chore: update example projects (#298)

5884803f · Bryant Biggs · GitHub · 8bae97d3 · 5884803f · 5884803f
Commit 5884803f authored Mar 08, 2021 by Bryant Biggs Committed by GitHub Mar 08, 2021
16 changed files
--- a/examples/complete-mssql/README.md
+++ b/examples/complete-mssql/README.md
@@ -35,6 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
@@ -44,9 +46,6 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
 | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/complete-mssql/main.tf
+++ b/examples/complete-mssql/main.tf
 provider "aws" {
-  region = "us-east-1"
+  region = local.region
 }
 locals {
+  name   = "complete-mssql"
+  region = "eu-west-1"
  tags = {
    Owner       = "user"
    Environment = "dev"
  }
 }
-##############################################################
+################################################################################
-# Data sources to get VPC, subnets and security group details
+# Supporting Resources
-##############################################################
+################################################################################
-data "aws_vpc" "default" {
-  default = true
+module "vpc" {
-}
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
-data "aws_subnet_ids" "all" {
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
-  vpc_id = data.aws_vpc.default.id
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Complete SqlServer example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 1433
+      to_port     = 1433
+      protocol    = "tcp"
+      description = "SqlServer access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-#####################################
+################################################################################
 # IAM Role for Windows Authentication
-#####################################
+################################################################################
 data "aws_iam_policy_document" "rds_assume_role" {
  statement {
@@ -58,9 +87,9 @@ resource "aws_iam_role_policy_attachment" "rds_directory_services" {
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
 }
-##########################################
+################################################################################
 # AWS Directory Service (Acitve Directory)
-##########################################
+################################################################################
 resource "aws_directory_service_directory" "demo" {
  name     = "corp.demo.com"
@@ -69,63 +98,61 @@ resource "aws_directory_service_directory" "demo" {
  type     = "MicrosoftAD"
  vpc_settings {
-    vpc_id = data.aws_vpc.default.id
+    vpc_id = module.vpc.vpc_id
    # Only 2 subnets, must be in different AZs
-    subnet_ids = slice(tolist(data.aws_subnet_ids.all.ids), 0, 2)
+    subnet_ids = slice(tolist(module.vpc.database_subnets), 0, 2)
  }
  tags = local.tags
 }
-#####
+################################################################################
-# DB
+# RDS Module
-#####
+################################################################################
 module "db" {
  source = "../../"
-  identifier = "demodb"
+  identifier = local.name
  engine               = "sqlserver-ex"
-  engine_version    = "14.00.1000.169.v1"
+  engine_version       = "15.00.4073.23.v1"
-  instance_class    = "db.t2.medium"
+  family               = "sqlserver-ex-15.0" # DB parameter group
+  major_engine_version = "15.00"             # DB option group
+  instance_class       = "db.t3.large"
  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false
-  name     = null # "demodb"
+  name     = null
-  username = "demouser"
+  username = "complete_mssql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "1433"
+  port     = 1433
  domain               = aws_directory_service_directory.demo.id
  domain_iam_role_name = aws_iam_role.rds_ad_auth.name
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["error"]
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
-  tags = local.tags
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
-  # DB subnet group
+  create_monitoring_role                = true
-  subnet_ids = data.aws_subnet_ids.all.ids
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
+  options                   = []
  create_db_parameter_group = false
  license_model             = "license-included"
+  timezone                  = "GMT Standard Time"
-  timezone = "Central Standard Time"
+  tags = local.tags
-  # Database Deletion Protection
-  deletion_protection = false
-  # DB options
-  major_engine_version = "14.00"
-  options = []
 }
--- a/examples/complete-mysql/README.md
+++ b/examples/complete-mysql/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
 ## Providers
-| Name | Version |
+No provider.
-|------|---------|
-| aws | >= 2.49 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
-| Name |
+No resources.
