Merge branch 'master' of https://github.com/terraform-aws-modules/terraform-aws-rds

README.md

@@ -39,6 +39,10 @@ module "db" {
   maintenance_window = "Mon:00:00-Mon:03:00"
   backup_window      = "03:00-06:00"
 
+  # Enhanced Monitoring - see example for details on how to create the role
+  monitoring_interval = "30"
+  monitoring_role_arn = "arn:aws:iam::123456789012:role/rds-monitoring-role"
+  
   tags = {
     Owner       = "user"
     Environment = "dev"
@@ -50,6 +54,9 @@ module "db" {
   # DB parameter group
   family = "mysql5.7"
 
+  # Snapshot name upon DB deletion
+  final_snapshot_identifier = "demodb"
+
   parameters = [
     {
       name = "character_set_client"
@@ -68,6 +75,7 @@ Examples
 
 * [Complete RDS example for MySQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/mysql)
 * [Complete RDS example for PostgreSQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/postgres)
+* [Enhanced monitoring example](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/enhanced_monitoring)
 
 Limitations
 -----------
@@ -83,6 +91,7 @@ Authors
 -------
 
 Migrated from `terraform-community-modules/tf_aws_rds`, where it was maintained by [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_rds/graphs/contributors).
+Currently maintained by [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-rds/graphs/contributors).
 Module managed by [Anton Babenko](https://github.com/antonbabenko).
 
 License

examples/complete/mysql/main.tf

@@ -31,27 +31,26 @@ module "db" {
   instance_class    = "db.t2.large"
   allocated_storage = 5
   storage_encrypted = false
+
   # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
 
   name                    = "demodb"
   username                = "user"
   password                = "YourPwdShouldBeLongAndSecure!"
   port                    = "3306"
-
   vpc_security_group_ids  = ["${data.aws_security_group.default.id}"]
-
   maintenance_window      = "Mon:00:00-Mon:03:00"
   backup_window           = "03:00-06:00"
   backup_retention_period = 0                                         // disable backups to create DB faster
-
   tags = {
     Owner       = "user"
     Environment = "dev"
   }
-
   # DB subnet group
   subnet_ids = ["${data.aws_subnet_ids.all.ids}"]
-
   # DB parameter group
   family = "mysql5.7"
+
+  # Snapshot name upon DB deletion
+  final_snapshot_identifier = "demodb"
 }

examples/enhanced_monitoring/README.md

+Enhanced Monitoring example
+===========================
+
+Configuration in this directory creates the additional resources required to use Enhanced Monitoring.
+
+See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html for details
+
+Data sources are used to discover existing VPC resources (VPC, subnet and security group).
+
+Usage
+=====
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.

examples/enhanced_monitoring/main.tf

+provider "aws" {
+  region = "eu-west-1"
+}
+
+##############################################################
+# Data sources to get VPC, subnets and security group details
+##############################################################
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnet_ids" "all" {
+  vpc_id = "${data.aws_vpc.default.id}"
+}
+
+data "aws_security_group" "default" {
+  vpc_id = "${data.aws_vpc.default.id}"
+  name   = "default"
+}
+
+##################################################
+# Create an IAM role to allow enhanced monitoring
+##################################################
+resource "aws_iam_role" "rds_enhanced_monitoring" {
+  name               = "rds-enhanced_monitoring-role"
+  assume_role_policy = "${data.aws_iam_policy_document.rds_enhanced_monitoring.json}"
+}
+
+resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
+  role       = "${aws_iam_role.rds_enhanced_monitoring.name}"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+}
+
+data "aws_iam_policy_document" "rds_enhanced_monitoring" {
+  statement {
+    actions = [
+      "sts:AssumeRole",
+    ]
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["monitoring.rds.amazonaws.com"]
+    }
+  }
+}
+
+#####
+# DB
+#####
+module "db" {
+  source = "../../"
+
+  identifier = "demodb"
+
+  engine            = "mysql"
+  engine_version    = "5.7.11"
+  instance_class    = "db.t2.large"
+  allocated_storage = 5
+  storage_encrypted = false
+
+  # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
+
+  name                    = "demodb"
+  username                = "user"
+  password                = "YourPwdShouldBeLongAndSecure!"
+  port                    = "3306"
+  vpc_security_group_ids  = ["${data.aws_security_group.default.id}"]
+  maintenance_window      = "Mon:00:00-Mon:03:00"
+  backup_window           = "03:00-06:00"
+  backup_retention_period = 0                                         // disable backups to create DB faster
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+  # DB subnet group
+  subnet_ids = ["${data.aws_subnet_ids.all.ids}"]
+  # DB parameter group
+  family              = "mysql5.7"
+  monitoring_interval = "30"
+  monitoring_role_arn = "${aws_iam_role.rds_enhanced_monitoring.arn}"
+}

