]` | no | | db\_type | Valid values are: rds, aurora or serverless | `string` | n/a | yes | | deletion\_protection | The database can't be deleted when this value is set to true. | `bool` | `false` | no | +| enabled\_cloudwatch\_logs\_exports | (Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine) | `any` | `null` | no | | engine | n/a | `string` | n/a | yes | | engine\_version | n/a | `string` | `""` | no | | environment\_name | Environment name to use as a prefix to this DB | `string` | n/a | yes | @@ -54,12 +55,14 @@ | option\_group\_description | The description of the option group | `string` | `"Managed by Terraform"` | no | | option\_group\_name | Name of the option group | `string` | `null` | no | | option\_group\_use\_name\_prefix | Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix | `bool` | `true` | no | +| option\_name | (Required) The Name of the Option | `string` | `""` | no | | options | A list of Options to apply. | `any` | `[]` | no | | parameter\_group\_description | The description of the DB parameter group | `string` | `"Managed by Terraform"` | no | | parameter\_group\_name | Name of the DB parameter group to associate or create | `string` | `null` | no | | performance\_insights\_enabled | Enable performance insights on instance | `bool` | `false` | no | | port | Port number for this DB (usually 3306 for MySQL and 5432 for Postgres) | `number` | n/a | yes | | preferred\_backup\_window | Preferred Backup Window | `string` | `"07:00-09:00"` | no | +| publicly\_accessible | (Optional) Bool to control if instance is publicly accessible | `bool` | `false` | no | | retention | Snapshot retention period in days | `number` | n/a | yes | | secret\_method | Use ssm for SSM parameters store which is the default option, or secretsmanager for AWS Secrets Manager | `string` | `"ssm"` | no | | skip\_final\_snapshot | Skips the final snapshot if the database is destroyed programatically | `bool` | `false` | no | diff --git a/_variables.tf b/_variables.tf index 17a6629..c142b2c 100644 --- a/_variables.tf +++ b/_variables.tf @@ -202,7 +202,7 @@ variable "family" { variable "create_db_option_group" { description = "(Optional) Create a database option group" type = bool - default = true + default = false } variable "option_group_name" { @@ -268,3 +268,20 @@ variable "secret_method" { type = string default = "ssm" } + +variable "enabled_cloudwatch_logs_exports" { + description = "(Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine)" + default = null +} + +variable "option_name" { + description = "(Required) The Name of the Option" + type = string + default = "" +} + +variable "publicly_accessible" { + description = "(Optional) Bool to control if instance is publicly accessible" + type = bool + default = false +} \ No newline at end of file diff --git a/rds.tf b/rds.tf index 4b98552..f43b3ba 100644 --- a/rds.tf +++ b/rds.tf @@ -4,29 +4,32 @@ resource "random_string" "rds_db_password" { } resource "aws_db_instance" "rds_db" { - count = var.db_type == "rds" ? 1 : 0 - allocated_storage = var.allocated_storage - max_allocated_storage = var.max_allocated_storage - storage_type = "gp2" - engine = var.engine - engine_version = var.engine_version - instance_class = var.instance_class - name = var.database_name - backup_retention_period = var.retention - identifier = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier - username = var.user - password = random_string.rds_db_password.result - db_subnet_group_name = try(aws_db_subnet_group.rds_subnet_group[0].id, var.db_subnet_group_id) - vpc_security_group_ids = [aws_security_group.rds_db.id] - apply_immediately = var.apply_immediately - skip_final_snapshot = var.skip_final_snapshot - snapshot_identifier = var.snapshot_identifier != "" ? var.snapshot_identifier : null - kms_key_id = var.kms_key_arn - multi_az = var.multi_az - storage_encrypted = var.storage_encrypted - parameter_group_name = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : "" - deletion_protection = var.deletion_protection - performance_insights_enabled = var.performance_insights_enabled + count = var.db_type == "rds" ? 1 : 0 + publicly_accessible = var.publicly_accessible + allocated_storage = var.allocated_storage + max_allocated_storage = var.max_allocated_storage + storage_type = "gp2" + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + name = var.database_name + backup_retention_period = var.retention + identifier = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier + username = var.user + password = random_string.rds_db_password.result + db_subnet_group_name = try(aws_db_subnet_group.rds_subnet_group[0].id, var.db_subnet_group_id) + vpc_security_group_ids = [aws_security_group.rds_db.id] + apply_immediately = var.apply_immediately + skip_final_snapshot = var.skip_final_snapshot + snapshot_identifier = var.snapshot_identifier != "" ? var.snapshot_identifier : null + kms_key_id = var.kms_key_arn + multi_az = var.multi_az + storage_encrypted = var.storage_encrypted + parameter_group_name = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : "" + option_group_name = var.create_db_option_group == true ? aws_db_option_group.rds_custom_db_og[count.index].name : "" + deletion_protection = var.deletion_protection + performance_insights_enabled = var.performance_insights_enabled + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports tags = { Backup = var.backup @@ -37,8 +40,7 @@ resource "aws_db_instance" "rds_db" { resource "aws_db_parameter_group" "rds_custom_db_pg" { count = var.create_db_parameter_group ? 1 : 0 - name = var.parameter_group_name - #name_prefix = local.name_prefix + name = var.parameter_group_name description = var.parameter_group_description family = var.family @@ -55,6 +57,34 @@ resource "aws_db_parameter_group" "rds_custom_db_pg" { "Name" = var.parameter_group_name } + lifecycle { + create_before_destroy = true + } +} + + +resource "aws_db_option_group" "rds_custom_db_og" { + count = var.create_db_option_group ? 1 : 0 + + name = var.option_group_name + option_group_description = var.option_group_description + engine_name = var.engine + major_engine_version = var.major_engine_version + option { + option_name = var.option_name + dynamic "option_settings" { + for_each = var.options + content { + name = option_settings.value.name + value = option_settings.value.value + } + } + } + + tags = { + "Name" = var.option_group_name + } + lifecycle { create_before_destroy = true }