Merge pull request #9 from imperva/matt/SR-1506-rds-module-updates

Refactor aws-rds-cluster modules
imperva · Aug 29, 2024 · 1d9393e · 1d9393e
2 parents 54c7390 + 2b06fee
commit 1d9393e
Show file tree

Hide file tree

Showing 34 changed files with 476 additions and 472 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,10 @@
 # Changelog
 
-## 1.0.6 (TBD)
+## 1.0.5 (TBD)
 
 ### Features
 - Amazon RDS SQL Server module
+- Refactored Amazon RDS Aurora (MySQL and PostgreSQL) module variables
 
 ## 1.0.4 (2024-07-25)
 

diff --git a/examples/onboard-aws-rds-aurora-mysql-kinesis/main.tf b/examples/onboard-aws-rds-aurora-mysql-kinesis/main.tf
@@ -64,11 +64,10 @@ module "aws-aurora-mysql-kinesis" {
   aws_kinesis_reason             = "default"
   aws_kinesis_region             = local.aws_region
 
-  cluster_apply_immediately  = local.apply_immediately
-  cluster_db_master_password = local.master_password
-  cluster_db_master_username = local.master_user
-  cluster_id                 = "tf-aurora-mysql-kinesis-cluster"
-  cluster_final_snapshot     = true
+  cluster_apply_immediately = local.apply_immediately
+  cluster_master_password   = local.master_password
+  cluster_master_username   = local.master_user
+  cluster_identifier        = "tf-aurora-mysql-kinesis-cluster"
 
   instance_apply_immediately   = local.apply_immediately
   instance_identifier          = "tf-aurora-mysql-kinesis-instance"

diff --git a/examples/onboard-aws-rds-aurora-mysql-slowquery/main.tf b/examples/onboard-aws-rds-aurora-mysql-slowquery/main.tf
@@ -83,9 +83,9 @@ module "aws-aurora-mysql-slowquery" {
     }
   ]
 
-  cluster_cluster_id             = "aurora-mysql-cluster"
-  cluster_db_master_username     = "admin"
-  cluster_db_master_password     = "mypassword"
+  cluster_identifier             = "aurora-mysql-cluster"
+  cluster_master_username        = "admin"
+  cluster_master_password        = "mypassword"
   cluster_db_subnet_group_name   = local.subnet_group_name
   cluster_vpc_security_group_ids = local.vpc_security_group_ids
 

diff --git a/examples/onboard-aws-rds-aurora-mysql/main.tf b/examples/onboard-aws-rds-aurora-mysql/main.tf
@@ -57,9 +57,9 @@ module "aws-aurora-mysql" {
 
   cluster_parameter_group_name = "aurora-mysql-cpg-tf"
 
-  cluster_cluster_id             = "aurora-mysql-cluster"
-  cluster_db_master_username     = "admin"
-  cluster_db_master_password     = "mypassword"
+  cluster_identifier             = "aurora-mysql-cluster"
+  cluster_master_username        = "admin"
+  cluster_master_password        = "mypassword"
   cluster_db_subnet_group_name   = local.subnet_group_name
   cluster_vpc_security_group_ids = local.vpc_security_group_ids
 

diff --git a/examples/onboard-aws-rds-aurora-postgresql-kinesis/main.tf b/examples/onboard-aws-rds-aurora-postgresql-kinesis/main.tf
@@ -64,11 +64,11 @@ module "aws-aurora-postgresql-kinesis-1" {
   aws_kinesis_gateway_id         = local.gateway_id
   aws_kinesis_region             = local.aws_region
 
-  cluster_apply_immediately  = true
-  cluster_db_engine_version  = "16"
-  cluster_db_master_password = local.master_password
-  cluster_db_master_username = local.master_user
-  cluster_id                 = "tf-aurora-postgresql-kinesis-cluster"
+  cluster_apply_immediately = true
+  cluster_engine_version    = "16"
+  cluster_identifier        = "tf-aurora-postgresql-kinesis-cluster"
+  cluster_master_password   = local.master_password
+  cluster_master_username   = local.master_user
 
   instance_apply_immediately   = true
   instance_class               = "db.r5.large"
@@ -93,11 +93,11 @@ module "aws-aurora-postgresql-kinesis-2" {
   aws_kinesis_gateway_id         = local.gateway_id
   aws_kinesis_region             = local.aws_region
 
