chore: update example projects (#298)

5884803f · Bryant Biggs · GitHub · 8bae97d3 · 5884803f · 5884803f
Commit 5884803f authored Mar 08, 2021 by Bryant Biggs Committed by GitHub Mar 08, 2021
16 changed files
--- a/examples/complete-mssql/README.md
+++ b/examples/complete-mssql/README.md
@@ -35,6 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

@@ -44,9 +46,6 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
 | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |

 ## Inputs


--- a/examples/complete-mssql/main.tf
+++ b/examples/complete-mssql/main.tf
 provider "aws" {
-  region = "us-east-1"
+  region = local.region
 }

 locals {
+  name   = "complete-mssql"
+  region = "eu-west-1"
  tags = {
    Owner       = "user"
    Environment = "dev"
  }
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
-}
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Complete SqlServer example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 1433
+      to_port     = 1433
+      protocol    = "tcp"
+      description = "SqlServer access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-#####################################
+################################################################################
 # IAM Role for Windows Authentication
-#####################################
+################################################################################

 data "aws_iam_policy_document" "rds_assume_role" {
  statement {
@@ -58,9 +87,9 @@ resource "aws_iam_role_policy_attachment" "rds_directory_services" {
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
 }

-##########################################
+################################################################################
 # AWS Directory Service (Acitve Directory)
-##########################################
+################################################################################

 resource "aws_directory_service_directory" "demo" {
  name     = "corp.demo.com"
@@ -69,63 +98,61 @@ resource "aws_directory_service_directory" "demo" {
  type     = "MicrosoftAD"

  vpc_settings {
-    vpc_id = data.aws_vpc.default.id
+    vpc_id = module.vpc.vpc_id
    # Only 2 subnets, must be in different AZs
-    subnet_ids = slice(tolist(data.aws_subnet_ids.all.ids), 0, 2)
+    subnet_ids = slice(tolist(module.vpc.database_subnets), 0, 2)
  }

  tags = local.tags
 }

-#####
-# DB
-#####
+################################################################################
+# RDS Module
+################################################################################

 module "db" {
  source = "../../"

-  identifier = "demodb"
+  identifier = local.name

  engine               = "sqlserver-ex"
-  engine_version    = "14.00.1000.169.v1"
-  instance_class    = "db.t2.medium"
+  engine_version       = "15.00.4073.23.v1"
+  family               = "sqlserver-ex-15.0" # DB parameter group
+  major_engine_version = "15.00"             # DB option group
+  instance_class       = "db.t3.large"
+
  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false

-  name     = null # "demodb"
-  username = "demouser"
+  name     = null
+  username = "complete_mssql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "1433"
+  port     = 1433

  domain               = aws_directory_service_directory.demo.id
  domain_iam_role_name = aws_iam_role.rds_ad_auth.name

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["error"]

-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

-  tags = local.tags
-
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true

+  options                   = []
  create_db_parameter_group = false
  license_model             = "license-included"
+  timezone                  = "GMT Standard Time"

-  timezone = "Central Standard Time"
-
-  # Database Deletion Protection
-  deletion_protection = false
-
-  # DB options
-  major_engine_version = "14.00"
-
-  options = []
+  tags = local.tags
 }
--- a/examples/complete-mysql/README.md
+++ b/examples/complete-mysql/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des

 ## Providers

-| Name | Version |
-|------|---------|
-| aws | >= 2.49 |
+No provider.

 ## Modules

 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
+No resources.

 ## Inputs


--- a/examples/complete-mysql/main.tf
+++ b/examples/complete-mysql/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
+locals {
+  name   = "complete-mysql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
 }

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Complete MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-#####
-# DB
-#####
+################################################################################
+# RDS Module
+################################################################################
+
 module "db" {
  source = "../../"

-  identifier = "demodb"
+  identifier = local.name

  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
-  engine_version    = "5.7.19"
-  instance_class    = "db.t2.large"
-  allocated_storage = 5
+  engine_version       = "8.0.20"
+  family               = "mysql8.0" # DB parameter group
+  major_engine_version = "8.0"      # DB option group
+  instance_class       = "db.t3.large"
+
+  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false

-  # kms_key_id        = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
-  name     = "demodb"
-  username = "user"
+  name     = "completeMysql"
+  username = "complete_mysql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "3306"
+  port     = 3306

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["general"]

