diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 093121e0..8a010fdd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.3 + rev: v1.64.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 7e95ac0e..3fa471f9 100644 --- a/README.md +++ b/README.md @@ -14,18 +14,16 @@ Root module calls these modules which can also be used separately to create inde ```hcl module "db" { source = "terraform-aws-modules/rds/aws" - version = "~> 3.0" identifier = "demodb" engine = "mysql" - engine_version = "5.7.19" - instance_class = "db.t2.large" + engine_version = "5.7.25" + instance_class = "db.t3a.large" allocated_storage = 5 - name = "demodb" + db_name = "demodb" username = "user" - password = "YourPwdShouldBeLongAndSecure!" port = "3306" iam_database_authentication_enabled = true @@ -47,7 +45,8 @@ module "db" { } # DB subnet group - subnet_ids = ["subnet-12345678", "subnet-87654321"] + create_db_subnet_group = true + subnet_ids = ["subnet-12345678", "subnet-87654321"] # DB parameter group family = "mysql5.7" @@ -105,8 +104,8 @@ module "db" { # Disable creation of parameter group - provide a parameter group or default to AWS default create_db_parameter_group = false - # Disable creation of subnet group - provide a subnet group - create_db_subnet_group = false + # Enable creation of subnet group (disabled by default) + create_db_subnet_group = true # Enable creation of monitoring IAM role create_monitoring_role = true @@ -206,8 +205,8 @@ Users have the ability to: | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | | [random](#requirement\_random) | >= 3.1 | ## Providers @@ -243,74 +242,74 @@ Users have the ability to: | [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for | `number` | `null` | no | | [backup\_window](#input\_backup\_window) | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance\_window | `string` | `null` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `null` | no | -| [character\_set\_name](#input\_character\_set\_name) | (Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no | -| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot (if final\_snapshot\_identifier is specified) | `bool` | `false` | no | +| [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation | `string` | `null` | no | +| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no | | [create\_db\_instance](#input\_create\_db\_instance) | Whether to create a database instance | `bool` | `true` | no | -| [create\_db\_option\_group](#input\_create\_db\_option\_group) | (Optional) Create a database option group | `bool` | `true` | no | +| [create\_db\_option\_group](#input\_create\_db\_option\_group) | Create a database option group | `bool` | `true` | no | | [create\_db\_parameter\_group](#input\_create\_db\_parameter\_group) | Whether to create a database parameter group | `bool` | `true` | no | -| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | -| [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | `bool` | `false` | no | -| [create\_random\_password](#input\_create\_random\_password) | Whether to create random password for RDS primary cluster | `bool` | `false` | no | +| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `false` | no | +| [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | `bool` | `false` | no | +| [create\_random\_password](#input\_create\_random\_password) | Whether to create random password for RDS primary cluster | `bool` | `true` | no | | [cross\_region\_replica](#input\_cross\_region\_replica) | Specifies if the replica should be cross region. It allows the use of a subnet group in a region different than the master instance | `bool` | `false` | no | | [db\_instance\_tags](#input\_db\_instance\_tags) | Additional tags for the DB instance | `map(string)` | `{}` | no | +| [db\_name](#input\_db\_name) | The DB name to create. If omitted, no database is created initially | `string` | `null` | no | | [db\_option\_group\_tags](#input\_db\_option\_group\_tags) | Additional tags for the DB option group | `map(string)` | `{}` | no | | [db\_parameter\_group\_tags](#input\_db\_parameter\_group\_tags) | Additional tags for the DB parameter group | `map(string)` | `{}` | no | -| [db\_subnet\_group\_description](#input\_db\_subnet\_group\_description) | Description of the DB subnet group to create | `string` | `""` | no | +| [db\_subnet\_group\_description](#input\_db\_subnet\_group\_description) | Description of the DB subnet group to create | `string` | `null` | no | | [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | `string` | `null` | no | | [db\_subnet\_group\_tags](#input\_db\_subnet\_group\_tags) | Additional tags for the DB subnet group | `map(string)` | `{}` | no | | [db\_subnet\_group\_use\_name\_prefix](#input\_db\_subnet\_group\_use\_name\_prefix) | Determines whether to use `subnet_group_name` as is or create a unique name beginning with the `subnet_group_name` as the prefix | `bool` | `true` | no | | [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB instance is deleted | `bool` | `true` | no | -| [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true. | `bool` | `false` | no | +| [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true | `bool` | `false` | no | | [domain](#input\_domain) | The ID of the Directory Service Active Directory domain to create the instance in | `string` | `null` | no | | [domain\_iam\_role\_name](#input\_domain\_iam\_role\_name) | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | `string` | `null` | no | -| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | The database engine to use | `string` | `""` | no | +| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL) | `list(string)` | `[]` | no | +| [engine](#input\_engine) | The database engine to use | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | The engine version to use | `string` | `null` | no | -| [family](#input\_family) | The family of the DB parameter group | `string` | `""` | no | -| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | The name of your final DB snapshot when this DB instance is deleted. | `string` | `null` | no | +| [family](#input\_family) | The family of the DB parameter group | `string` | `null` | no | | [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The name which is prefixed to the final snapshot on cluster destroy | `string` | `"final"` | no | | [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | `bool` | `false` | no | -| [identifier](#input\_identifier) | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | `string` | n/a | yes | +| [identifier](#input\_identifier) | The name of the RDS instance | `string` | n/a | yes | | [instance\_class](#input\_instance\_class) | The instance type of the RDS instance | `string` | `null` | no | | [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1' | `number` | `0` | no | | [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage\_encrypted is set to true and kms\_key\_id is not specified the default KMS key created in your account will be used | `string` | `null` | no | | [license\_model](#input\_license\_model) | License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 | `string` | `null` | no | | [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | `string` | `null` | no | -| [major\_engine\_version](#input\_major\_engine\_version) | Specifies the major version of the engine that this option group should be associated with | `string` | `""` | no | +| [major\_engine\_version](#input\_major\_engine\_version) | Specifies the major version of the engine that this option group should be associated with | `string` | `null` | no | | [max\_allocated\_storage](#input\_max\_allocated\_storage) | Specifies the value for Storage Autoscaling | `number` | `0` | no | -| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | `number` | `0` | no | -| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero. | `string` | `null` | no | +| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60 | `number` | `0` | no | +| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero | `string` | `null` | no | | [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no | -| [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled. | `string` | `"rds-monitoring-role"` | no | +| [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled | `string` | `"rds-monitoring-role"` | no | | [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no | -| [name](#input\_name) | The DB name to create. If omitted, no database is created initially | `string` | `null` | no | -| [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `""` | no | +| [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `null` | no | | [option\_group\_name](#input\_option\_group\_name) | Name of the option group | `string` | `null` | no | -| [option\_group\_timeouts](#input\_option\_group\_timeouts) | Define maximum timeout for deletion of `aws_db_option_group` resource | `map(string)` | 
{
  "delete": "15m"
}
| no | +| [option\_group\_timeouts](#input\_option\_group\_timeouts) | Define maximum timeout for deletion of `aws_db_option_group` resource | `map(string)` | `{}` | no | | [option\_group\_use\_name\_prefix](#input\_option\_group\_use\_name\_prefix) | Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix | `bool` | `true` | no | -| [options](#input\_options) | A list of Options to apply. | `any` | `[]` | no | -| [parameter\_group\_description](#input\_parameter\_group\_description) | Description of the DB parameter group to create | `string` | `""` | no | +| [options](#input\_options) | A list of Options to apply | `any` | `[]` | no | +| [parameter\_group\_description](#input\_parameter\_group\_description) | Description of the DB parameter group to create | `string` | `null` | no | | [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate or create | `string` | `null` | no | | [parameter\_group\_use\_name\_prefix](#input\_parameter\_group\_use\_name\_prefix) | Determines whether to use `parameter_group_name` as is or create a unique name beginning with the `parameter_group_name` as the prefix | `bool` | `true` | no | | [parameters](#input\_parameters) | A list of DB parameters (map) to apply | `list(map(string))` | `[]` | no | -| [password](#input\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | `string` | `""` | no | +| [password](#input\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | `string` | `null` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | -| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. | `string` | `null` | no | -| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | +| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data | `string` | `null` | no | +| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | `number` | `7` | no | | [port](#input\_port) | The port on which the DB accepts connections | `string` | `null` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible | `bool` | `false` | no | -| [random\_password\_length](#input\_random\_password\_length) | (Optional) Length of random password to create. (default: 10) | `number` | `10` | no | -| [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. | `string` | `null` | no | +| [random\_password\_length](#input\_random\_password\_length) | Length of random password to create | `number` | `16` | no | +| [replica\_mode](#input\_replica\_mode) | Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified | `string` | `null` | no | +| [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate | `string` | `null` | no | | [restore\_to\_point\_in\_time](#input\_restore\_to\_point\_in\_time) | Restore to a point in time (MySQL is NOT supported) | `map(string)` | `null` | no | | [s3\_import](#input\_s3\_import) | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | `map(string)` | `null` | no | -| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final\_snapshot\_identifier | `bool` | `false` | no | -| [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | `string` | `null` | no | -| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB instance is encrypted | `bool` | `false` | no | -| [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. | `string` | `null` | no | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted | `bool` | `false` | no | +| [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05 | `string` | `null` | no | +| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB instance is encrypted | `bool` | `true` | no | +| [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not | `string` | `null` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of VPC subnet IDs | `list(string)` | `[]` | no | | [tags](#input\_tags) | A mapping of tags to assign to all resources | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | (Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | `map(string)` | 
{
  "create": "40m",
  "delete": "40m",
  "update": "80m"
}
| no | -| [timezone](#input\_timezone) | (Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | `string` | `null` | no | +| [timeouts](#input\_timeouts) | Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | `map(string)` | `{}` | no | +| [timezone](#input\_timezone) | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information | `string` | `null` | no | | [username](#input\_username) | Username for the master DB user | `string` | `null` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate | `list(string)` | `[]` | no | diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md new file mode 100644 index 00000000..403167c9 --- /dev/null +++ b/UPGRADE-4.0.md @@ -0,0 +1,108 @@ +# Upgrade from v3.x to v4.x + +If you have any questions regarding this upgrade process, please consult the [`examples/`](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples) projects: + +If you find a bug, please open an issue with supporting configuration to reproduce. + +## List of backwards incompatible changes + +- Support for Terraform `<=v0.12.x` has been dropped; `v0.13.1` is now the minimum supported version +- Terraform AWS provider minimum version is now `v4.0.0` in order to support the replacement of `var.name`(deprecated) for `var.db_name` +- Separate RDS instance resource for MSSQL/SQLServer has been removed - all engines are supported under one resource +- `storage_encrypted` is now set to `true` by default; was previously `false` +- `create_random_password` is now set to `true` by default; was previously `false` +- `create_db_subnet_group` is now set to `false` by default; was previously `true`; typically a shared DB subnet group will be used, most likely from the VPC module +- `random_password_length` is now set to `16` by default, was previously `10` +- Random provider minimum version supported is now `v3.1.0` +- `final_snapshot_identifier` no longer coalesces `var.final_snapshot_identifier` and instead relies on `var.final_snapshot_identifier_prefix` with a random suffix to avoid name collisions + +## Additional changes + +### Added + +- `latest_restorable_time` added to ignored changes +- `replica_mode` support added to DB instance + +### Modified + +- `username`, `password`, and `engine` are set to `null` when a `replicate_source_db` or `snapshot_identifier` is provided; these values are already provided in the respective source +- `engine_version` is set to `null` when a value is provided for `replicate_source_db` +- `db_subnet_group_name` has been updated to use full name when prefix is enabled +- `Name` tag removed from instance resource; name is set via `identifier` and not through tags; users can add back into the tags they provide if desired +- Outputs have been updated to use `try()` syntax; local variable usage has been removed within outputs +- `engine`, `major_engine_version`, `family`, `password`, `db_subnet_group_name`,`db_subnet_group_description`,`parameter_group_name`, +`parameter_group_description`, `option_group_name`, `option_group_description` is now set to `null` by default; was previously `""` +- `timeouts` is now set to `{}` by default; was previously a copy+paste of default value used by provider. This is a no-op but will show up in plans as a diff + +### Variable and output changes + +1. Removed variables: + + - `final_snapshot_identifier` + +2. Renamed variables: + + - `name` (deprecated) -> `db_name` + +3. Added variables: + + - `replica_mode` + +4. Removed outputs: + + - None + +5. Renamed outputs: + + - None + +6. Added outputs: + + - None + +## Upgrade Migrations + +The following examples demonstrate some of the changes that users can elect to make to avoid any potential disruptions when upgrading. + +### Before 3.x Example + +```hcl +module "rds" { + source = "terraform-aws-modules/rds/aws" + version = "~> 3.0" + + master_password = "MySuperStrongPassword!" + + # Previously on read-replicas or restored from snapshot instances you needed to explicitly set these to null + # These can now be safely removed and instead on the module to resolve these appropriately + username = null + password = null + engine = null +} +``` + +### After 4.x Example + +```hcl +module "asg" { + source = "terraform-aws-modules/rds/aws" + version = "~> 4.0" + + master_password = "MySuperStrongPassword!" + # Set random password creation to false if providing your own password as input + create_random_password = false + + # If you did not have storage encrypted in `v3.x`, you can explicitly disable in `v4.x` to avoid disruption + storage_encrypted = false +} +``` + +#### MSSQL/SQLServer + +For MSSSQL/SQLServer, users will want to rename the resource in their Terraform state to align with the flattened DB instance resource module in v4.x: + +```bash +terraform state mv 'module..module.db_instance.aws_db_instance.this_mssql[0]' 'module..module.db_instance.aws_db_instance.this[0]' +``` + +Where `` is the name of your module definition. diff --git a/examples/complete-mssql/README.md b/examples/complete-mssql/README.md index b39ab3f1..221bc868 100644 --- a/examples/complete-mssql/README.md +++ b/examples/complete-mssql/README.md @@ -19,14 +19,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | +| [aws](#provider\_aws) | >= 4.0 | ## Modules @@ -34,8 +34,8 @@ Note that this example may create resources which cost money. Run `terraform des |------|--------|---------| | [db](#module\_db) | ../../ | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/complete-mssql/main.tf b/examples/complete-mssql/main.tf index 6d0ae7a4..d71e373c 100644 --- a/examples/complete-mssql/main.tf +++ b/examples/complete-mssql/main.tf @@ -17,7 +17,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -34,7 +34,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Complete SqlServer example security group" @@ -116,20 +116,16 @@ module "db" { identifier = local.name engine = "sqlserver-ex" - engine_version = "15.00.4073.23.v1" + engine_version = "15.00.4153.1.v1" family = "sqlserver-ex-15.0" # DB parameter group major_engine_version = "15.00" # DB option group instance_class = "db.t3.large" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false - name = null - username = "complete_mssql" - create_random_password = true - random_password_length = 12 - port = 1433 + username = "complete_mssql" + port = 1433 domain = aws_directory_service_directory.demo.id domain_iam_role_name = aws_iam_role.rds_ad_auth.name @@ -166,7 +162,6 @@ module "db_disabled" { identifier = "${local.name}-disabled" create_db_instance = false - create_db_subnet_group = false create_db_parameter_group = false create_db_option_group = false } diff --git a/examples/complete-mssql/versions.tf b/examples/complete-mssql/versions.tf index a5953db4..3752560a 100644 --- a/examples/complete-mssql/versions.tf +++ b/examples/complete-mssql/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/complete-mysql/README.md b/examples/complete-mysql/README.md index aa31a35b..7f85e4e3 100644 --- a/examples/complete-mysql/README.md +++ b/examples/complete-mysql/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -33,8 +33,8 @@ No providers. | [db](#module\_db) | ../../ | n/a | | [db\_default](#module\_db\_default) | ../../ | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/complete-mysql/main.tf b/examples/complete-mysql/main.tf index 24e7306d..7f78f946 100644 --- a/examples/complete-mysql/main.tf +++ b/examples/complete-mysql/main.tf @@ -17,7 +17,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -34,7 +34,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Complete MySQL example security group" @@ -65,18 +65,16 @@ module "db" { # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false - name = "completeMysql" + db_name = "completeMysql" username = "complete_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 multi_az = true @@ -132,18 +130,16 @@ module "db_default" { # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 - name = "completeMysql" - username = "complete_mysql" - create_random_password = true - random_password_length = 12 - port = 3306 + db_name = "completeMysql" + username = "complete_mysql" + port = 3306 subnet_ids = module.vpc.database_subnets vpc_security_group_ids = [module.security_group.security_group_id] @@ -162,7 +158,6 @@ module "db_disabled" { identifier = "${local.name}-disabled" create_db_instance = false - create_db_subnet_group = false create_db_parameter_group = false create_db_option_group = false } diff --git a/examples/complete-mysql/versions.tf b/examples/complete-mysql/versions.tf index a5953db4..3752560a 100644 --- a/examples/complete-mysql/versions.tf +++ b/examples/complete-mysql/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/complete-oracle/README.md b/examples/complete-oracle/README.md index 3e842a2a..8392470c 100644 --- a/examples/complete-oracle/README.md +++ b/examples/complete-oracle/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -32,8 +32,8 @@ No providers. |------|--------|---------| | [db](#module\_db) | ../../ | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/complete-oracle/main.tf b/examples/complete-oracle/main.tf index 45720cb7..753d4b18 100644 --- a/examples/complete-oracle/main.tf +++ b/examples/complete-oracle/main.tf @@ -17,7 +17,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -34,7 +34,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Complete Oracle example security group" @@ -64,22 +64,19 @@ module "db" { identifier = "demodb-oracle" engine = "oracle-ee" - engine_version = "12.1.0.2.v8" - family = "oracle-ee-12.1" # DB parameter group - major_engine_version = "12.1" # DB option group + engine_version = "19.0.0.0.ru-2021-10.rur-2021-10.r1" + family = "oracle-ee-19.0" # DB parameter group + major_engine_version = "19.0" # DB option group instance_class = "db.t3.large" license_model = "bring-your-own-license" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time - name = "COMPLETEORACLE" - username = "complete_oracle" - create_random_password = true - random_password_length = 12 - port = 1521 + db_name = "COMPLETEORACLE" + username = "complete_oracle" + port = 1521 multi_az = true subnet_ids = module.vpc.database_subnets @@ -109,7 +106,6 @@ module "db_disabled" { identifier = "${local.name}-disabled" create_db_instance = false - create_db_subnet_group = false create_db_parameter_group = false create_db_option_group = false } diff --git a/examples/complete-oracle/versions.tf b/examples/complete-oracle/versions.tf index a5953db4..3752560a 100644 --- a/examples/complete-oracle/versions.tf +++ b/examples/complete-oracle/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/complete-postgres/README.md b/examples/complete-postgres/README.md index eff2b7d6..6984ee4d 100644 --- a/examples/complete-postgres/README.md +++ b/examples/complete-postgres/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -33,8 +33,8 @@ No providers. | [db](#module\_db) | ../../ | n/a | | [db\_default](#module\_db\_default) | ../../ | n/a | | [db\_disabled](#module\_db\_disabled) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/complete-postgres/main.tf b/examples/complete-postgres/main.tf index fa70ef93..6e0edf94 100644 --- a/examples/complete-postgres/main.tf +++ b/examples/complete-postgres/main.tf @@ -17,7 +17,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -34,7 +34,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Complete PostgreSQL example security group" @@ -65,25 +65,23 @@ module "db" { # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts engine = "postgres" - engine_version = "11.10" - family = "postgres11" # DB parameter group - major_engine_version = "11" # DB option group - instance_class = "db.t3.large" + engine_version = "14.1" + family = "postgres14" # DB parameter group + major_engine_version = "14" # DB option group + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false # NOTE: Do NOT use 'user' as the value for 'username' as it throws: # "Error creating DB Instance: InvalidParameterValue: MasterUsername # user cannot be used as it is a reserved word used by the engine" - name = "completePostgresql" + db_name = "completePostgresql" username = "complete_postgresql" - password = "YourPwdShouldBeLongAndSecure!" port = 5432 multi_az = true - subnet_ids = module.vpc.database_subnets + db_subnet_group_name = module.vpc.database_subnet_group vpc_security_group_ids = [module.security_group.security_group_id] maintenance_window = "Mon:00:00-Mon:03:00" @@ -119,12 +117,8 @@ module "db" { db_parameter_group_tags = { "Sensitive" = "low" } - db_subnet_group_tags = { - "Sensitive" = "high" - } } - module "db_default" { source = "../../" @@ -135,28 +129,25 @@ module "db_default" { # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts engine = "postgres" - engine_version = "11.10" - family = "postgres11" # DB parameter group - major_engine_version = "11" # DB option group - instance_class = "db.t3.large" + engine_version = "14.1" + family = "postgres14" # DB parameter group + major_engine_version = "14" # DB option group + instance_class = "db.t3a.large" allocated_storage = 20 # NOTE: Do NOT use 'user' as the value for 'username' as it throws: # "Error creating DB Instance: InvalidParameterValue: MasterUsername # user cannot be used as it is a reserved word used by the engine" - name = "completePostgresql" - username = "complete_postgresql" - create_random_password = true - random_password_length = 12 - port = 5432 + db_name = "completePostgresql" + username = "complete_postgresql" + port = 5432 - subnet_ids = module.vpc.database_subnets + db_subnet_group_name = module.vpc.database_subnet_group vpc_security_group_ids = [module.security_group.security_group_id] - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" backup_retention_period = 0 tags = local.tags @@ -168,7 +159,6 @@ module "db_disabled" { identifier = "${local.name}-disabled" create_db_instance = false - create_db_subnet_group = false create_db_parameter_group = false create_db_option_group = false } diff --git a/examples/complete-postgres/versions.tf b/examples/complete-postgres/versions.tf index a5953db4..3752560a 100644 --- a/examples/complete-postgres/versions.tf +++ b/examples/complete-postgres/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/cross-region-replica-postgres/README.md b/examples/cross-region-replica-postgres/README.md index 027bc4f6..321c28b4 100644 --- a/examples/cross-region-replica-postgres/README.md +++ b/examples/cross-region-replica-postgres/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -32,10 +32,10 @@ No providers. |------|--------|---------| | [master](#module\_master) | ../../ | n/a | | [replica](#module\_replica) | ../../ | n/a | -| [security\_group\_region1](#module\_security\_group\_region1) | terraform-aws-modules/security-group/aws | ~> 4 | -| [security\_group\_region2](#module\_security\_group\_region2) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc\_region1](#module\_vpc\_region1) | terraform-aws-modules/vpc/aws | ~> 2.0 | -| [vpc\_region2](#module\_vpc\_region2) | terraform-aws-modules/vpc/aws | ~> 2.0 | +| [security\_group\_region1](#module\_security\_group\_region1) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [security\_group\_region2](#module\_security\_group\_region2) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc\_region1](#module\_vpc\_region1) | terraform-aws-modules/vpc/aws | ~> 3.0 | +| [vpc\_region2](#module\_vpc\_region2) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/cross-region-replica-postgres/main.tf b/examples/cross-region-replica-postgres/main.tf index 13de2e65..1f604fee 100644 --- a/examples/cross-region-replica-postgres/main.tf +++ b/examples/cross-region-replica-postgres/main.tf @@ -17,10 +17,10 @@ locals { } engine = "postgres" - engine_version = "11.10" - family = "postgres11" # DB parameter group - major_engine_version = "11" # DB option group - instance_class = "db.t3.large" + engine_version = "14.1" + family = "postgres14" # DB parameter group + major_engine_version = "14" # DB option group + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 port = 5432 @@ -33,7 +33,7 @@ locals { module "vpc_region1" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2.0" + version = "~> 3.0" name = local.name cidr = "10.100.0.0/18" @@ -50,7 +50,7 @@ module "vpc_region1" { module "security_group_region1" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Replica PostgreSQL example security group" @@ -72,7 +72,7 @@ module "security_group_region1" { module "vpc_region2" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2.0" + version = "~> 3.0" providers = { aws = aws.region2 @@ -93,7 +93,7 @@ module "vpc_region2" { module "security_group_region2" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" providers = { aws = aws.region2 @@ -134,15 +134,12 @@ module "master" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false - name = "replicaPostgresql" + db_name = "replicaPostgresql" username = "replica_postgresql" - password = "YourPwdShouldBeLongAndSecure!" port = local.port multi_az = true - create_db_subnet_group = false db_subnet_group_name = module.vpc_region1.database_subnet_group_name vpc_security_group_ids = [module.security_group_region1.security_group_id] @@ -172,8 +169,9 @@ module "replica" { identifier = "${local.name}-replica" # Source database. For cross-region use db_instance_arn - replicate_source_db = module.master.db_instance_arn - cross_region_replica = true + replicate_source_db = module.master.db_instance_arn + cross_region_replica = true + create_random_password = false engine = local.engine engine_version = local.engine_version @@ -183,7 +181,6 @@ module "replica" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false # Username and password should not be set for replicas username = null @@ -202,8 +199,7 @@ module "replica" { deletion_protection = false # Must create or specify a subnet group since the replica is on another region - create_db_subnet_group = false - db_subnet_group_name = module.vpc_region2.database_subnet_group_name + db_subnet_group_name = module.vpc_region2.database_subnet_group_name tags = local.tags } diff --git a/examples/cross-region-replica-postgres/versions.tf b/examples/cross-region-replica-postgres/versions.tf index a5953db4..3752560a 100644 --- a/examples/cross-region-replica-postgres/versions.tf +++ b/examples/cross-region-replica-postgres/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/enhanced-monitoring/README.md b/examples/enhanced-monitoring/README.md index c0bf6ab1..48b980ca 100644 --- a/examples/enhanced-monitoring/README.md +++ b/examples/enhanced-monitoring/README.md @@ -21,22 +21,22 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | +| [aws](#provider\_aws) | >= 4.0 | ## Modules | Name | Source | Version | |------|--------|---------| | [db](#module\_db) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/enhanced-monitoring/main.tf b/examples/enhanced-monitoring/main.tf index bd815800..aed51c90 100644 --- a/examples/enhanced-monitoring/main.tf +++ b/examples/enhanced-monitoring/main.tf @@ -17,7 +17,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -34,7 +34,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Enhanced monitoring MySQL example security group" @@ -94,18 +94,16 @@ module "db" { # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false - name = "completeMysql" + db_name = "completeMysql" username = "complete_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 multi_az = true diff --git a/examples/enhanced-monitoring/versions.tf b/examples/enhanced-monitoring/versions.tf index a5953db4..3752560a 100644 --- a/examples/enhanced-monitoring/versions.tf +++ b/examples/enhanced-monitoring/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/groups/README.md b/examples/groups/README.md index 679018ff..85566cef 100644 --- a/examples/groups/README.md +++ b/examples/groups/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers diff --git a/examples/groups/main.tf