Added support for enabled cloudwatch logs exports (fixes #70) (#74)

8c75d364 · Anton Babenko · GitHub · 3dde4065 · 8c75d364 · 8c75d364
Commit 8c75d364 authored Aug 18, 2018 by Anton Babenko Committed by GitHub Aug 18, 2018
7 changed files
--- a/README.md
+++ b/README.md
@@ -143,6 +143,7 @@ module "db" {
 | create_db_subnet_group | Whether to create a database subnet group | string | `true` | no |
 | create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | string | `false` | no |
 | db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string | `` | no |
+| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace. | string | `<list>` | no |
 | engine | The database engine to use | string | - | yes |
 | engine_version | The engine version to use | string | - | yes |
 | family | The family of the DB parameter group | string | `` | no |

--- a/examples/complete-mysql/main.tf
+++ b/examples/complete-mysql/main.tf
@@ -52,6 +52,8 @@ module "db" {
    Environment = "dev"
  }
+  enabled_cloudwatch_logs_exports = ["general", "audit"]
  # DB subnet group
  subnet_ids = ["${data.aws_subnet_ids.all.ids}"]

--- a/main.tf
+++ b/main.tf
@@ -100,6 +100,7 @@ module "db_instance" {
  timezone                        = "${var.timezone}"
  character_set_name              = "${var.character_set_name}"
+  enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}"
  timeouts = "${var.timeouts}"

--- a/modules/db_instance/README.md
+++ b/modules/db_instance/README.md
@@ -18,6 +18,7 @@
 | create | Whether to create this resource or not? | string | `true` | no |
 | create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | string | `false` | no |
 | db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string | `` | no |
+| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace. | string | `<list>` | no |
 | engine | The database engine to use | string | - | yes |
 | engine_version | The engine version to use | string | - | yes |
 | final_snapshot_identifier | The name of your final DB snapshot when this DB instance is deleted. | string | `false` | no |

--- a/modules/db_instance/main.tf
+++ b/modules/db_instance/main.tf
@@ -65,6 +65,8 @@ resource "aws_db_instance" "this" {
  character_set_name = "${var.character_set_name}"
+  enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}"
  timeouts = "${var.timeouts}"
  tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}"
@@ -119,6 +121,8 @@ resource "aws_db_instance" "this_mssql" {
  timezone = "${var.timezone}"
+  enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}"
  timeouts = "${var.timeouts}"
  tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}"

--- a/modules/db_instance/variables.tf
+++ b/modules/db_instance/variables.tf
@@ -193,6 +193,11 @@ variable "character_set_name" {
  default     = ""
 }
+variable "enabled_cloudwatch_logs_exports" {
+  description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace."
+  default     = []
+}
 variable "timeouts" {
  description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times"
  type        = "map"

--- a/variables.tf
+++ b/variables.tf
@@ -243,6 +243,11 @@ variable "character_set_name" {
  default     = ""
 }
+variable "enabled_cloudwatch_logs_exports" {
+  description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace."
+  default     = []
+}
 variable "timeouts" {
  description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times"
  type        = "map"