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/complete-mysql/main.tf
+++ b/examples/complete-mysql/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
-##############################################################
+locals {
-# Data sources to get VPC, subnets and security group details
+  name   = "complete-mysql"
-##############################################################
+  region = "eu-west-1"
-data "aws_vpc" "default" {
+  tags = {
-  default = true
+    Owner       = "user"
+    Environment = "dev"
+  }
 }
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Complete MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-#####
+################################################################################
-# DB
+# RDS Module
-#####
+################################################################################
 module "db" {
  source = "../../"
-  identifier = "demodb"
+  identifier = local.name
  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
-  engine_version    = "5.7.19"
+  engine_version       = "8.0.20"
-  instance_class    = "db.t2.large"
+  family               = "mysql8.0" # DB parameter group
-  allocated_storage = 5
+  major_engine_version = "8.0"      # DB option group
+  instance_class       = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false
-  # kms_key_id        = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
+  name     = "completeMysql"
-  name     = "demodb"
+  username = "complete_mysql"
-  username = "user"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "3306"
+  port     = 3306
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["general"]
-  multi_az = true
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
-  enabled_cloudwatch_logs_exports = ["audit", "general"]
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-  # DB parameter group
-  family = "mysql5.7"
-  # DB option group
-  major_engine_version = "5.7"
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
-  # Database Deletion Protection
  deletion_protection       = false
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
  parameters = [
    {
      name  = "character_set_client"
@@ -98,4 +122,6 @@ module "db" {
      ]
    },
  ]
+  tags = local.tags
 }
--- a/examples/complete-oracle/README.md
+++ b/examples/complete-oracle/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
 ## Providers
-| Name | Version |
+No provider.
-|------|---------|
-| aws | >= 2.49 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
-| Name |
+No resources.
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/complete-oracle/main.tf
+++ b/examples/complete-oracle/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
-##############################################################
+locals {
-# Data sources to get VPC, subnets and security group details
+  name   = "complete-oracle"
-##############################################################
+  region = "eu-west-1"
-data "aws_vpc" "default" {
+  tags = {
-  default = true
+    Owner       = "user"
+    Environment = "dev"
+  }
 }
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Complete Oracle example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 1521
+      to_port     = 1521
+      protocol    = "tcp"
+      description = "Oracle access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-#####
+################################################################################
-# DB
+# RDS Module
-#####
+################################################################################
 module "db" {
  source = "../../"
@@ -28,45 +65,39 @@ module "db" {
  engine               = "oracle-ee"
  engine_version       = "12.1.0.2.v8"
-  instance_class    = "db.t2.large"
+  family               = "oracle-ee-12.1" # DB parameter group
-  allocated_storage = 10
+  major_engine_version = "12.1"           # DB option group
-  storage_encrypted = false
+  instance_class       = "db.t3.large"
  license_model        = "bring-your-own-license"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  storage_encrypted     = false
  # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
-  name                                = "DEMODB"
+  name     = "COMPLETEORACLE"
-  username                            = "something_like_user"
+  username = "complete_oracle"
  password = "YourPwdShouldBeLongAndSecure!"
-  port                                = "1521"
+  port     = 1521
-  iam_database_authentication_enabled = false
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
-  vpc_security_group_ids = [data.aws_security_group.default.id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["alert", "audit"]
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
-  tags = {
+  performance_insights_enabled          = true
-    Owner       = "user"
+  performance_insights_retention_period = 7
-    Environment = "dev"
+  create_monitoring_role                = true
-  }
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-  # DB parameter group
-  family = "oracle-ee-12.1"
-  # DB option group
-  major_engine_version = "12.1"
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
  # See here for support character sets https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html
  character_set_name = "AL32UTF8"
-  # Database Deletion Protection
+  tags = local.tags
-  deletion_protection = false
 }
--- a/examples/complete-postgres/README.md
+++ b/examples/complete-postgres/README.md
@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
 ## Providers
-| Name | Version |
+No provider.
-|------|---------|
-| aws | >= 2.49 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
-| Name |
+No resources.