b/examples/groups/main.tf index dcebfd98..90ff45a4 100644 --- a/examples/groups/main.tf +++ b/examples/groups/main.tf @@ -24,22 +24,18 @@ module "default_postgres" { # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithOptionGroups.html parameter_group_name = "${local.name}-default-postgresql" + db_subnet_group_name = "foo" - db_subnet_group_name = "foo" - create_db_subnet_group = false - - # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts create_db_instance = false engine = "postgres" - engine_version = "11.10" - family = "postgres11" # DB parameter group - major_engine_version = "11" # DB option group - instance_class = "db.t3.large" + engine_version = "14.1" + family = "postgres14" # DB parameter group + major_engine_version = "14" # DB option group + instance_class = "db.t3a.large" allocated_storage = 20 username = "option_groups_postgresql" - password = "YourPwdShouldBeLongAndSecure!" port = 5432 maintenance_window = "Mon:00:00-Mon:03:00" @@ -57,25 +53,20 @@ module "default_mysql" { identifier = local.name - option_group_name = "${local.name}-default-mysql" - + option_group_name = "${local.name}-default-mysql" parameter_group_name = "${local.name}-default-mysql" + db_subnet_group_name = "foo" - db_subnet_group_name = "foo" - create_db_subnet_group = false - - # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts create_db_instance = false engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 username = "option_groups_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" @@ -99,21 +90,18 @@ module "default_mysql_name" { parameter_group_name = "${local.name}-default-mysql-name" parameter_group_use_name_prefix = false - db_subnet_group_name = "foo" - create_db_subnet_group = false + db_subnet_group_name = "foo" - # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts create_db_instance = false engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 username = "option_groups_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" @@ -134,21 +122,18 @@ module "default_mysql_default_aws" { create_db_option_group = false create_db_parameter_group = false - db_subnet_group_name = "foo" - create_db_subnet_group = false + db_subnet_group_name = "foo" - # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts create_db_instance = false engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 username = "option_groups_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" @@ -172,21 +157,18 @@ module "byo_mysql" { create_db_parameter_group = false parameter_group_name = "bringMyOwnParameterGroupName" - db_subnet_group_name = "foo" - create_db_subnet_group = false + db_subnet_group_name = "foo" - # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts create_db_instance = false engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 username = "option_groups_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 maintenance_window = "Mon:00:00-Mon:03:00" diff --git a/examples/groups/versions.tf b/examples/groups/versions.tf index a5953db4..3752560a 100644 --- a/examples/groups/versions.tf +++ b/examples/groups/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/replica-mysql/README.md b/examples/replica-mysql/README.md index 5cabccf4..a6401bfa 100644 --- a/examples/replica-mysql/README.md +++ b/examples/replica-mysql/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -32,8 +32,8 @@ No providers. |------|--------|---------| | [master](#module\_master) | ../../ | n/a | | [replica](#module\_replica) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2.0 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/replica-mysql/main.tf b/examples/replica-mysql/main.tf index 91f858bb..5ecffd57 100644 --- a/examples/replica-mysql/main.tf +++ b/examples/replica-mysql/main.tf @@ -11,10 +11,10 @@ locals { } engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 port = 3306 @@ -27,7 +27,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2.0" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -44,7 +44,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Replica MySQL example security group" @@ -81,15 +81,12 @@ module "master" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false - name = "replicaMysql" + db_name = "replicaMysql" username = "replica_mysql" - password = "YourPwdShouldBeLongAndSecure!" port = local.port multi_az = true - create_db_subnet_group = false db_subnet_group_name = module.vpc.database_subnet_group_name vpc_security_group_ids = [module.security_group.security_group_id] @@ -115,7 +112,8 @@ module "replica" { identifier = "${local.name}-replica" # Source database. For cross-region use db_instance_arn - replicate_source_db = module.master.db_instance_id + replicate_source_db = module.master.db_instance_id + create_random_password = false engine = local.engine engine_version = local.engine_version @@ -125,12 +123,8 @@ module "replica" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false - # Username and password should not be set for replicas - username = null - password = null - port = local.port + port = local.port multi_az = false vpc_security_group_ids = [module.security_group.security_group_id] @@ -143,8 +137,5 @@ module "replica" { skip_final_snapshot = true deletion_protection = false - # Not allowed to specify a subnet group for replicas in the same region - create_db_subnet_group = false - tags = local.tags } diff --git a/examples/replica-mysql/versions.tf b/examples/replica-mysql/versions.tf index a5953db4..3752560a 100644 --- a/examples/replica-mysql/versions.tf +++ b/examples/replica-mysql/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/replica-postgres/README.md b/examples/replica-postgres/README.md index b0cf3af2..d3f64355 100644 --- a/examples/replica-postgres/README.md +++ b/examples/replica-postgres/README.md @@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | ## Providers @@ -32,8 +32,8 @@ No providers. |------|--------|---------| | [master](#module\_master) | ../../ | n/a | | [replica](#module\_replica) | ../../ | n/a | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2.0 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources diff --git a/examples/replica-postgres/main.tf b/examples/replica-postgres/main.tf index 7bc2e0e4..a43808ef 100644 --- a/examples/replica-postgres/main.tf +++ b/examples/replica-postgres/main.tf @@ -11,10 +11,10 @@ locals { } engine = "postgres" - engine_version = "11.10" - family = "postgres11" # DB parameter group - major_engine_version = "11" # DB option group - instance_class = "db.t3.large" + engine_version = "14.1" + family = "postgres14" # DB parameter group + major_engine_version = "14" # DB option group + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 port = 5432 @@ -27,7 +27,7 @@ locals { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2.0" + version = "~> 3.0" name = local.name cidr = "10.99.0.0/18" @@ -44,7 +44,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "Replica PostgreSQL example security group" @@ -81,15 +81,12 @@ module "master" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false - name = "replicaPostgresql" + db_name = "replicaPostgresql" username = "replica_postgresql" - password = "YourPwdShouldBeLongAndSecure!" port = local.port multi_az = true - create_db_subnet_group = false db_subnet_group_name = module.vpc.database_subnet_group_name vpc_security_group_ids = [module.security_group.security_group_id] @@ -101,6 +98,7 @@ module "master" { backup_retention_period = 1 skip_final_snapshot = true deletion_protection = false + storage_encrypted = false tags = local.tags } @@ -115,7 +113,8 @@ module "replica" { identifier = "${local.name}-replica" # Source database. For cross-region use db_instance_arn - replicate_source_db = module.master.db_instance_id + replicate_source_db = module.master.db_instance_id + create_random_password = false engine = local.engine engine_version = local.engine_version @@ -125,12 +124,8 @@ module "replica" { allocated_storage = local.allocated_storage max_allocated_storage = local.max_allocated_storage - storage_encrypted = false - # Username and password should not be set for replicas - username = null - password = null - port = local.port + port = local.port multi_az = false vpc_security_group_ids = [module.security_group.security_group_id] @@ -142,9 +137,7 @@ module "replica" { backup_retention_period = 0 skip_final_snapshot = true deletion_protection = false - - # Not allowed to specify a subnet group for replicas in the same region - create_db_subnet_group = false + storage_encrypted = false tags = local.tags } diff --git a/examples/replica-postgres/versions.tf b/examples/replica-postgres/versions.tf index a5953db4..3752560a 100644 --- a/examples/replica-postgres/versions.tf +++ b/examples/replica-postgres/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } } } diff --git a/examples/s3-import-mysql/README.md b/examples/s3-import-mysql/README.md index e2eb86bd..3293039f 100644 --- a/examples/s3-import-mysql/README.md +++ b/examples/s3-import-mysql/README.md @@ -48,25 +48,24 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | -| [random](#requirement\_random) | >= 3.0 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | +| [random](#requirement\_random) | >= 3.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | -| [random](#provider\_random) | >= 3.0 | +| [aws](#provider\_aws) | >= 4.0 | +| [random](#provider\_random) | >= 3.1 | ## Modules | Name | Source | Version | |------|--------|---------| | [db](#module\_db) | ../../ | n/a | -| [import\_s3\_bucket](#module\_import\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 | -| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4 | -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 2.0 | +| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | ## Resources @@ -74,6 +73,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|------| | [aws_iam_role.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_s3_bucket.import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | | [aws_iam_policy_document.