-  multi_az = true
-
-  # disable backups to create DB faster
  backup_retention_period   = 0
-
-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-
-  enabled_cloudwatch_logs_exports = ["audit", "general"]
-
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  # DB parameter group
-  family = "mysql5.7"
-
-  # DB option group
-  major_engine_version = "5.7"
-
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
-
-  # Database Deletion Protection
+  final_snapshot_identifier = local.name
  deletion_protection       = false

+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+
  parameters = [
    {
      name  = "character_set_client"
@@ -98,4 +122,6 @@ module "db" {
      ]
    },
  ]
+
+  tags = local.tags
 }
--- a/examples/complete-oracle/README.md
+++ b/examples/complete-oracle/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des

 ## Providers

-| Name | Version |
-|------|---------|
-| aws | >= 2.49 |
+No provider.

 ## Modules

 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
+No resources.

 ## Inputs


--- a/examples/complete-oracle/main.tf
+++ b/examples/complete-oracle/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
+locals {
+  name   = "complete-oracle"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
 }

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Complete Oracle example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 1521
+      to_port     = 1521
+      protocol    = "tcp"
+      description = "Oracle access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-#####
-# DB
-#####
+################################################################################
+# RDS Module
+################################################################################
+
 module "db" {
  source = "../../"

@@ -28,45 +65,39 @@ module "db" {

  engine               = "oracle-ee"
  engine_version       = "12.1.0.2.v8"
-  instance_class    = "db.t2.large"
-  allocated_storage = 10
-  storage_encrypted = false
+  family               = "oracle-ee-12.1" # DB parameter group
+  major_engine_version = "12.1"           # DB option group
+  instance_class       = "db.t3.large"
  license_model        = "bring-your-own-license"

+  allocated_storage     = 20
+  max_allocated_storage = 100
+  storage_encrypted     = false
+
  # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
-  name                                = "DEMODB"
-  username                            = "something_like_user"
+  name     = "COMPLETEORACLE"
+  username = "complete_oracle"
  password = "YourPwdShouldBeLongAndSecure!"
-  port                                = "1521"
-  iam_database_authentication_enabled = false
+  port     = 1521
+
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

-  vpc_security_group_ids = [data.aws_security_group.default.id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["alert", "audit"]

-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  # DB parameter group
-  family = "oracle-ee-12.1"
-
-  # DB option group
-  major_engine_version = "12.1"
-
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true

  # See here for support character sets https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html
  character_set_name = "AL32UTF8"

-  # Database Deletion Protection
-  deletion_protection = false
+  tags = local.tags
 }
--- a/examples/complete-postgres/README.md
+++ b/examples/complete-postgres/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des

 ## Providers

-| Name | Version |
-|------|---------|
-| aws | >= 2.49 |
+No provider.

 ## Modules

 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
+No resources.

 ## Inputs


--- a/examples/complete-postgres/main.tf
+++ b/examples/complete-postgres/main.tf
 provider "aws" {
-  region = "us-west-1"
+  region = local.region
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
+locals {
+  name   = "complete-postgresql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
 }

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Complete PostgreSQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-#####
-# DB
-#####
+################################################################################
+# RDS Module
+################################################################################
+
 module "db" {
  source = "../../"

-  identifier = "demodb-postgres"
+  identifier = local.name

+  # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts
  engine               = "postgres"
-  engine_version    = "11.6"
-  instance_class    = "db.t2.large"
-  allocated_storage = 5
-  storage_encrypted = false
+  engine_version       = "11.10"
+  family               = "postgres11" # DB parameter group
+  major_engine_version = "11"         # DB option group
+  instance_class       = "db.t3.large"

-  # kms_key_id        = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
-  name = "demodb"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  storage_encrypted     = false

  # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
  # "Error creating DB Instance: InvalidParameterValue: MasterUsername
  # user cannot be used as it is a reserved word used by the engine"
-  username = "demouser"
-
+  name     = "completePostgresql"
+  username = "complete_postgresql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "5432"
+  port     = 5432

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
-
-  # disable backups to create DB faster
-  backup_retention_period = 0
-
-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-
  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]

-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  # DB parameter group
-  family = "postgres11"
-
-  # DB option group
-  major_engine_version = "11"
-
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
-
-  # Database Deletion Protection
+  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
  deletion_protection       = false

  performance_insights_enabled          = true
  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+
+  parameters = [
+    {
+      name  = "autovacuum"
+      value = true
+    },
+    {
+      name  = "client_encoding"
+      value = "utf8"
+    }
+  ]
+
+  tags = local.tags
 }
--- a/examples/enhanced-monitoring/README.md
+++ b/examples/enhanced-monitoring/README.md
@@ -37,6 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