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/complete-postgres/main.tf
+++ b/examples/complete-postgres/main.tf
 provider "aws" {
-  region = "us-west-1"
+  region = local.region
 }
-##############################################################
+locals {
-# Data sources to get VPC, subnets and security group details
+  name   = "complete-postgresql"
-##############################################################
+  region = "eu-west-1"
-data "aws_vpc" "default" {
+  tags = {
-  default = true
+    Owner       = "user"
+    Environment = "dev"
+  }
 }
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Complete PostgreSQL example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-#####
+################################################################################
-# DB
+# RDS Module
-#####
+################################################################################
 module "db" {
  source = "../../"
-  identifier = "demodb-postgres"
+  identifier = local.name
+  # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts
  engine               = "postgres"
-  engine_version    = "11.6"
+  engine_version       = "11.10"
-  instance_class    = "db.t2.large"
+  family               = "postgres11" # DB parameter group
-  allocated_storage = 5
+  major_engine_version = "11"         # DB option group
-  storage_encrypted = false
+  instance_class       = "db.t3.large"
-  # kms_key_id        = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
+  allocated_storage     = 20
-  name = "demodb"
+  max_allocated_storage = 100
+  storage_encrypted     = false
  # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
  # "Error creating DB Instance: InvalidParameterValue: MasterUsername
  # user cannot be used as it is a reserved word used by the engine"
-  username = "demouser"
+  name     = "completePostgresql"
+  username = "complete_postgresql"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "5432"
+  port     = 5432
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
-  # disable backups to create DB faster
-  backup_retention_period = 0
-  tags = {
-    Owner       = "user"
-    Environment = "dev"
-  }
  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
-  # DB subnet group
+  backup_retention_period   = 0
-  subnet_ids = data.aws_subnet_ids.all.ids
+  final_snapshot_identifier = local.name
-  # DB parameter group
-  family = "postgres11"
-  # DB option group
-  major_engine_version = "11"
-  # Snapshot name upon DB deletion
-  final_snapshot_identifier = "demodb"
-  # Database Deletion Protection
  deletion_protection       = false
  performance_insights_enabled          = true
  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+  parameters = [
+    {
+      name  = "autovacuum"
+      value = true
+    },
+    {
+      name  = "client_encoding"
+      value = "utf8"
+    }
+  ]
+  tags = local.tags
 }
--- a/examples/enhanced-monitoring/README.md
+++ b/examples/enhanced-monitoring/README.md
@@ -37,6 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
@@ -45,9 +47,6 @@ Note that this example may create resources which cost money. Run `terraform des
 | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
 | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
 | [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/enhanced-monitoring/main.tf
+++ b/examples/enhanced-monitoring/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
-##############################################################
+locals {
-# Data sources to get VPC, subnets and security group details
+  name   = "enhanced-monitoring"
-##############################################################
+  region = "eu-west-1"
-data "aws_vpc" "default" {
+  tags = {
-  default = true
+    Owner       = "user"
+    Environment = "dev"
+  }
 }
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Enhanced monitoring MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-##################################################
+################################################################################
 # Create an IAM role to allow enhanced monitoring
-##################################################
+################################################################################
 resource "aws_iam_role" "rds_enhanced_monitoring" {
  name_prefix        = "rds-enhanced-monitoring-"
  assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json
@@ -46,48 +83,50 @@ data "aws_iam_policy_document" "rds_enhanced_monitoring" {
  }
 }
-#####
+################################################################################
-# DB
+# RDS Module
-#####
+################################################################################
 module "db" {
  source = "../../"
-  identifier = "demodb-enhanced-monitoring"
+  identifier = local.name
+  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
-  engine_version    = "5.7.25"
+  engine_version       = "8.0.20"
-  instance_class    = "db.t2.large"
+  family               = "mysql8.0" # DB parameter group
-  allocated_storage = 5
+  major_engine_version = "8.0"      # DB option group
+  instance_class       = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false
-  # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
+  name     = "completeMysql"
-  name                   = "demodb"
+  username = "complete_mysql"
-  username               = "user"
  password = "YourPwdShouldBeLongAndSecure!"
-  port                   = "3306"
+  port     = 3306
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["audit", "general"]
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
-  tags = {
+  # Enhanced monitoring
-    Owner       = "user"
+  monitoring_interval = 30
-    Environment = "dev"
-  }
-  # DB subnet group
-  subnet_ids = data.aws_subnet_ids.all.ids
-  # DB parameter group
-  family = "mysql5.7"
-  # DB option group
-  major_engine_version = "5.7"
-  monitoring_interval  = "30"
  monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn
-  # Database Deletion Protection
+  performance_insights_enabled          = true
-  deletion_protection = false
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+  tags = local.tags
 }
--- a/examples/replica-mysql/README.md
+++ b/examples/replica-mysql/README.md
@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des
 ## Providers
-| Name | Version |
+No provider.
-|------|---------|
-| aws | >= 2.49 |
 ## Modules
@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | master | ../../ |  |
 | replica | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
-| Name |
+No resources.