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.s3_import_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/examples/s3-import-mysql/main.tf b/examples/s3-import-mysql/main.tf index 2b69fb8b..97ff7f4c 100644 --- a/examples/s3-import-mysql/main.tf +++ b/examples/s3-import-mysql/main.tf @@ -21,7 +21,7 @@ resource "random_pet" "this" { module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "~> 2.0" + version = "~> 3.0" name = local.name cidr = "10.0.0.0/18" @@ -41,7 +41,7 @@ module "vpc" { module "security_group" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 4.0" name = local.name description = "S3 import VPC example security group" @@ -80,17 +80,25 @@ module "security_group" { tags = local.tags } -module "import_s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 2.0" - +# Temporary work around until S3 module is updated to support v4.x +resource "aws_s3_bucket" "import" { bucket = "${local.name}-${random_pet.this.id}" - acl = "private" force_destroy = true tags = local.tags } +# module "import_s3_bucket" { +# source = "terraform-aws-modules/s3-bucket/aws" +# version = "~> 2.0" + +# bucket = "${local.name}-${random_pet.this.id}" +# acl = "private" +# force_destroy = true + +# tags = local.tags +# } + data "aws_iam_policy_document" "s3_import_assume" { statement { actions = [ @@ -121,7 +129,7 @@ data "aws_iam_policy_document" "s3_import" { ] resources = [ - module.import_s3_bucket.s3_bucket_arn + aws_s3_bucket.import.arn ] } @@ -131,7 +139,7 @@ data "aws_iam_policy_document" "s3_import" { ] resources = [ - "${module.import_s3_bucket.s3_bucket_arn}/*", + "${aws_s3_bucket.import.arn}/*", ] } } @@ -145,7 +153,7 @@ resource "aws_iam_role_policy" "s3_import" { # also needs this role so this is an easy way of ensuring the backup is uploaded before # the instance creation starts provisioner "local-exec" { - command = "unzip backup.zip && aws s3 sync ${path.module}/backup s3://${module.import_s3_bucket.s3_bucket_id}" + command = "unzip backup.zip && aws s3 sync ${path.module}/backup s3://${aws_s3_bucket.import.id}" } } @@ -160,24 +168,22 @@ module "db" { # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt engine = "mysql" - engine_version = "8.0.20" + engine_version = "8.0.27" family = "mysql8.0" # DB parameter group major_engine_version = "8.0" # DB option group - instance_class = "db.t3.large" + instance_class = "db.t3a.large" allocated_storage = 20 max_allocated_storage = 100 - storage_encrypted = false - name = "s3Import" + db_name = "s3Import" username = "s3_import_user" - password = "YourPwdShouldBeLongAndSecure!" port = 3306 # S3 import https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html s3_import = { - source_engine_version = "8.0.20" - bucket_name = module.import_s3_bucket.s3_bucket_id + source_engine_version = "8.0.27" + bucket_name = aws_s3_bucket.import.id ingestion_role = aws_iam_role.s3_import.arn } diff --git a/examples/s3-import-mysql/versions.tf b/examples/s3-import-mysql/versions.tf index 541a601f..c849c1e9 100644 --- a/examples/s3-import-mysql/versions.tf +++ b/examples/s3-import-mysql/versions.tf @@ -1,15 +1,15 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } random = { source = "hashicorp/random" - version = ">= 3.0" + version = ">= 3.1" } } } diff --git a/main.tf b/main.tf index d7953c3c..c27e1a33 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,7 @@ locals { - master_password = var.create_db_instance && var.create_random_password ? random_password.master_password[0].result : var.password - db_subnet_group_name = !var.cross_region_replica && var.replicate_source_db != null ? null : coalesce(var.db_subnet_group_name, module.db_subnet_group.db_subnet_group_id, var.identifier) + create_random_password = var.create_db_instance && var.create_random_password && var.snapshot_identifier == null + master_password = try(random_password.master_password[0].result, var.password) + db_subnet_group_name = !var.cross_region_replica && var.replicate_source_db != null ? null : try(module.db_subnet_group.db_subnet_group_id, var.db_subnet_group_name) parameter_group_name_id = var.create_db_parameter_group ? module.db_parameter_group.db_parameter_group_id : var.parameter_group_name @@ -8,9 +9,9 @@ locals { option_group = local.create_db_option_group ? module.db_option_group.db_option_group_id : var.option_group_name } -# Random string to use as master password resource "random_password" "master_password" { - count = var.create_db_instance && var.create_random_password ? 1 : 0 + # We don't need to create a random password for instances that are replicas or restored from a snapshot + count = local.create_random_password ? 1 : 0 length = var.random_password_length special = false @@ -77,7 +78,7 @@ module "db_instance" { kms_key_id = var.kms_key_id license_model = var.license_model - name = var.name + db_name = var.db_name username = var.username password = local.master_password port = var.port @@ -104,7 +105,6 @@ module "db_instance" { snapshot_identifier = var.snapshot_identifier copy_tags_to_snapshot = var.copy_tags_to_snapshot skip_final_snapshot = var.skip_final_snapshot - final_snapshot_identifier = var.final_snapshot_identifier final_snapshot_identifier_prefix = var.final_snapshot_identifier_prefix performance_insights_enabled = var.performance_insights_enabled @@ -112,6 +112,7 @@ module "db_instance" { performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null replicate_source_db = var.replicate_source_db + replica_mode = var.replica_mode backup_retention_period = var.backup_retention_period backup_window = var.backup_window max_allocated_storage = var.max_allocated_storage diff --git a/modules/db_instance/README.md b/modules/db_instance/README.md index 3032572a..af84eead 100644 --- a/modules/db_instance/README.md +++ b/modules/db_instance/README.md @@ -5,16 +5,16 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | -| [random](#requirement\_random) | >= 2.2 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 4.0 | +| [random](#requirement\_random) | >= 3.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | -| [random](#provider\_random) | >= 2.2 | +| [aws](#provider\_aws) | >= 4.0 | +| [random](#provider\_random) | >= 3.1 | ## Modules @@ -25,7 +25,6 @@ No modules. | Name | Type | |------|------| | [aws_db_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | -| [aws_db_instance.this_mssql](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | | [aws_iam_role.enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [random_id.snapshot_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | @@ -44,22 +43,22 @@ No modules. | [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for | `number` | `null` | no | | [backup\_window](#input\_backup\_window) | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance\_window | `string` | `null` | no | | [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `null` | no | -| [character\_set\_name](#input\_character\_set\_name) | (Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no | -| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot (if final\_snapshot\_identifier is specified) | `bool` | `false` | no | +| [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no | +| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no | | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | | [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | `bool` | `false` | no | -| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | `string` | `""` | no | +| [db\_name](#input\_db\_name) | The DB name to create. If omitted, no database is created initially | `string` | `null` | no | +| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | `string` | `null` | no | | [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB instance is deleted | `bool` | `true` | no | | [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true. | `bool` | `false` | no | | [domain](#input\_domain) | The ID of the Directory Service Active Directory domain to create the instance in | `string` | `null` | no | | [domain\_iam\_role\_name](#input\_domain\_iam\_role\_name) | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | `string` | `null` | no | | [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no | -| [engine](#input\_engine) | The database engine to use | `string` | `""` | no | +| [engine](#input\_engine) | The database engine to use | `string` | `null` | no | | [engine\_version](#input\_engine\_version) | The engine version to use | `string` | `null` | no | -| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | The name of your final DB snapshot when this DB instance is deleted. | `string` | `null` | no | | [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The name which is prefixed to the final snapshot on cluster destroy | `string` | `"final"` | no | | [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | -| [identifier](#input\_identifier) | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | `string` | n/a | yes | +| [identifier](#input\_identifier) | The name of the RDS instance | `string` | n/a | yes | | [instance\_class](#input\_instance\_class) | The instance type of the RDS instance | `string` | `null` | no | | [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1' | `number` | `0` | no | | [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage\_encrypted is set to true and kms\_key\_id is not specified the default KMS key created in your account will be used | `string` | `null` | no | @@ -71,25 +70,25 @@ No modules. | [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no | | [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled. | `string` | `"rds-monitoring-role"` | no | | [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no | -| [name](#input\_name) | The DB name to create. If omitted, no database is created initially | `string` | `null` | no | -| [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate. | `string` | `""` | no | -| [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | +| [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate. | `string` | `null` | no | +| [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `null` | no | | [password](#input\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | `string` | `null` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | | [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. | `string` | `null` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | `number` | `7` | no | | [port](#input\_port) | The port on which the DB accepts connections | `string` | `null` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible | `bool` | `false` | no | +| [replica\_mode](#input\_replica\_mode) | Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified | `string` | `null` | no | | [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. | `string` | `null` | no | | [restore\_to\_point\_in\_time](#input\_restore\_to\_point\_in\_time) | Restore to a point in time (MySQL is NOT supported) | `map(string)` | `null` | no | | [s3\_import](#input\_s3\_import) | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | `map(string)` | `null` | no | -| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final\_snapshot\_identifier | `bool` | `false` | no | +| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted | `bool` | `false` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | `string` | `null` | no | -| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB instance is encrypted | `bool` | `false` | no | +| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB instance is encrypted | `bool` | `true` | no | | [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'standard' if not. Note that this behaviour is different from the AWS web console, where the default is 'gp2'. | `string` | `null` | no | | [tags](#input\_tags) | A mapping of tags to assign to all resources | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | (Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | `map(string)` | 
