-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
83 lines (77 loc) · 4.48 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
terraform {
required_version = ">= 0.12"
}
# ---------------------------------------------------------------------------------------------------------------------
# Subnet Group
# Provider Docs: https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_db_subnet_group" "this" {
name = var.db_subnet_group_name
subnet_ids = var.subnet_ids
}
# ---------------------------------------------------------------------------------------------------------------------
# RDS instance
# Provider Docs: https://www.terraform.io/docs/providers/aws/r/db_instance.html
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_db_instance" "this" {
allocated_storage = var.allocated_storage
apply_immediately = var.apply_immediately
backup_retention_period = var.backup_retention_period
backup_window = var.backup_window
copy_tags_to_snapshot = var.copy_tags_to_snapshot
db_subnet_group_name = aws_db_subnet_group.this.id
deletion_protection = var.deletion_protection
engine = var.engine
engine_version = var.engine_version
iam_database_authentication_enabled = var.iam_database_authentication_enabled
identifier = var.identifier
instance_class = var.instance_class
max_allocated_storage = var.max_allocated_storage
multi_az = var.multi_az
skip_final_snapshot = var.skip_final_snapshot
storage_type = var.storage_type
storage_encrypted = var.storage_encrypted
monitoring_interval = var.monitoring_interval
monitoring_role_arn = aws_iam_role.this.arn
maintenance_window = var.maintenance_window
password = var.password
parameter_group_name = var.parameter_group_name
publicly_accessible = var.publicly_accessible
username = var.username
vpc_security_group_ids = var.vpc_security_group_ids
db_name = var.db_name
availability_zone = var.availability_zone
manage_master_user_password = var.manage_master_user_password
performance_insights_enabled = var.performance_insights_enabled
performance_insights_kms_key_id = var.performance_insights_kms_key_id
performance_insights_retention_period = var.performance_insights_retention_period
}
# ---------------------------------------------------------------------------------------------------------------------
# # Policy document for role (and the service that can assume it) for Enhanced Monitoring
# Provider Docs: https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
# ---------------------------------------------------------------------------------------------------------------------
data "aws_iam_policy_document" "this" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["monitoring.rds.amazonaws.com"]
}
}
}
# ---------------------------------------------------------------------------------------------------------------------
# Create role to be be used for enhanced monitoring
# Provider Docs: https://www.terraform.io/docs/providers/aws/r/iam_role.html
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_iam_role" "this" {
name = var.role_name
assume_role_policy = data.aws_iam_policy_document.this.json
}
# ---------------------------------------------------------------------------------------------------------------------
# Attach AWS managed policy for enhanced monitoring to role
# Provider Docs: https://www.terraform.io/docs/providers/aws/r/iam_role_policy_attachment.html
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_iam_role_policy_attachment" "this" {
role = aws_iam_role.this.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
}