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/replica-mysql/main.tf
+++ b/examples/replica-mysql/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
-####################################
-# Variables common to both instnaces
-####################################
 locals {
+  name   = "replica-mysql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
  engine                = "mysql"
-  engine_version    = "5.7.19"
+  engine_version        = "8.0.20"
-  instance_class    = "db.t2.large"
+  family                = "mysql8.0" # DB parameter group
-  allocated_storage = 5
+  major_engine_version  = "8.0"      # DB option group
-  port              = "3306"
+  instance_class        = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  port                  = 3306
 }
-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
-}
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Replica MySQL example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 3306
+      to_port     = 3306
+      protocol    = "tcp"
+      description = "MySQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-###########
+################################################################################
 # Master DB
-###########
+################################################################################
 module "master" {
  source = "../../"
-  identifier = "demodb-master-mysql"
+  identifier = "${local.name}-master"
  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false
-  name     = "demodb"
+  name     = "replicaMysql"
-  username = "user"
+  username = "replica_mysql"
  password = "YourPwdShouldBeLongAndSecure!"
  port     = local.port
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["general"]
-  multi_az = true
  # Backups are required in order to create a replica
  backup_retention_period   = 1
+  final_snapshot_identifier = local.name
-  # DB subnet group
+  deletion_protection       = false
-  subnet_ids = data.aws_subnet_ids.all.ids
  create_db_option_group    = false
  create_db_parameter_group = false
+  tags = local.tags
 }
-############
+################################################################################
 # Replica DB
-############
+################################################################################
 module "replica" {
  source = "../../"
-  identifier = "demodb-replica-mysql"
+  identifier = "${local.name}-replica"
  # Source database. For cross-region use this_db_instance_arn
  replicate_source_db = module.master.this_db_instance_id
  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false
  # Username and password should not be set for replicas
  username = ""
  password = ""
  port     = local.port
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Tue:00:00-Tue:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["general"]
-  multi_az = false
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
  # Not allowed to specify a subnet group for replicas in the same region
  create_db_subnet_group    = false
  create_db_option_group    = false
  create_db_parameter_group = false
+  tags = local.tags
 }
--- a/examples/replica-postgres/README.md
+++ b/examples/replica-postgres/README.md
@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des
 ## Providers
-| Name | Version |
+No provider.
-|------|---------|
-| aws | >= 2.49 |
 ## Modules
@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | master | ../../ |  |
 | replica | ../../ |  |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources
-| Name |
+No resources.
-|------|
-| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
-| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
-| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
 ## Inputs

--- a/examples/replica-postgres/main.tf
+++ b/examples/replica-postgres/main.tf
 provider "aws" {
-  region = "eu-west-1"
+  region = local.region
 }
-####################################
-# Variables common to both instnaces
-####################################
 locals {
+  name   = "replica-postgresql"
+  region = "eu-west-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
  engine                = "postgres"
-  engine_version    = "9.6.9"
+  engine_version        = "11.10"
-  instance_class    = "db.t2.large"
+  family                = "postgres11" # DB parameter group
-  allocated_storage = 5
+  major_engine_version  = "11"         # DB option group
-  port              = "5432"
+  instance_class        = "db.t3.large"
+  allocated_storage     = 20
+  max_allocated_storage = 100
+  port                  = 5432
 }
-##############################################################
-# Data sources to get VPC, subnets and security group details
-##############################################################
-data "aws_vpc" "default" {
-  default = true
-}
-data "aws_subnet_ids" "all" {
+################################################################################
-  vpc_id = data.aws_vpc.default.id
+# Supporting Resources
+################################################################################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2"
+  name = local.name
+  cidr = "10.99.0.0/18"
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+  create_database_subnet_group = true
+  tags = local.tags
 }
-data "aws_security_group" "default" {
+module "security_group" {
-  vpc_id = data.aws_vpc.default.id
+  source  = "terraform-aws-modules/security-group/aws"
-  name   = "default"
+  version = "~> 3"
+  name        = local.name
+  description = "Replica PostgreSQL example security group"
+  vpc_id      = module.vpc.vpc_id
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  tags = local.tags
 }
-###########
+################################################################################
 # Master DB
-###########
+################################################################################
 module "master" {
  source = "../../"
-  identifier = "demodb-master-postgres"
+  identifier = "${local.name}-master"
  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false
-  name     = "demodbpostgres"
+  name     = "replicaPostgresql"
-  username = "demouser"
+  username = "replica_postgresql"
  password = "YourPwdShouldBeLongAndSecure!"