{
  "create": "40m",
  "delete": "40m",
  "update": "80m"
}
| no | -| [timezone](#input\_timezone) | (Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | `string` | `null` | no | +| [timeouts](#input\_timeouts) | Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | `map(string)` | `{}` | no | +| [timezone](#input\_timezone) | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | `string` | `null` | no | | [username](#input\_username) | Username for the master DB user | `string` | `null` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate | `list(string)` | `[]` | no | diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf index c4f2c461..043a074e 100644 --- a/modules/db_instance/main.tf +++ b/modules/db_instance/main.tf @@ -1,7 +1,16 @@ locals { - is_mssql = element(split("-", var.engine), 0) == "sqlserver" + is_mssql = try(element(split("-", var.engine), 0) == "sqlserver", false) monitoring_role_arn = var.create_monitoring_role ? aws_iam_role.enhanced_monitoring[0].arn : var.monitoring_role_arn + + final_snapshot_identifier = var.skip_final_snapshot ? null : "${var.final_snapshot_identifier_prefix}-${var.identifier}-${try(random_id.snapshot_identifier[0].hex, "")}" + + # For replica instances or instances restored from snapshot, the metadata is already baked into the source + metadata_already_exists = var.snapshot_identifier != null || var.replicate_source_db != null + username = local.metadata_already_exists ? null : var.username + password = local.metadata_already_exists ? null : var.password + engine = local.metadata_already_exists ? null : var.engine + engine_version = var.replicate_source_db != null ? null : var.engine_version } # Ref. https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces @@ -22,8 +31,8 @@ resource "aws_db_instance" "this" { identifier = var.identifier - engine = var.engine - engine_version = var.engine_version + engine = local.engine + engine_version = local.engine_version instance_class = var.instance_class allocated_storage = var.allocated_storage storage_type = var.storage_type @@ -31,9 +40,9 @@ resource "aws_db_instance" "this" { kms_key_id = var.kms_key_id license_model = var.license_model - name = var.name - username = var.username - password = var.password + db_name = var.db_name + username = local.username + password = local.password port = var.port domain = var.domain domain_iam_role_name = var.domain_iam_role_name @@ -55,17 +64,17 @@ resource "aws_db_instance" "this" { apply_immediately = var.apply_immediately maintenance_window = var.maintenance_window - snapshot_identifier = var.snapshot_identifier - copy_tags_to_snapshot = var.copy_tags_to_snapshot - skip_final_snapshot = var.skip_final_snapshot - # TODO - remove coalesce() at next breaking change - adding existing name as fallback to maintain backwards compatibility - final_snapshot_identifier = var.skip_final_snapshot ? null : coalesce(var.final_snapshot_identifier, "${var.final_snapshot_identifier_prefix}-${var.identifier}-${random_id.snapshot_identifier[0].hex}") + snapshot_identifier = var.snapshot_identifier + copy_tags_to_snapshot = var.copy_tags_to_snapshot + skip_final_snapshot = var.skip_final_snapshot + final_snapshot_identifier = local.final_snapshot_identifier performance_insights_enabled = var.performance_insights_enabled performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null replicate_source_db = var.replicate_source_db + replica_mode = var.replica_mode backup_retention_period = var.backup_retention_period backup_window = var.backup_window max_allocated_storage = var.max_allocated_storage @@ -73,12 +82,12 @@ resource "aws_db_instance" "this" { monitoring_role_arn = var.monitoring_interval > 0 ? local.monitoring_role_arn : null character_set_name = var.character_set_name + timezone = var.timezone enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports deletion_protection = var.deletion_protection delete_automated_backups = var.delete_automated_backups - dynamic "restore_to_point_in_time" { for_each = var.restore_to_point_in_time != null ? [var.restore_to_point_in_time] : [] @@ -90,7 +99,6 @@ resource "aws_db_instance" "this" { } } - dynamic "s3_import" { for_each = var.s3_import != null ? [var.s3_import] : [] @@ -103,12 +111,7 @@ resource "aws_db_instance" "this" { } } - tags = merge( - var.tags, - { - "Name" = format("%s", var.identifier) - }, - ) + tags = var.tags timeouts { create = lookup(var.timeouts, "create", null) @@ -123,82 +126,6 @@ resource "aws_db_instance" "this" { } } -resource "aws_db_instance" "this_mssql" { - count = var.create && local.is_mssql ? 1 : 0 - - identifier = var.identifier - - engine = var.engine - engine_version = var.engine_version - instance_class = var.instance_class - allocated_storage = var.allocated_storage - storage_type = var.storage_type - storage_encrypted = var.storage_encrypted - kms_key_id = var.kms_key_id - license_model = var.license_model - - name = var.name - username = var.username - password = var.password - port = var.port - domain = var.domain - domain_iam_role_name = var.domain_iam_role_name - iam_database_authentication_enabled = var.iam_database_authentication_enabled - - vpc_security_group_ids = var.vpc_security_group_ids - db_subnet_group_name = var.db_subnet_group_name - parameter_group_name = var.parameter_group_name - option_group_name = var.option_group_name - - availability_zone = var.availability_zone - multi_az = var.multi_az - iops = var.iops - publicly_accessible = var.publicly_accessible - ca_cert_identifier = var.ca_cert_identifier - - allow_major_version_upgrade = var.allow_major_version_upgrade - auto_minor_version_upgrade = var.auto_minor_version_upgrade - apply_immediately = var.apply_immediately - maintenance_window = var.maintenance_window - - snapshot_identifier = var.snapshot_identifier - copy_tags_to_snapshot = var.copy_tags_to_snapshot - skip_final_snapshot = var.skip_final_snapshot - # TODO - remove coalesce() at next breaking change - adding existing name as fallback to maintain backwards compatibility - final_snapshot_identifier = var.skip_final_snapshot ? null : coalesce(var.final_snapshot_identifier, "${var.final_snapshot_identifier_prefix}-${var.identifier}-${random_id.snapshot_identifier[0].hex}") - - performance_insights_enabled = var.performance_insights_enabled - performance_insights_retention_period = var.performance_insights_enabled ? var.performance_insights_retention_period : null - performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null - - replicate_source_db = var.replicate_source_db - backup_retention_period = var.backup_retention_period - backup_window = var.backup_window - max_allocated_storage = var.max_allocated_storage - monitoring_interval = var.monitoring_interval - monitoring_role_arn = var.monitoring_interval > 0 ? local.monitoring_role_arn : null - - character_set_name = var.character_set_name - timezone = var.timezone # MSSQL only - enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports - - deletion_protection = var.deletion_protection - delete_automated_backups = var.delete_automated_backups - - tags = merge( - var.tags, - { - "Name" = format("%s", var.identifier) - }, - ) - - timeouts { - create = lookup(var.timeouts, "create", null) - delete = lookup(var.timeouts, "delete", null) - update = lookup(var.timeouts, "update", null) - } -} - ################################################################################ # Enhanced monitoring ################################################################################ diff --git a/modules/db_instance/outputs.tf b/modules/db_instance/outputs.tf index 8bfa04ba..ebcffc03 100644 --- a/modules/db_instance/outputs.tf +++ b/modules/db_instance/outputs.tf @@ -1,106 +1,86 @@ -locals { - enhanced_monitoring_iam_role_name = element(concat(aws_iam_role.enhanced_monitoring.*.name, [""]), 0) - enhanced_monitoring_iam_role_arn = element(concat(aws_iam_role.enhanced_monitoring.*.arn, [""]), 0) - db_instance_address = element(concat(aws_db_instance.this_mssql.*.address, aws_db_instance.this.*.address, [""]), 0) - db_instance_arn = element(concat(aws_db_instance.this_mssql.*.arn, aws_db_instance.this.*.arn, [""]), 0) - db_instance_availability_zone = element(concat(aws_db_instance.this_mssql.*.availability_zone, aws_db_instance.this.*.availability_zone, [""]), 0) - db_instance_endpoint = element(concat(aws_db_instance.this_mssql.*.endpoint, aws_db_instance.this.*.endpoint, [""]), 0) - db_instance_hosted_zone_id = element(concat(aws_db_instance.this_mssql.*.hosted_zone_id, aws_db_instance.this.*.hosted_zone_id, [""]), 0) - db_instance_id = element(concat(aws_db_instance.this_mssql.*.id, aws_db_instance.this.*.id, [""]), 0) - db_instance_resource_id = element(concat(aws_db_instance.this_mssql.*.resource_id, aws_db_instance.this.*.resource_id, [""]), 0) - db_instance_status = element(concat(aws_db_instance.this_mssql.*.status, aws_db_instance.this.*.status, [""]), 0) - db_instance_name = element(concat(aws_db_instance.this_mssql.*.name, aws_db_instance.this.*.name, [""]), 0) - db_instance_username = element(concat(aws_db_instance.this_mssql.*.username, aws_db_instance.this.*.username, [""]), 0) - db_instance_port = element(concat(aws_db_instance.this_mssql.*.port, aws_db_instance.this.*.port, [""]), 0) - db_instance_ca_cert_identifier = element(concat(aws_db_instance.this_mssql.*.ca_cert_identifier, aws_db_instance.this.*.ca_cert_identifier, [""]), 0) - db_instance_domain = element(concat(aws_db_instance.this_mssql.*.domain, [""]), 0) - db_instance_domain_iam_role_name = element(concat(aws_db_instance.this_mssql.*.domain_iam_role_name, [""]), 0) - db_instance_master_password = element(concat(aws_db_instance.this_mssql.*.password, aws_db_instance.this.