-  cluster_apply_immediately  = true
-  cluster_db_engine_version  = "16"
-  cluster_db_master_password = local.master_password
-  cluster_db_master_username = local.master_user
-  cluster_id                 = "tf-aurora-postgresql-kinesis-cluster"
+  cluster_apply_immediately = true
+  cluster_engine_version    = "16"
+  cluster_identifier        = "tf-aurora-postgresql-kinesis-cluster"
+  cluster_master_password   = local.master_password
+  cluster_master_username   = local.master_user
 
   instance_apply_immediately   = true
   instance_class               = "db.r5.large"

diff --git a/examples/onboard-aws-rds-aurora-postgresql/main.tf b/examples/onboard-aws-rds-aurora-postgresql/main.tf
@@ -87,12 +87,11 @@ module "aurora-postgresql-1" {
   aws_log_group_gateway_id         = local.gateway_id
   aws_log_group_region             = local.aws_region
 
-  cluster_db_engine_version      = "16.1"
-  cluster_db_master_password     = local.master_password
-  cluster_db_master_username     = local.master_user
   cluster_db_subnet_group_name   = local.subnet_group_name
-  cluster_final_snapshot         = true
-  cluster_id                     = "tf-aurora-postgresql-cluster"
+  cluster_engine_version         = "16.1"
+  cluster_identifier             = "tf-aurora-postgresql-cluster"
+  cluster_master_password        = local.master_password
+  cluster_master_username        = local.master_user
   cluster_parameter_group_name   = "tf-aurora-postgresql-instance-pg"
   cluster_vpc_security_group_ids = local.vpc_security_groups
 
@@ -118,12 +117,11 @@ module "aurora-postgresql-2" {
   aws_log_group_gateway_id         = local.gateway_id
   aws_log_group_region             = local.aws_region
 
-  cluster_db_engine_version      = "16.1"
-  cluster_db_master_password     = local.master_password
-  cluster_db_master_username     = local.master_user
   cluster_db_subnet_group_name   = local.subnet_group_name
-  cluster_final_snapshot         = true
-  cluster_id                     = "tf-aurora-postgresql-cluster"
+  cluster_engine_version         = "16.1"
+  cluster_identifier             = "tf-aurora-postgresql-cluster"
+  cluster_master_password        = local.master_password
+  cluster_master_username        = local.master_user
   cluster_parameter_group_name   = "tf-aurora-postgresql-instance-pg"
   cluster_vpc_security_group_ids = local.vpc_security_groups
 

diff --git a/modules/aws-neptune-cluster/README.md b/modules/aws-neptune-cluster/README.md
@@ -24,7 +24,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. | `bool` | `null` | no |
-| <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for. Default is 1 | `number` | `null` | no |
+| <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for. | `number` | `null` | no |
 | <a name="input_enable_cloudwatch_logs_exports"></a> [enable\_cloudwatch\_logs\_exports](#input\_enable\_cloudwatch\_logs\_exports) | A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery | `list(string)` | `null` | no |
 | <a name="input_engine"></a> [engine](#input\_engine) | The name of the database engine to be used for this Neptune cluster. | `string` | `null` | no |
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | The database engine version. | `string` | `null` | no |

diff --git a/modules/aws-neptune-cluster/variables.tf b/modules/aws-neptune-cluster/variables.tf
@@ -17,7 +17,7 @@ variable "engine_version" {
 }
 
 variable "backup_retention_period" {
-  description = "The days to retain backups for. Default is 1"
+  description = "The days to retain backups for."
   type        = number
   default     = null
 }

