From cab9c948754a3643064191bbef80044dc45fb46c Mon Sep 17 00:00:00 2001 From: Andrew Hemming Date: Thu, 7 Mar 2024 22:28:55 +0000 Subject: [PATCH] Add argument for RDS IAM authentication --- resource-groups/rds-postgres/main.tf | 57 ++++++++++++----------- resource-groups/rds-postgres/variables.tf | 10 +++- 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/resource-groups/rds-postgres/main.tf b/resource-groups/rds-postgres/main.tf index 5f3eeadc..ddc796d4 100644 --- a/resource-groups/rds-postgres/main.tf +++ b/resource-groups/rds-postgres/main.tf @@ -4,34 +4,35 @@ resource "aws_db_subnet_group" "subnet_group" { } resource "aws_db_instance" "db" { - allocated_storage = var.allocated_storage_gb - auto_minor_version_upgrade = false - allow_major_version_upgrade = false - apply_immediately = var.apply_immediately - backup_retention_period = var.backup_retention_period_days - db_name = var.db_name # NB Postgres db names use underscores, not hyphens - db_subnet_group_name = aws_db_subnet_group.subnet_group.name - enabled_cloudwatch_logs_exports = ["postgresql"] - engine = "postgres" - engine_version = var.postgres_engine_version - final_snapshot_identifier = var.skip_final_snapshot ? null : var.final_snapshot_identifier - identifier = var.db_name # NB RDS identifiers use hyphens, not underscores - instance_class = var.db_instance_class - iops = var.storage_iops - monitoring_interval = var.monitoring_interval - monitoring_role_arn = var.monitoring_role_arn - multi_az = true - password = random_password.db.result - parameter_group_name = var.parameter_group_name - performance_insights_enabled = var.performance_insights_enabled - port = var.postgres_port - publicly_accessible = false - skip_final_snapshot = var.skip_final_snapshot - storage_encrypted = true - storage_throughput = var.storage_throughput - storage_type = var.storage_type - username = var.db_username - vpc_security_group_ids = [aws_security_group.db.id] + allocated_storage = var.allocated_storage_gb + auto_minor_version_upgrade = false + allow_major_version_upgrade = false + apply_immediately = var.apply_immediately + backup_retention_period = var.backup_retention_period_days + db_name = var.db_name # NB Postgres db names use underscores, not hyphens + db_subnet_group_name = aws_db_subnet_group.subnet_group.name + enabled_cloudwatch_logs_exports = ["postgresql"] + engine = "postgres" + engine_version = var.postgres_engine_version + final_snapshot_identifier = var.skip_final_snapshot ? null : var.final_snapshot_identifier + iam_database_authentication_enabled = var.iam_database_authentication_enabled + identifier = var.db_name # NB RDS identifiers use hyphens, not underscores + instance_class = var.db_instance_class + iops = var.storage_iops + monitoring_interval = var.monitoring_interval + monitoring_role_arn = var.monitoring_role_arn + multi_az = true + password = random_password.db.result + parameter_group_name = var.parameter_group_name + performance_insights_enabled = var.performance_insights_enabled + port = var.postgres_port + publicly_accessible = false + skip_final_snapshot = var.skip_final_snapshot + storage_encrypted = true + storage_throughput = var.storage_throughput + storage_type = var.storage_type + username = var.db_username + vpc_security_group_ids = [aws_security_group.db.id] } resource "aws_security_group" "db" { diff --git a/resource-groups/rds-postgres/variables.tf b/resource-groups/rds-postgres/variables.tf index ff3cab4a..5f44e677 100644 --- a/resource-groups/rds-postgres/variables.tf +++ b/resource-groups/rds-postgres/variables.tf @@ -38,6 +38,12 @@ variable "final_snapshot_identifier" { default = "final-snapshot" } +variable "iam_database_authentication_enabled" { + description = "Whether to enable IAM database authentication" + type = bool + default = false +} + variable "monitoring_interval" { type = number default = 0 @@ -51,8 +57,8 @@ variable "monitoring_role_arn" { } variable "parameter_group_name" { - type = string - default = null + type = string + default = null description = "Name of Parameter Group to use" }