*.password, [""]), 0) -} - output "enhanced_monitoring_iam_role_name" { description = "The name of the monitoring role" - value = local.enhanced_monitoring_iam_role_name + value = try(aws_iam_role.enhanced_monitoring[0].name, "") } output "enhanced_monitoring_iam_role_arn" { description = "The Amazon Resource Name (ARN) specifying the monitoring role" - value = local.enhanced_monitoring_iam_role_arn + value = try(aws_iam_role.enhanced_monitoring[0].arn, "") } output "db_instance_address" { description = "The address of the RDS instance" - value = local.db_instance_address + value = try(aws_db_instance.this[0].address, "") } output "db_instance_arn" { description = "The ARN of the RDS instance" - value = local.db_instance_arn + value = try(aws_db_instance.this[0].arn, "") } output "db_instance_availability_zone" { description = "The availability zone of the RDS instance" - value = local.db_instance_availability_zone + value = try(aws_db_instance.this[0].availability_zone, "") } output "db_instance_endpoint" { description = "The connection endpoint" - value = local.db_instance_endpoint + value = try(aws_db_instance.this[0].endpoint, "") } output "db_instance_hosted_zone_id" { description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = local.db_instance_hosted_zone_id + value = try(aws_db_instance.this[0].hosted_zone_id, "") } output "db_instance_id" { description = "The RDS instance ID" - value = local.db_instance_id + value = try(aws_db_instance.this[0].id, "") } output "db_instance_resource_id" { description = "The RDS Resource ID of this instance" - value = local.db_instance_resource_id + value = try(aws_db_instance.this[0].resource_id, "") } output "db_instance_status" { description = "The RDS instance status" - value = local.db_instance_status + value = try(aws_db_instance.this[0].status, "") } output "db_instance_name" { description = "The database name" - value = local.db_instance_name + value = try(aws_db_instance.this[0].name, "") } output "db_instance_username" { description = "The master username for the database" - value = local.db_instance_username + value = try(aws_db_instance.this[0].username, "") sensitive = true } output "db_instance_port" { description = "The database port" - value = local.db_instance_port + value = try(aws_db_instance.this[0].port, "") } output "db_instance_ca_cert_identifier" { description = "Specifies the identifier of the CA certificate for the DB instance" - value = local.db_instance_ca_cert_identifier + value = try(aws_db_instance.this[0].ca_cert_identifier, "") } output "db_instance_domain" { description = "The ID of the Directory Service Active Directory domain the instance is joined to" - value = local.db_instance_domain + value = try(aws_db_instance.this[0].domain, "") } output "db_instance_domain_iam_role_name" { description = "The name of the IAM role to be used when making API calls to the Directory Service. " - value = local.db_instance_domain_iam_role_name + value = try(aws_db_instance.this[0].domain_iam_role_name, "") } output "db_instance_master_password" { description = "The master password" - value = local.db_instance_master_password + value = try(aws_db_instance.this[0].password, "") sensitive = true } diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf index 24651bb9..cca375ba 100644 --- a/modules/db_instance/variables.tf +++ b/modules/db_instance/variables.tf @@ -5,7 +5,7 @@ variable "create" { } variable "identifier" { - description = "The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier" + description = "The name of the RDS instance" type = string } @@ -24,7 +24,7 @@ variable "storage_type" { variable "storage_encrypted" { description = "Specifies whether the DB instance is encrypted" type = bool - default = false + default = true } variable "kms_key_id" { @@ -45,6 +45,12 @@ variable "license_model" { default = null } +variable "replica_mode" { + description = "Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified" + type = string + default = null +} + variable "iam_database_authentication_enabled" { description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" type = bool @@ -66,7 +72,7 @@ variable "domain_iam_role_name" { variable "engine" { description = "The database engine to use" type = string - default = "" + default = null } variable "engine_version" { @@ -81,7 +87,7 @@ variable "instance_class" { default = null } -variable "name" { +variable "db_name" { description = "The DB name to create. If omitted, no database is created initially" type = string default = null @@ -106,7 +112,7 @@ variable "port" { } variable "skip_final_snapshot" { - description = "Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier" + description = "Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted" type = bool default = false } @@ -118,17 +124,11 @@ variable "snapshot_identifier" { } variable "copy_tags_to_snapshot" { - description = "On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified)" + description = "On delete, copy all Instance tags to the final snapshot" type = bool default = false } -variable "final_snapshot_identifier" { - description = "The name of your final DB snapshot when this DB instance is deleted." - type = string - default = null -} - variable "final_snapshot_identifier_prefix" { description = "The name which is prefixed to the final snapshot on cluster destroy" type = string @@ -144,13 +144,13 @@ variable "vpc_security_group_ids" { variable "db_subnet_group_name" { description = "Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC" type = string - default = "" + default = null } variable "parameter_group_name" { description = "Name of the DB parameter group to associate" type = string - default = "" + default = null } variable "availability_zone" { @@ -252,17 +252,17 @@ variable "tags" { variable "option_group_name" { description = "Name of the DB option group to associate." type = string - default = "" + default = null } variable "timezone" { - description = "(Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information." + description = "Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information." type = string default = null } variable "character_set_name" { - description = "(Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation." + description = "The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation." type = string default = null } @@ -274,13 +274,9 @@ variable "enabled_cloudwatch_logs_exports" { } variable "timeouts" { - description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" + description = "Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" type = map(string) - default = { - create = "40m" - update = "80m" - delete = "40m" - } + default = {} } variable "deletion_protection" { diff --git a/modules/db_instance/versions.tf b/modules/db_instance/versions.tf index 9234cc98..c849c1e9 100644 --- a/modules/db_instance/versions.tf +++ b/modules/db_instance/versions.tf @@ -1,15 +1,15 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } random = { source = "hashicorp/random" - version = ">= 2.2" + version = ">= 3.1" } } } diff --git a/modules/db_option_group/README.md b/modules/db_option_group/README.md index f55eda67..2ad344a4 100644 --- a/modules/db_option_group/README.md +++ b/modules/db_option_group/README.md @@ -5,14 +5,14 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.62 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | +| [aws](#provider\_aws) | >= 3.62 | ## Modules @@ -32,10 +32,10 @@ No modules. | [engine\_name](#input\_engine\_name) | Specifies the name of the engine that this option group should be associated with | `string` | `null` | no | | [major\_engine\_version](#input\_major\_engine\_version) | Specifies the major version of the engine that this option group should be associated with | `string` | `null` | no | | [name](#input\_name) | The name of the option group | `string` | `""` | no | -| [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `""` | no | +| [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `null` | no | | [options](#input\_options) | A list of Options to apply | `any` | `[]` | no | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | -| [timeouts](#input\_timeouts) | Define maximum timeout for deletion of `aws_db_option_group` resource | `map(string)` | 
{
  "delete": "15m"
}
| no | +| [timeouts](#input\_timeouts) | Define maximum timeout for deletion of `aws_db_option_group` resource | `map(string)` | `{}` | no | | [use\_name\_prefix](#input\_use\_name\_prefix) | Determines whether to use `name` as is or create a unique name beginning with `name` as the specified prefix | `bool` | `true` | no | ## Outputs diff --git a/modules/db_option_group/outputs.tf b/modules/db_option_group/outputs.tf index 5ef4b22c..3a87a8f6 100644 --- a/modules/db_option_group/outputs.tf +++ b/modules/db_option_group/outputs.tf @@ -1,9 +1,9 @@ output "db_option_group_id" { description = "The db option group id" - value = element(concat(aws_db_option_group.this.*.id, [""]), 0) + value = try(aws_db_option_group.this[0].id, "") } output "db_option_group_arn" { description = "The ARN of the db option group" - value = element(concat(aws_db_option_group.this.*.arn, [""]), 0) + value = try(aws_db_option_group.this[0].arn, "") } diff --git a/modules/db_option_group/variables.tf b/modules/db_option_group/variables.tf index 9d58cbf4..de4be194 100644 --- a/modules/db_option_group/variables.tf +++ b/modules/db_option_group/variables.tf @@ -19,7 +19,7 @@ variable "use_name_prefix" { variable "option_group_description" { description = "The description of the option group" type = string - default = "" + default = null } variable "engine_name" { @@ -43,9 +43,7 @@ variable "options" { variable "timeouts" { description = "Define maximum timeout for deletion of `aws_db_option_group` resource" type = map(string) - default = { - delete = "15m" - } + default = {} } variable "tags" { diff --git a/modules/db_option_group/versions.tf b/modules/db_option_group/versions.tf index a5953db4..c7b91448 100644 --- a/modules/db_option_group/versions.tf +++ b/modules/db_option_group/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 3.62" } } } diff --git a/modules/db_parameter_group/README.md b/modules/db_parameter_group/README.md index 5249ef1b..2487816b 100644 --- a/modules/db_parameter_group/README.md +++ b/modules/db_parameter_group/README.md @@ -5,14 +5,14 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.62 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | +| [aws](#provider\_aws) | >= 3.62 | ## Modules @@ -29,7 +29,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | -| [description](#input\_description) | The description of the DB parameter group | `string` | `""` | no | +| [description](#input\_description) | The description of the DB parameter group | `string` | `null` | no | | [family](#input\_family) | The family of the DB parameter group | `string` | `null` | no | | [name](#input\_name) | The name of the DB parameter group | `string` | `""` | no | | [parameters](#input\_parameters) | A list of DB parameter maps to apply | `list(map(string))` | `[]` | no | diff --git a/modules/db_parameter_group/outputs.tf b/modules/db_parameter_group/outputs.tf index 0f66124e..e67ec7c8 100644 --- a/modules/db_parameter_group/outputs.tf +++ b/modules/db_parameter_group/outputs.tf @@ -1,9 +1,9 @@ output "db_parameter_group_id" { description = "The db parameter group id" - value = element(concat(aws_db_parameter_group.this.*.id, [""]), 0) + value = try(aws_db_parameter_group.this[0].id, "") } output "db_parameter_group_arn" { description = "The ARN of the db parameter group" - value = element(concat(aws_db_parameter_group.this.