@@ -45,9 +47,6 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
 | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |

 ## Inputs


--- a/examples/enhanced-monitoring/main.tf
+++ b/examples/enhanced-monitoring/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
+locals {
+  name   = "enhanced-monitoring"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
 }

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Enhanced monitoring MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-##################################################
+################################################################################
 # Create an IAM role to allow enhanced monitoring
-##################################################
+################################################################################
+
 resource "aws_iam_role" "rds_enhanced_monitoring" {
  name_prefix        = "rds-enhanced-monitoring-"
  assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json
@@ -46,48 +83,50 @@ data "aws_iam_policy_document" "rds_enhanced_monitoring" {
  }
 }

-#####
-# DB
-#####
+################################################################################
+# RDS Module
+################################################################################
+
 module "db" {
  source = "../../"

-  identifier = "demodb-enhanced-monitoring"
+  identifier = local.name

+  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
-  engine_version    = "5.7.25"
-  instance_class    = "db.t2.large"
-  allocated_storage = 5
+  engine_version       = "8.0.20"
+  family               = "mysql8.0" # DB parameter group
+  major_engine_version = "8.0"      # DB option group
+  instance_class       = "db.t3.large"
+
+  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false

-  # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
-  name                   = "demodb"
-  username               = "user"
+  name     = "completeMysql"
+  username = "complete_mysql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port                   = "3306"
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  port     = 3306
+
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
+
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["audit", "general"]

-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  # DB parameter group
-  family = "mysql5.7"
-
-  # DB option group
-  major_engine_version = "5.7"
-  monitoring_interval  = "30"
+  # Enhanced monitoring
+  monitoring_interval = 30
  monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn

-  # Database Deletion Protection
-  deletion_protection = false
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+
+  tags = local.tags
 }
--- a/examples/replica-mysql/README.md
+++ b/examples/replica-mysql/README.md
@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des

 ## Providers

-| Name | Version |
-|------|---------|
-| aws | >= 2.49 |
+No provider.

 ## Modules

@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | master | ../../ |  |
 | replica | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
+No resources.

 ## Inputs


--- a/examples/replica-mysql/main.tf
+++ b/examples/replica-mysql/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }

-####################################
-# Variables common to both instnaces
-####################################
 locals {
+  name   = "replica-mysql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+
  engine                = "mysql"
-  engine_version    = "5.7.19"
-  instance_class    = "db.t2.large"
-  allocated_storage = 5
-  port              = "3306"
+  engine_version        = "8.0.20"
+  family                = "mysql8.0" # DB parameter group
+  major_engine_version  = "8.0"      # DB option group
+  instance_class        = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  port                  = 3306
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
-}

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Replica MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-###########
+################################################################################
 # Master DB
-###########
+################################################################################
+
 module "master" {
  source = "../../"

-  identifier = "demodb-master-mysql"
+  identifier = "${local.name}-master"

  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
+
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false

-  name     = "demodb"
-  username = "user"
+  name     = "replicaMysql"
+  username = "replica_mysql"
  password = "YourPwdShouldBeLongAndSecure!"
  port     = local.port

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
-
-  multi_az = true
+  enabled_cloudwatch_logs_exports = ["general"]

  # Backups are required in order to create a replica
  backup_retention_period   = 1
-
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

  create_db_option_group    = false
  create_db_parameter_group = false
+
+  tags = local.tags
 }

-############
+################################################################################
 # Replica DB
-############
+################################################################################
+
 module "replica" {
  source = "../../"

-  identifier = "demodb-replica-mysql"
+  identifier = "${local.name}-replica"

  # Source database. For cross-region use this_db_instance_arn
  replicate_source_db = module.master.this_db_instance_id

  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
+
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false

  # Username and password should not be set for replicas
  username = ""
  password = ""
  port     = local.port

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Tue:00:00-Tue:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["general"]

-  multi_az = false
-
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

  # Not allowed to specify a subnet group for replicas in the same region
  create_db_subnet_group    = false
-
  create_db_option_group    = false
  create_db_parameter_group = false
+
+  tags = local.tags
 }
--- a/examples/replica-postgres/README.md
+++ b/examples/replica-postgres/README.md
@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des

 ## Providers

-| Name | Version |
-|------|---------|
-| aws | >= 2.49 |
+No provider.

