v0.23.0

add variable certificate change @rabihaggle (#72)

what

We need to have the possibility to select the certificate we need to use, or directly the default amazon one.

why

Because https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

references

Please read the link -> https://docs.aws.amazon.com/es_es/documentdb/latest/developerguide/ca_cert_rotation.html

v0.22.0

Fix: Don't create random_password resource if not enabled. @petur (#44)

what

• Reverse the sense of the enabled variable when deciding the count for the random_password resource.

why

• The sense of the variable was backwards - setting enabled to false meant that the count was always set to 1. A minimal configuration to reproduce this is:

module "disabled_docdb" {
  source = "../../work/terraform-aws-documentdb-cluster"
  enabled = false
  vpc_id = ""
  subnet_ids = []
}

v0.21.0

adding a feature to customize the egress rule @haidargit (#54)

what

• Added 4 new variables egress_source_port, egress_dest_port, egress_protocol, and allowed_egress_cidr_blocks for the "aws_security_group_rule" "egress" resource.
• By default, the egress rule 0.0.0.0/0 will be created. If user is expected to restrict outbound traffic, they can specify the required values.

why

• We propose this PR because there are scenarios where users may want to restrict outbound traffic from their DocDB instances.
• if the DocDB cluster is only used internally and do not need to communicate with wide systems or network, users may want to customize the egress rule for 0.0.0.0/0. By providing the option to customize the egress rule, we are giving users a control over their security posture (compliance). For example, our docdb may only connected with internal applications inside the aws eks cluster, or users may integrate their cloud resources with a third party, such as Prisma Cloud or maybe use tfsec as their security scanner, which prompts users to kindly avoid 0.0.0.0/0 for security best practices.

references

• This PR will help to cover the minimum egress exposure of the security group, including: #34

Thank you

v0.20.0

Support AWS Provider V5 @max-lobur (#63)

what

Support AWS Provider V5
Linter fixes

why

Maintenance

references

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v5.0.0

v0.19.0

Enable intra-security group traffic on DB port @kevcube (#61)

what

• adds variable allow_ingress_from_self which configures the security group to allow traffic within itself on DB port

why

• This is useful in architectures where the db security group will be used to control db access - i.e. it will also be applied to applications.

references

cloudposse/terraform-aws-rds-cluster#145

v0.18.0

Add master_password output to return generated password. @petur (#45)

what

• Add a master_password output for the generated password.

why

• The generated password needs to be stored somewhere so that it's possible to use it to connect to the cluster.
• This can for example be done by storing it in an aws_secretsmanager_secret_version as part of the terraform configuration that creates the cluster.
• Exposing the password as a module output makes it available to other parts of the configuration so that the password can be passed to the resource that stores it.

references

• closes #43

Sync github @max-lobur (#60)

Rebuild github dir from the template

v0.17.1

Sync .github @max-lobur (#58)

Sync github workflows with the template

🚀 Enhancements

fix: propagate `preferred_maintenance_window` to the docdb cluster instances resources @sherifkayad (#57)

propagated preferred_maintenance_window to the docdb cluster instances resources

what

• The maintenance window given as a variable is given to the Terraform Resource aws_docdb_cluster_instance.default such that the cluster and its instances have the same value given by the user
• Closes #55

why

• Without that the cluster instances were having "random" windows that don't match the expectations of "potential" down time
• Users want to be in control of when their databases can go under maintenance not just at any "random" time

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_instance#preferred_maintenance_window

v0.17.0

• No changes

v0.16.0

feat: add enable performance insights @brunordias (#50)

what

• Add optional enable Performance Insights for the DB Instance.

why

• Is very helpful the option to enable Performance Insights for the DB Instance.

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_instance#enable_performance_insights

git.io->cloudposse.tools update @dylanbannon (#46)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

v0.15.0

Generate random password when master_password is empty @dkossako (#42)

what

• If master_password is not provided or empty random value will be used

why

• AWS API requires to provide password
• Secrets should not be kept in repository