main.tf

@@ -61,9 +61,13 @@ module "db_instance" {
   maintenance_window          = "${var.maintenance_window}"
   skip_final_snapshot         = "${var.skip_final_snapshot}"
   copy_tags_to_snapshot       = "${var.copy_tags_to_snapshot}"
+  final_snapshot_identifier   = "${var.final_snapshot_identifier}"
 
   backup_retention_period = "${var.backup_retention_period}"
   backup_window           = "${var.backup_window}"
 
+  monitoring_interval = "${var.monitoring_interval}"
+  monitoring_role_arn = "${var.monitoring_role_arn}"
+
   tags = "${var.tags}"
 }

modules/db_instance/main.tf

@@ -25,6 +25,7 @@ resource "aws_db_instance" "this" {
   iops                = "${var.iops}"
   publicly_accessible = "${var.publicly_accessible}"
   monitoring_interval = "${var.monitoring_interval}"
+  monitoring_role_arn = "${var.monitoring_role_arn}"
 
   allow_major_version_upgrade = "${var.allow_major_version_upgrade}"
   auto_minor_version_upgrade  = "${var.auto_minor_version_upgrade}"
@@ -32,6 +33,7 @@ resource "aws_db_instance" "this" {
   maintenance_window          = "${var.maintenance_window}"
   skip_final_snapshot         = "${var.skip_final_snapshot}"
   copy_tags_to_snapshot       = "${var.copy_tags_to_snapshot}"
+  final_snapshot_identifier   = "${var.final_snapshot_identifier}"
 
   backup_retention_period = "${var.backup_retention_period}"
   backup_window           = "${var.backup_window}"

modules/db_instance/variables.tf

@@ -49,6 +49,11 @@ variable "port" {
   description = "The port on which the DB accepts connections"
 }
 
+variable "final_snapshot_identifier" {
+  description = "The name of your final DB snapshot when this DB instance is deleted."
+  default     = ""
+}
+
 variable "vpc_security_group_ids" {
   description = "List of VPC security groups to associate"
   default     = []
@@ -84,6 +89,11 @@ variable "monitoring_interval" {
   default     = 0
 }
 
+variable "monitoring_role_arn" {
+  description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero."
+  default     = ""
+}
+
 variable "allow_major_version_upgrade" {
   description = "Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible"
   default     = false

variables.tf

@@ -29,6 +29,11 @@ variable "engine_version" {
   description = "The engine version to use"
 }
 
+variable "final_snapshot_identifier" {
+  description = "The name of your final DB snapshot when this DB instance is deleted."
+  default     = ""
+}
+
 variable "instance_class" {
   description = "The instance type of the RDS instance"
 }
@@ -79,6 +84,16 @@ variable "publicly_accessible" {
   default     = false
 }
 
+variable "monitoring_interval" {
+  description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60."
+  default     = 0
+}
+
+variable "monitoring_role_arn" {
+  description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero."
+  default     = ""
+}
+
 variable "allow_major_version_upgrade" {
   description = "Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible"
   default     = false