 ## Modules

@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | master | ../../ |  |
 | replica | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources

-| Name |
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
+No resources.

 ## Inputs


--- a/examples/replica-postgres/main.tf
+++ b/examples/replica-postgres/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }

-####################################
-# Variables common to both instnaces
-####################################
 locals {
+  name   = "replica-postgresql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+
  engine                = "postgres"
-  engine_version    = "9.6.9"
-  instance_class    = "db.t2.large"
-  allocated_storage = 5
-  port              = "5432"
+  engine_version        = "11.10"
+  family                = "postgres11" # DB parameter group
+  major_engine_version  = "11"         # DB option group
+  instance_class        = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  port                  = 5432
 }

-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
-}

-data "aws_subnet_ids" "all" {
-  vpc_id = data.aws_vpc.default.id
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
 }

-data "aws_security_group" "default" {
-  vpc_id = data.aws_vpc.default.id
-  name   = "default"
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 3"
+
+  name        = local.name
+  description = "Replica PostgreSQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
 }

-###########
+################################################################################
 # Master DB
-###########
+################################################################################
+
 module "master" {
  source = "../../"

-  identifier = "demodb-master-postgres"
+  identifier = "${local.name}-master"

  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
+
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false

-  name     = "demodbpostgres"
-  username = "demouser"
+  name     = "replicaPostgresql"
+  username = "replica_postgresql"
  password = "YourPwdShouldBeLongAndSecure!"
  port     = local.port

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]

  # Backups are required in order to create a replica
  backup_retention_period   = 1
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-
-  create_db_option_group    = false
-  create_db_parameter_group = false
+  tags = local.tags
 }

-############
+################################################################################
 # Replica DB
-############
+################################################################################
+
 module "replica" {
  source = "../../"

-  identifier = "demodb-replica-postgres"
+  identifier = "${local.name}-replica"

  # Source database. For cross-region use this_db_instance_arn
  replicate_source_db = module.master.this_db_instance_id

  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
+
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false

-  # Username and password must not be set for replicas
+  # Username and password should not be set for replicas
  username = ""
  password = ""
  port     = local.port

-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]

  maintenance_window              = "Tue:00:00-Tue:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]

-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false

  # Not allowed to specify a subnet group for replicas in the same region
  create_db_subnet_group = false

-  create_db_option_group    = false
-  create_db_parameter_group = false
+  tags = local.tags
 }
--- a/examples/s3-import-mysql/README.md
+++ b/examples/s3-import-mysql/README.md
@@ -64,9 +64,9 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
-| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | 1.17.0 |
-| security_group | terraform-aws-modules/security-group/aws | ~> 3.17 |
-| vpc | terraform-aws-modules/vpc/aws | 2.70.0 |
+| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | ~> 1 |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |

 ## Resources


--- a/examples/s3-import-mysql/main.tf
+++ b/examples/s3-import-mysql/main.tf
@@ -21,7 +21,7 @@ resource "random_pet" "this" {

 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "2.70.0"
+  version = "~> 2"

  name = local.name
  cidr = "10.0.0.0/18"
@@ -32,8 +32,6 @@ module "vpc" {
  database_subnets = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"]

  create_database_subnet_group = true
-  enable_nat_gateway           = true
-  single_nat_gateway           = true

  enable_dns_hostnames = true
  enable_dns_support   = true
@@ -44,7 +42,7 @@ module "vpc" {

 module "security_group" {
  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 3.17"
+  version = "~> 3"

  name        = local.name
  description = "S3 import VPC example security group"
@@ -85,7 +83,7 @@ module "security_group" {

 module "import_s3_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "1.17.0"
+  version = "~> 1"

  bucket        = "${local.name}-${random_pet.this.id}"
  acl           = "private"
@@ -161,18 +159,21 @@ module "db" {

  identifier = local.name

+  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
  engine_version       = "8.0.20"
-  family               = "mysql8.0"
-  major_engine_version = "8.0"
+  family               = "mysql8.0" # DB parameter group
+  major_engine_version = "8.0"      # DB option group
  instance_class       = "db.t3.large"
+
  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false

  name     = "s3Import"
  username = "s3_import_user"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "3306"
+  port     = 3306

  # S3 import https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html
  s3_import = {
@@ -193,8 +194,5 @@ module "db" {
  final_snapshot_identifier = local.name
  deletion_protection       = false

-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
+  tags = local.tags
 }