*.arn, [""]), 0) + value = try(aws_db_parameter_group.this[0].arn, "") } diff --git a/modules/db_parameter_group/variables.tf b/modules/db_parameter_group/variables.tf index c6beb376..b7b7af9f 100644 --- a/modules/db_parameter_group/variables.tf +++ b/modules/db_parameter_group/variables.tf @@ -19,7 +19,7 @@ variable "use_name_prefix" { variable "description" { description = "The description of the DB parameter group" type = string - default = "" + default = null } variable "family" { diff --git a/modules/db_parameter_group/versions.tf b/modules/db_parameter_group/versions.tf index a5953db4..c7b91448 100644 --- a/modules/db_parameter_group/versions.tf +++ b/modules/db_parameter_group/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 3.62" } } } diff --git a/modules/db_subnet_group/README.md b/modules/db_subnet_group/README.md index e45bf75a..7e605618 100644 --- a/modules/db_subnet_group/README.md +++ b/modules/db_subnet_group/README.md @@ -5,14 +5,14 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12.26 | -| [aws](#requirement\_aws) | >= 2.49 | +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.62 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.49 | +| [aws](#provider\_aws) | >= 3.62 | ## Modules @@ -29,7 +29,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | -| [description](#input\_description) | The description of the DB subnet group | `string` | `""` | no | +| [description](#input\_description) | The description of the DB subnet group | `string` | `null` | no | | [name](#input\_name) | The name of the DB subnet group | `string` | `""` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of VPC subnet IDs | `list(string)` | `[]` | no | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | diff --git a/modules/db_subnet_group/outputs.tf b/modules/db_subnet_group/outputs.tf index 4ef75253..aa803a34 100644 --- a/modules/db_subnet_group/outputs.tf +++ b/modules/db_subnet_group/outputs.tf @@ -1,9 +1,9 @@ output "db_subnet_group_id" { description = "The db subnet group name" - value = element(concat(aws_db_subnet_group.this.*.id, [""]), 0) + value = try(aws_db_subnet_group.this[0].id, "") } output "db_subnet_group_arn" { description = "The ARN of the db subnet group" - value = element(concat(aws_db_subnet_group.this.*.arn, [""]), 0) + value = try(aws_db_subnet_group.this[0].arn, "") } diff --git a/modules/db_subnet_group/variables.tf b/modules/db_subnet_group/variables.tf index 802f5e74..48185ab4 100644 --- a/modules/db_subnet_group/variables.tf +++ b/modules/db_subnet_group/variables.tf @@ -19,7 +19,7 @@ variable "use_name_prefix" { variable "description" { description = "The description of the DB subnet group" type = string - default = "" + default = null } variable "subnet_ids" { diff --git a/modules/db_subnet_group/versions.tf b/modules/db_subnet_group/versions.tf index a5953db4..c7b91448 100644 --- a/modules/db_subnet_group/versions.tf +++ b/modules/db_subnet_group/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 3.62" } } } diff --git a/variables.tf b/variables.tf index 871cbd92..76f6ce5a 100644 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,5 @@ variable "identifier" { - description = "The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier" + description = "The name of the RDS instance" type = string } @@ -10,7 +10,7 @@ variable "allocated_storage" { } variable "storage_type" { - description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not." + description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not" type = string default = null } @@ -18,7 +18,7 @@ variable "storage_type" { variable "storage_encrypted" { description = "Specifies whether the DB instance is encrypted" type = bool - default = false + default = true } variable "kms_key_id" { @@ -28,7 +28,7 @@ variable "kms_key_id" { } variable "replicate_source_db" { - description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate." + description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate" type = string default = null } @@ -45,6 +45,12 @@ variable "license_model" { default = null } +variable "replica_mode" { + description = "Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified" + type = string + default = null +} + variable "iam_database_authentication_enabled" { description = "Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled" type = bool @@ -66,7 +72,7 @@ variable "domain_iam_role_name" { variable "engine" { description = "The database engine to use" type = string - default = "" + default = null } variable "engine_version" { @@ -76,29 +82,23 @@ variable "engine_version" { } variable "skip_final_snapshot" { - description = "Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier" + description = "Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted" type = bool default = false } variable "snapshot_identifier" { - description = "Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05." + description = "Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05" type = string default = null } variable "copy_tags_to_snapshot" { - description = "On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified)" + description = "On delete, copy all Instance tags to the final snapshot" type = bool default = false } -variable "final_snapshot_identifier" { - description = "The name of your final DB snapshot when this DB instance is deleted." - type = string - default = null -} - variable "final_snapshot_identifier_prefix" { description = "The name which is prefixed to the final snapshot on cluster destroy" type = string @@ -111,7 +111,7 @@ variable "instance_class" { default = null } -variable "name" { +variable "db_name" { description = "The DB name to create. If omitted, no database is created initially" type = string default = null @@ -126,7 +126,7 @@ variable "username" { variable "password" { description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file" type = string - default = "" + default = null } variable "port" { @@ -166,19 +166,19 @@ variable "publicly_accessible" { } variable "monitoring_interval" { - description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60." + description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60" type = number default = 0 } variable "monitoring_role_arn" { - description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero." + description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero" type = string default = null } variable "monitoring_role_name" { - description = "Name of the IAM role which will be created when create_monitoring_role is enabled." + description = "Name of the IAM role which will be created when create_monitoring_role is enabled" type = string default = "rds-monitoring-role" } @@ -190,7 +190,7 @@ variable "monitoring_role_description" { } variable "create_monitoring_role" { - description = "Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs." + description = "Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs" type = bool default = false } @@ -277,7 +277,7 @@ variable "db_subnet_group_tags" { variable "create_db_subnet_group" { description = "Whether to create a database subnet group" type = bool - default = true + default = false } variable "db_subnet_group_name" { @@ -295,7 +295,7 @@ variable "db_subnet_group_use_name_prefix" { variable "db_subnet_group_description" { description = "Description of the DB subnet group to create" type = string - default = "" + default = null } variable "subnet_ids" { @@ -326,13 +326,13 @@ variable "parameter_group_use_name_prefix" { variable "parameter_group_description" { description = "Description of the DB parameter group to create" type = string - default = "" + default = null } variable "family" { description = "The family of the DB parameter group" type = string - default = "" + default = null } variable "parameters" { @@ -343,7 +343,7 @@ variable "parameters" { # DB option group variable "create_db_option_group" { - description = "(Optional) Create a database option group" + description = "Create a database option group" type = bool default = true } @@ -363,17 +363,17 @@ variable "option_group_use_name_prefix" { variable "option_group_description" { description = "The description of the option group" type = string - default = "" + default = null } variable "major_engine_version" { description = "Specifies the major version of the engine that this option group should be associated with" type = string - default = "" + default = null } variable "options" { - description = "A list of Options to apply." + description = "A list of Options to apply" type = any default = [] } @@ -385,43 +385,37 @@ variable "create_db_instance" { } variable "timezone" { - description = "(Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information." + description = "Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information" type = string default = null } variable "character_set_name" { - description = "(Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation." + description = "The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation" type = string default = null } variable "enabled_cloudwatch_logs_exports" { - description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)." + description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)" type = list(string) default = [] } variable "timeouts" { - description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" + description = "Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" type = map(string) - default = { - create = "40m" - update = "80m" - delete = "40m" - } + default = {} } variable "option_group_timeouts" { description = "Define maximum timeout for deletion of `aws_db_option_group` resource" type = map(string) - default = { - delete = "15m" - } + default = {} } variable "deletion_protection" { - description = "The database can't be deleted when this value is set to true." + description = "The database can't be deleted when this value is set to true" type = bool default = false } @@ -433,13 +427,13 @@ variable "performance_insights_enabled" { } variable "performance_insights_retention_period" { - description = "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)." + description = "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)" type = number default = 7 } variable "performance_insights_kms_key_id" { - description = "The ARN for the KMS key to encrypt Performance Insights data." + description = "The ARN for the KMS key to encrypt Performance Insights data" type = string default = null } @@ -465,11 +459,11 @@ variable "delete_automated_backups" { variable "create_random_password" { description = "Whether to create random password for RDS primary cluster" type = bool - default = false + default = true } variable "random_password_length" { - description = "(Optional) Length of random password to create. (default: 10)" + description = "Length of random password to create" type = number - default = 10 + default = 16 } diff --git a/versions.tf b/versions.tf index e9788343..c849c1e9 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,12 @@ terraform { - required_version = ">= 0.12.26" + required_version = ">= 0.13.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.49" + version = ">= 4.0" } + random = { source = "hashicorp/random" version = ">= 3.1"