fix: Added possibility to specify partition used in iam role policy attachment (#256)

modules/db_instance/README.md

@@ -40,6 +40,7 @@
 | engine\_version | The engine version to use | `string` | n/a | yes |
 | final\_snapshot\_identifier | The name of your final DB snapshot when this DB instance is deleted. | `string` | `null` | no |
 | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no |
+| iam\_partition | IAM Partition to use when generating ARN's. For most regions this can be left at default. China/Govcloud use different partitions | `string` | `"aws"` | no |
 | identifier | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | `string` | n/a | yes |
 | instance\_class | The instance type of the RDS instance | `string` | n/a | yes |
 | iops | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1' | `number` | `0` | no |

modules/db_instance/main.tf

@@ -33,7 +33,7 @@ resource "aws_iam_role_policy_attachment" "enhanced_monitoring" {
   count = var.create_monitoring_role ? 1 : 0
 
   role       = aws_iam_role.enhanced_monitoring[0].name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+  policy_arn = "arn:${var.iam_partition}:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
 }
 
 resource "aws_db_instance" "this" {

modules/db_instance/variables.tf

@@ -297,3 +297,9 @@ variable "delete_automated_backups" {
   type        = bool
   default     = true
 }
+
+variable "iam_partition" {
+  description = "IAM Partition to use when generating ARN's. For most regions this can be left at default. China/Govcloud use different partitions"
+  type        = string
+  default     = "aws"
+}