diff --git a/modules/aws-neptune-instance/README.md b/modules/aws-neptune-instance/README.md
@@ -24,14 +24,14 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any instance modifications are applied immediately, or during the next maintenance window. | `bool` | `null` | no |
-| <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is true | `bool` | `null` | no |
+| <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. | `bool` | `null` | no |
 | <a name="input_class"></a> [class](#input\_class) | The instance class to use. | `string` | `null` | no |
 | <a name="input_cluster_identifier"></a> [cluster\_identifier](#input\_cluster\_identifier) | The identifier of the aws\_neptune\_cluster in which to launch this instance. | `string` | `null` | no |
 | <a name="input_identifier"></a> [identifier](#input\_identifier) | The identifier for the neptune instance. | `string` | n/a | yes |
 | <a name="input_neptune_parameter_group_name"></a> [neptune\_parameter\_group\_name](#input\_neptune\_parameter\_group\_name) | The name of the neptune parameter group to associate with this instance | `string` | `null` | no |
 | <a name="input_neptune_subnet_group_name"></a> [neptune\_subnet\_group\_name](#input\_neptune\_subnet\_group\_name) | A subnet group to associate with this neptune instance. NOTE: This must match the neptune\_subnet\_group\_name of the attached aws\_neptune\_cluster | `string` | `null` | no |
-| <a name="input_port"></a> [port](#input\_port) | The port on which the DB accepts connections. Defaults to 8182 | `number` | `null` | no |
-| <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible. Default is false | `bool` | `null` | no |
+| <a name="input_port"></a> [port](#input\_port) | The port on which the DB accepts connections. | `number` | `null` | no |
+| <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | Bool to control if instance is publicly accessible. | `bool` | `null` | no |
 
 ## Outputs
 

diff --git a/modules/aws-neptune-instance/variables.tf b/modules/aws-neptune-instance/variables.tf
@@ -5,7 +5,7 @@ variable "apply_immediately" {
 }
 
 variable "auto_minor_version_upgrade" {
-  description = "Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is true"
+  description = "Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window."
   type        = bool
   default     = null
 }
@@ -40,13 +40,13 @@ variable "neptune_parameter_group_name" {
 }
 
 variable "port" {
-  description = "The port on which the DB accepts connections. Defaults to 8182"
+  description = "The port on which the DB accepts connections."
   type        = number
   default     = null
 }
 
 variable "publicly_accessible" {
-  description = "Bool to control if instance is publicly accessible. Default is false"
+  description = "Bool to control if instance is publicly accessible."
   type        = bool
   default     = null
 }
diff --git a/modules/aws-rds-cluster-instance/README.md b/modules/aws-rds-cluster-instance/README.md
@@ -23,7 +23,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is true | `bool` | `null` | no |
+| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. | `bool` | `null` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The name of the RDS cluster | `string` | n/a | yes |
 | <a name="input_db_engine"></a> [db\_engine](#input\_db\_engine) | Cluster engine e.g., aurora-mysql | `string` | `null` | no |
 | <a name="input_db_instance_class"></a> [db\_instance\_class](#input\_db\_instance\_class) | The instance type of the RDS cluster. Example: 'db.t3.micro' | `string` | `null` | no |

diff --git a/modules/aws-rds-cluster-instance/variables.tf b/modules/aws-rds-cluster-instance/variables.tf
@@ -39,7 +39,7 @@ variable "maintenance_schedule" {
 }
 
 variable "apply_immediately" {
-  description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is true"
+  description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window."
   type        = bool
   default     = null
 }

