chore: update upgrade document

README.md

@@ -270,7 +270,7 @@ Users have the ability to:
 | <a name="input_family"></a> [family](#input\_family) | The family of the DB parameter group | `string` | `null` | no |
 | <a name="input_final_snapshot_identifier_prefix"></a> [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The name which is prefixed to the final snapshot on cluster destroy | `string` | `"final"` | no |
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | `bool` | `false` | no |
-| <a name="input_identifier"></a> [identifier](#input\_identifier) | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | `string` | n/a | yes |
+| <a name="input_identifier"></a> [identifier](#input\_identifier) | The name of the RDS instance | `string` | n/a | yes |
 | <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | The instance type of the RDS instance | `string` | `null` | no |
 | <a name="input_iops"></a> [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1' | `number` | `0` | no |
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage\_encrypted is set to true and kms\_key\_id is not specified the default KMS key created in your account will be used | `string` | `null` | no |
@@ -312,7 +312,7 @@ Users have the ability to:
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | `map(string)` | `{}` | no |
 | <a name="input_timezone"></a> [timezone](#input\_timezone) | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information | `string` | `null` | no |
 | <a name="input_username"></a> [username](#input\_username) | Username for the master DB user | `string` | `null` | no |
-| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate | `list(string)` | `null` | no |
+| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate | `list(string)` | `[]` | no |
 
 ## Outputs
 

UPGRADE-4.0.md

@@ -6,35 +6,43 @@ If you find a bug, please open an issue with supporting configuration to reprodu
 
 ## List of backwards incompatible changes
 
-- Support for Terraform <=v0.12.x has been dropped; v0.13.1 is now the minimum supported version
+- Support for Terraform `<=v0.12.x` has been dropped; `v0.13.1` is now the minimum supported version
+- Terraform AWS provider minimum version is now `v4.0.0` in order to support the replacement of `var.name`(deprecated) for `var.db_name`
+- Separate RDS instance resource for MSSQL/SQLServer has been removed - all engines are supported under one resource
 - `storage_encrypted` is now set to `true` by default; was previously `false`
 - `create_random_password` is now set to `true` by default; was previously `false`
-- `random_password_length` is now set to 16 by default, was previously 10
+- `create_db_subnet_group` is now set to `false` by default; was previously `true`; typically a shared DB subnet group will be used, most likely from the VPC module
+- `random_password_length` is now set to `16` by default, was previously `10`
+- Random provider minimum version supported is now `v3.1.0`
+- `final_snapshot_identifier` no longer coalesces `var.final_snapshot_identifier` and instead relies on `var.final_snapshot_identifier_prefix` with a random suffix to avoid name collisions
 
 ## Additional changes
 
 ### Added
 
 - `latest_restorable_time` added to ignored changes
-- `restore_to_point_in_time` attribute added to MSSQL instance
+- `replica_mode` support added to DB instance
 
 ### Modified
 
-- AWS provider minimum supported version raised to v3.62 to support new attribute added
-- `password` is now set to `null` by default; was previously `""`
-- Outputs updated to use `try()` function
 - `username`, `password`, and `engine` are set to `null` when  a `replicate_source_db` or `snapshot_identifier` is provided; these values are already provided in the respective source
+- `engine_version` is set to `null` when a value is provided for `replicate_source_db`
 - `db_subnet_group_name` has been updated to use full name when prefix is enabled
+- `Name` tag removed from instance resource; name is set via `identifier` and not through tags; users can add back into the tags they provide if desired
+- Outputs have been updated to use `try()` syntax; local variable usage has been removed within outputs
+- `engine`, `major_engine_version`, `family`, `password`, `db_subnet_group_name`,`db_subnet_group_description`,`parameter_group_name`,
+`parameter_group_description`, `option_group_name`, `option_group_description` is now set to `null` by default; was previously `""`
+- `timeouts` is now set to `{}` by default; was previously a copy+paste of default value used by provider. This is a no-op but will show up in plans as a diff
 
 ### Variable and output changes
 
 1. Removed variables:
 
-    - None
+    - `final_snapshot_identifier`
 
 2. Renamed variables:
 
-    - None
+    - `name` (deprecated) -> `db_name`
 
 3. Added variables:
 
@@ -88,3 +96,13 @@ module "asg" {
   storage_encrypted = false
 }
 ```
+
+#### MSSQL/SQLServer
+
+For MSSSQL/SQLServer, users will want to rename the resource in their Terraform state to align with the flattened DB instance resource module in v4.x:
+
+```bash
+terraform state mv 'module.<module-name>.module.db_instance.aws_db_instance.this_mssql[0]' 'module.<module-name>.module.db_instance.aws_db_instance.this[0]'
+```
+
+Where `<module-name>` is the name of your module definition.

main.tf

@@ -1,6 +1,6 @@
 locals {
-  create_random_password = var.create_db_instance && var.create_random_password && var.snapshot_identifier != null
-  master_password        = local.create_random_password ? random_password.master_password[0].result : var.password
+  create_random_password = var.create_db_instance && var.create_random_password && var.snapshot_identifier == null
+  master_password        = try(random_password.master_password[0].result, var.password)
   db_subnet_group_name   = !var.cross_region_replica && var.replicate_source_db != null ? null : try(module.db_subnet_group.db_subnet_group_id, var.db_subnet_group_name)
 
   parameter_group_name_id = var.create_db_parameter_group ? module.db_parameter_group.db_parameter_group_id : var.parameter_group_name

modules/db_instance/main.tf

@@ -10,6 +10,7 @@ locals {
   username                = local.metadata_already_exists ? null : var.username
   password                = local.metadata_already_exists ? null : var.password
   engine                  = local.metadata_already_exists ? null : var.engine
+  engine_version          = var.replicate_source_db != null ? null : var.engine_version
 }
 
 # Ref. https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces
@@ -31,7 +32,7 @@ resource "aws_db_instance" "this" {
   identifier = var.identifier
 
   engine            = local.engine
-  engine_version    = var.engine_version
+  engine_version    = local.engine_version
   instance_class    = var.instance_class
   allocated_storage = var.allocated_storage
   storage_type      = var.storage_type

modules/db_instance/variables.tf

@@ -97,14 +97,12 @@ variable "username" {
   description = "Username for the master DB user"
   type        = string
   default     = null
-  sensitive   = true
 }
 
 variable "password" {
   description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file"
   type        = string
   default     = null
-  sensitive   = true
 }
 
 variable "port" {

variables.tf

@@ -1,5 +1,5 @@
 variable "identifier" {
-  description = "The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier"
+  description = "The name of the RDS instance"
   type        = string
 }
 
@@ -121,14 +121,12 @@ variable "username" {
   description = "Username for the master DB user"
   type        = string
   default     = null
-  sensitive   = true
 }
 
 variable "password" {
   description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file"
   type        = string
   default     = null
-  sensitive   = true
 }
 
 variable "port" {
@@ -140,7 +138,7 @@ variable "port" {
 variable "vpc_security_group_ids" {
   description = "List of VPC security groups to associate"
   type        = list(string)
-  default     = null
+  default     = []
 }
 
 variable "availability_zone" {