diff --git a/LICENSE b/LICENSE
index 808ecf30..a6e3b3e1 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017-2018 Cloud Posse, LLC
+   Copyright 2017-2019 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/README.md b/README.md
index c701f36c..9e15d495 100644
--- a/README.md
+++ b/README.md
@@ -265,6 +265,8 @@ Available targets:
 | maintenance_window | Weekly time range during which system maintenance can occur, in UTC | string | `wed:03:00-wed:04:00` | no |
 | name | Name of the application | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
+| performance_insights_enabled | Whether to enable Performance Insights | string | `false` | no |
+| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true | string | `` | no |
 | publicly_accessible | Set to true if you want your cluster to be publicly accessible (such as via QuickSight) | string | `false` | no |
 | rds_monitoring_interval | Interval in seconds that metrics are collected, 0 to disable (values can only be 0, 1, 5, 10, 15, 30, 60) | string | `0` | no |
 | rds_monitoring_role_arn | The ARN for the IAM role that can send monitoring metrics to CloudWatch Logs | string | `` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 00b6ca3a..5c5abc32 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -24,6 +24,8 @@
 | maintenance_window | Weekly time range during which system maintenance can occur, in UTC | string | `wed:03:00-wed:04:00` | no |
 | name | Name of the application | string | - | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
+| performance_insights_enabled | Whether to enable Performance Insights | string | `false` | no |
+| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true | string | `` | no |
 | publicly_accessible | Set to true if you want your cluster to be publicly accessible (such as via QuickSight) | string | `false` | no |
 | rds_monitoring_interval | Interval in seconds that metrics are collected, 0 to disable (values can only be 0, 1, 5, 10, 15, 30, 60) | string | `0` | no |
 | rds_monitoring_role_arn | The ARN for the IAM role that can send monitoring metrics to CloudWatch Logs | string | `` | no |
diff --git a/main.tf b/main.tf
index bf9936b7..08867b35 100644
--- a/main.tf
+++ b/main.tf
@@ -66,18 +66,20 @@ resource "aws_rds_cluster" "default" {
 }
 
 resource "aws_rds_cluster_instance" "default" {
-  count                   = "${var.enabled == "true" ? var.cluster_size : 0}"
-  identifier              = "${module.label.id}-${count.index+1}"
-  cluster_identifier      = "${aws_rds_cluster.default.id}"
-  instance_class          = "${var.instance_type}"
-  db_subnet_group_name    = "${aws_db_subnet_group.default.name}"
-  db_parameter_group_name = "${aws_db_parameter_group.default.name}"
-  publicly_accessible     = "${var.publicly_accessible}"
-  tags                    = "${module.label.tags}"
-  engine                  = "${var.engine}"
-  engine_version          = "${var.engine_version}"
-  monitoring_interval     = "${var.rds_monitoring_interval}"
-  monitoring_role_arn     = "${var.rds_monitoring_role_arn}"
+  count                           = "${var.enabled == "true" ? var.cluster_size : 0}"
+  identifier                      = "${module.label.id}-${count.index+1}"
+  cluster_identifier              = "${aws_rds_cluster.default.id}"
+  instance_class                  = "${var.instance_type}"
+  db_subnet_group_name            = "${aws_db_subnet_group.default.name}"
+  db_parameter_group_name         = "${aws_db_parameter_group.default.name}"
+  publicly_accessible             = "${var.publicly_accessible}"
+  tags                            = "${module.label.tags}"
+  engine                          = "${var.engine}"
+  engine_version                  = "${var.engine_version}"
+  monitoring_interval             = "${var.rds_monitoring_interval}"
+  monitoring_role_arn             = "${var.rds_monitoring_role_arn}"
+  performance_insights_enabled    = "${var.performance_insights_enabled}"
+  performance_insights_kms_key_id = "${var.performance_insights_kms_key_id}"
 }
 
 resource "aws_db_subnet_group" "default" {
diff --git a/variables.tf b/variables.tf
index d5ea7cbb..e2dc5254 100644
--- a/variables.tf
+++ b/variables.tf
@@ -206,3 +206,15 @@ variable "replication_source_identifier" {
   description = "ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica"
   default     = ""
 }
+
+variable "performance_insights_enabled" {
+  type        = "string"
+  default     = "false"
+  description = "Whether to enable Performance Insights"
+}
+
+variable "performance_insights_kms_key_id" {
+  type        = "string"
+  default     = ""
+  description = "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true"
+}