diff --git a/modules/aws-rds-cluster/README.md b/modules/aws-rds-cluster/README.md
@@ -23,21 +23,21 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is true | `bool` | `null` | no |
-| <a name="input_backup_retention"></a> [backup\_retention](#input\_backup\_retention) | Days to retain backups for, Default is 1 day. | `number` | `null` | no |
-| <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The name of the RDS cluster | `string` | n/a | yes |
-| <a name="input_db_enabled_cloudwatch_logs_exports"></a> [db\_enabled\_cloudwatch\_logs\_exports](#input\_db\_enabled\_cloudwatch\_logs\_exports) | Set of log types to enable for exporting to CloudWatch logs. Valid values: audit, error, general, slowquery. | `list(any)` | `null` | no |
-| <a name="input_db_engine"></a> [db\_engine](#input\_db\_engine) | Cluster engine e.g., aurora-mysql | `string` | `null` | no |
-| <a name="input_db_engine_version"></a> [db\_engine\_version](#input\_db\_engine\_version) | Database engine version, e.g., 8.0.mysql\_aurora.3.05.1 | `string` | `null` | no |
-| <a name="input_db_master_password"></a> [db\_master\_password](#input\_db\_master\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage\_master\_user\_password is set to true | `string` | n/a | yes |
-| <a name="input_db_master_username"></a> [db\_master\_username](#input\_db\_master\_username) | Username for the master DB user, must not use rdsadmin as that is reserved. | `string` | n/a | yes |
-| <a name="input_db_port"></a> [db\_port](#input\_db\_port) | Port on which the DB accepts connections. | `number` | `null` | no |
-| <a name="input_db_subnet_group_name"></a> [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC, or in EC2 Classic, if available. | `string` | `null` | no |
-| <a name="input_final_snapshot"></a> [final\_snapshot](#input\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final\_snapshot\_identifier. Default is false | `bool` | `null` | no |
-| <a name="input_maintenance_schedule"></a> [maintenance\_schedule](#input\_maintenance\_schedule) | Weekly time range during which system maintenance can occur, in (UTC). | `string` | `null` | no |
+| <a name="input_apply_immediately"></a> [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. | `bool` | `null` | no |
+| <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | Days to retain backups for. | `number` | `null` | no |
+| <a name="input_cluster_identifier"></a> [cluster\_identifier](#input\_cluster\_identifier) | The cluster identifier. | `string` | n/a | yes |
+| <a name="input_db_cluster_parameter_group_name"></a> [db\_cluster\_parameter\_group\_name](#input\_db\_cluster\_parameter\_group\_name) | A cluster parameter group to associate with the cluster. | `string` | `null` | no |
+| <a name="input_db_subnet_group_name"></a> [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | DB subnet group to associate with this DB cluster. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC, or in EC2 Classic, if available. | `string` | `null` | no |
+| <a name="input_enabled_cloudwatch_logs_exports"></a> [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql (PostgreSQL). | `list(string)` | `null` | no |
+| <a name="input_engine"></a> [engine](#input\_engine) | Name of the database engine to be used for this DB cluster. Valid Values: aurora-mysql, aurora-postgresql, mysql, postgres. (Note that mysql and postgres are Multi-AZ RDS clusters). | `string` | `null` | no |
+| <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Database engine version, e.g., 8.0.mysql\_aurora.3.05.1 | `string` | `null` | no |
+| <a name="input_master_password"></a> [master\_password](#input\_master\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. | `string` | n/a | yes |
+| <a name="input_master_username"></a> [master\_username](#input\_master\_username) | Username for the master DB user, must not use rdsadmin as that is reserved. | `string` | n/a | yes |
 | <a name="input_network_type"></a> [network\_type](#input\_network\_type) | Network type of the cluster. Valid values: IPV4, DUAL | `string` | `null` | no |
-| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Cluster parameter group associated with the cluster | `string` | `null` | no |
-| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate. | `list(any)` | `null` | no |
+| <a name="input_port"></a> [port](#input\_port) | Port on which the DB accepts connections. | `number` | `null` | no |
+| <a name="input_preferred_maintenance_window"></a> [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | Weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30. | `string` | `null` | no |
+| <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final\_snapshot\_identifier. | `bool` | `null` | no |
+| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of VPC security groups to associate with the cluster. | `list(any)` | `null` | no |
 
 ## Outputs
 

diff --git a/modules/aws-rds-cluster/main.tf b/modules/aws-rds-cluster/main.tf
@@ -1,17 +1,17 @@
 resource "aws_rds_cluster" "this" {
   apply_immediately               = var.apply_immediately
-  backup_retention_period         = var.backup_retention
-  cluster_identifier              = var.cluster_id
-  enabled_cloudwatch_logs_exports = var.db_enabled_cloudwatch_logs_exports
-  engine                          = var.db_engine
-  engine_version                  = var.db_engine_version
-  master_password                 = var.db_master_password
-  master_username                 = var.db_master_username
-  port                            = var.db_port
+  backup_retention_period         = var.backup_retention_period
+  cluster_identifier              = var.cluster_identifier
+  db_cluster_parameter_group_name = var.db_cluster_parameter_group_name
   db_subnet_group_name            = var.db_subnet_group_name
-  skip_final_snapshot             = var.final_snapshot
-  preferred_maintenance_window    = var.maintenance_schedule
-  db_cluster_parameter_group_name = var.parameter_group_name
+  enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
+  engine                          = var.engine
+  engine_version                  = var.engine_version
+  master_password                 = var.master_password
+  master_username                 = var.master_username
   network_type                    = var.network_type
+  port                            = var.port
+  preferred_maintenance_window    = var.preferred_maintenance_window
+  skip_final_snapshot             = var.skip_final_snapshot
   vpc_security_group_ids          = var.vpc_security_group_ids
 }