  port     = local.port
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = true
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Mon:00:00-Mon:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
  # Backups are required in order to create a replica
  backup_retention_period   = 1
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
-  # DB subnet group
+  tags = local.tags
-  subnet_ids = data.aws_subnet_ids.all.ids
-  create_db_option_group    = false
-  create_db_parameter_group = false
 }
-############
+################################################################################
 # Replica DB
-############
+################################################################################
 module "replica" {
  source = "../../"
-  identifier = "demodb-replica-postgres"
+  identifier = "${local.name}-replica"
  # Source database. For cross-region use this_db_instance_arn
  replicate_source_db = module.master.this_db_instance_id
  engine               = local.engine
  engine_version       = local.engine_version
+  family               = local.family
+  major_engine_version = local.major_engine_version
  instance_class       = local.instance_class
  allocated_storage     = local.allocated_storage
+  max_allocated_storage = local.max_allocated_storage
+  storage_encrypted     = false
-  # Username and password must not be set for replicas
+  # Username and password should not be set for replicas
  username = ""
  password = ""
  port     = local.port
-  vpc_security_group_ids = [data.aws_security_group.default.id]
+  multi_az               = false
+  subnet_ids             = module.vpc.database_subnets
+  vpc_security_group_ids = [module.security_group.this_security_group_id]
  maintenance_window              = "Tue:00:00-Tue:03:00"
  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
-  # disable backups to create DB faster
  backup_retention_period   = 0
+  final_snapshot_identifier = local.name
+  deletion_protection       = false
  # Not allowed to specify a subnet group for replicas in the same region
  create_db_subnet_group = false
-  create_db_option_group    = false
+  tags = local.tags
-  create_db_parameter_group = false
 }
--- a/examples/s3-import-mysql/README.md
+++ b/examples/s3-import-mysql/README.md
@@ -64,9 +64,9 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | db | ../../ |  |
-| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | 1.17.0 |
+| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | ~> 1 |
-| security_group | terraform-aws-modules/security-group/aws | ~> 3.17 |
+| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
-| vpc | terraform-aws-modules/vpc/aws | 2.70.0 |
+| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
 ## Resources

--- a/examples/s3-import-mysql/main.tf
+++ b/examples/s3-import-mysql/main.tf
@@ -21,7 +21,7 @@ resource "random_pet" "this" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "2.70.0"
+  version = "~> 2"
  name = local.name
  cidr = "10.0.0.0/18"
@@ -32,8 +32,6 @@ module "vpc" {
  database_subnets = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"]
  create_database_subnet_group = true
-  enable_nat_gateway           = true
-  single_nat_gateway           = true
  enable_dns_hostnames = true
  enable_dns_support   = true
@@ -44,7 +42,7 @@ module "vpc" {
 module "security_group" {
  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 3.17"
+  version = "~> 3"
  name        = local.name
  description = "S3 import VPC example security group"
@@ -85,7 +83,7 @@ module "security_group" {
 module "import_s3_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "1.17.0"
+  version = "~> 1"
  bucket        = "${local.name}-${random_pet.this.id}"
  acl           = "private"
@@ -161,18 +159,21 @@ module "db" {
  identifier = local.name
+  # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
  engine               = "mysql"
  engine_version       = "8.0.20"
-  family               = "mysql8.0"
+  family               = "mysql8.0" # DB parameter group
-  major_engine_version = "8.0"
+  major_engine_version = "8.0"      # DB option group
  instance_class       = "db.t3.large"
  allocated_storage     = 20
+  max_allocated_storage = 100
  storage_encrypted     = false
  name     = "s3Import"
  username = "s3_import_user"
  password = "YourPwdShouldBeLongAndSecure!"
-  port     = "3306"
+  port     = 3306
  # S3 import https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html
  s3_import = {
@@ -193,8 +194,5 @@ module "db" {
  final_snapshot_identifier = local.name
  deletion_protection       = false
-  tags = {
+  tags = local.tags
-    Owner       = "user"
-    Environment = "dev"
-  }
 }