From 337cffa95010804c90a36c9f16a52bb447510e6a Mon Sep 17 00:00:00 2001 From: Benedikt Brauneck Date: Mon, 7 Apr 2025 08:32:01 +0200 Subject: [PATCH] fix: logging and performance metrics --- README.md | 13 +++++++------ main.tf | 50 ++++++++++++++++++++++++++------------------------ variables.tf | 4 ++++ 3 files changed, 37 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index ed46be7..0885f35 100644 --- a/README.md +++ b/README.md @@ -136,15 +136,16 @@ Please be aware that this is mainly a copy operation which means all your curren | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [backup](#input\_backup) | The backup configuration for the RDS instance | 
object({
    enabled        = bool
    retention_days = number
  })
| n/a | yes | -| [context](#input\_context) | Default context for naming and tagging purpose | 
object({
    organization = string
    environment  = string
    account      = string
    product      = string
    tags         = map(string)
  })
| n/a | yes | +| [backup](#input\_backup) | The backup configuration for the RDS instance | 
object({
    enabled        = bool
    retention_days = number
  })
| n/a | yes | +| [backup\_kms\_key](#input\_backup\_kms\_key) | The backup kms key for AWS RDS | `string` | n/a | yes | +| [context](#input\_context) | Default context for naming and tagging purpose | 
object({
    organization = string
    environment  = string
    account      = string
    product      = string
    tags         = map(string)
  })
| n/a | yes | | [enable\_performance\_insights](#input\_enable\_performance\_insights) | Whether to enable Performance Insights | `bool` | n/a | yes | -| [instance](#input\_instance) | The RDS instance to create | 
object({
    type                 = string
    engine               = string
    engine_version       = string
    major_engine_version = string
    family               = string
    multi_az             = bool
    publicly_accessible  = bool
    deletion_protection  = bool
    allow_upgrades       = bool
    port                 = number
  })
| n/a | yes | -| [logging](#input\_logging) | The logging configuration for the RDS instance | 
object({
    enabled = bool
    types   = set(string)
  })
| n/a | yes | +| [instance](#input\_instance) | The RDS instance to create | 
object({
    type                 = string
    engine               = string
    engine_version       = string
    major_engine_version = string
    family               = string
    multi_az             = bool
    publicly_accessible  = bool
    deletion_protection  = bool
    allow_upgrades       = bool
    port                 = number
  })
| n/a | yes | +| [logging](#input\_logging) | The logging configuration for the RDS instance | 
object({
    enabled = bool
    types   = set(string)
  })
| n/a | yes | | [name](#input\_name) | The name of the RDS instance | `string` | n/a | yes | | [parameters](#input\_parameters) | The parameters to pass to the RDS instance | `map(string)` | n/a | yes | -| [storage](#input\_storage) | The storage configuration for the RDS instance | 
object({
    max_allocated_storage = number
    allocated_storage     = number
    kms_arn               = string
  })
| n/a | yes | -| [vpc](#input\_vpc) | The VPC to create the RDS instance in | 
object({
    id              = string
    subnets         = list(string)
    security_groups = list(string)
  })
| n/a | yes | +| [storage](#input\_storage) | The storage configuration for the RDS instance | 
object({
    max_allocated_storage = number
    allocated_storage     = number
    kms_arn               = string
  })
| n/a | yes | +| [vpc](#input\_vpc) | The VPC to create the RDS instance in | 
object({
    id              = string
    subnets         = list(string)
    security_groups = list(string)
  })
| n/a | yes | ## Outputs diff --git a/main.tf b/main.tf index 8a71439..eb6d5ba 100644 --- a/main.tf +++ b/main.tf @@ -50,34 +50,36 @@ resource "aws_db_option_group" "this" { } } resource "aws_db_instance" "this" { - engine = var.instance.engine - engine_version = var.instance.engine_version - instance_class = var.instance.type - identifier = module.this_label.id - username = local.admin_user - password = random_password.this.result - skip_final_snapshot = false - allocated_storage = var.storage.allocated_storage - max_allocated_storage = var.storage.max_allocated_storage - storage_encrypted = var.storage.kms_arn != "" - kms_key_id = var.storage.kms_arn - final_snapshot_identifier = module.this_label_snapshot.id - multi_az = var.instance.multi_az - publicly_accessible = var.instance.publicly_accessible - deletion_protection = var.instance.deletion_protection - auto_minor_version_upgrade = var.instance.allow_upgrades - allow_major_version_upgrade = true - db_subnet_group_name = aws_db_subnet_group.this.id - parameter_group_name = aws_db_parameter_group.this.id - option_group_name = aws_db_option_group.this.id - maintenance_window = var.backup.enabled == true ? "Mon:00:00-Mon:03:00" : null - backup_window = var.backup.enabled == true ? "03:00-06:00" : null - backup_retention_period = var.backup.enabled == true ? var.backup.retention_days : 0 + engine = var.instance.engine + engine_version = var.instance.engine_version + instance_class = var.instance.type + identifier = module.this_label.id + username = local.admin_user + password = random_password.this.result + skip_final_snapshot = false + allocated_storage = var.storage.allocated_storage + max_allocated_storage = var.storage.max_allocated_storage + storage_encrypted = var.storage.kms_arn != "" + kms_key_id = var.storage.kms_arn + final_snapshot_identifier = module.this_label_snapshot.id + multi_az = var.instance.multi_az + publicly_accessible = var.instance.publicly_accessible + deletion_protection = var.instance.deletion_protection + auto_minor_version_upgrade = var.instance.allow_upgrades + allow_major_version_upgrade = true + db_subnet_group_name = aws_db_subnet_group.this.id + parameter_group_name = aws_db_parameter_group.this.id + option_group_name = aws_db_option_group.this.id + maintenance_window = var.backup.enabled == true ? "Mon:00:00-Mon:03:00" : null + backup_window = var.backup.enabled == true ? "03:00-06:00" : null + backup_retention_period = var.backup.enabled == true ? var.backup.retention_days : 0 + vpc_security_group_ids = var.vpc.security_groups performance_insights_enabled = var.enable_performance_insights apply_immediately = true iam_database_authentication_enabled = true - enabled_cloudwatch_logs_exports = var.logging.types + enabled_cloudwatch_logs_exports = var.instance.engine == "mariadb" ? ["audit", "error", "general", "slowquery"] : var.instance.engine == "postgres" ? ["postgresql", "upgrade"] : [] + tags = { Name = module.this_label.id Restriction = "Restricted" diff --git a/variables.tf b/variables.tf index 7470a6c..cdcd907 100644 --- a/variables.tf +++ b/variables.tf @@ -33,6 +33,10 @@ variable "storage" { }) description = "The storage configuration for the RDS instance" } +variable "backup_kms_key" { + type = string + description = "The backup kms key for AWS RDS" +} variable "backup" { type = object({ enabled = bool