terraform-aws-modules
diff --git a/‎README.md‎
Lines changed: 72 additions & 98 deletions b/‎README.md‎
Lines changed: 72 additions & 98 deletions
diff --git a/‎docs/UPGRADE-10.0.md‎
Lines changed: 43 additions & 2 deletions b/‎docs/UPGRADE-10.0.md‎
Lines changed: 43 additions & 2 deletions
diff --git a/‎examples/autoscaling/README.md‎
Lines changed: 1 addition & 1 deletion b/‎examples/autoscaling/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/autoscaling/main.tf‎
Lines changed: 8 additions & 8 deletions b/‎examples/autoscaling/main.tf‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎examples/dsql/main.tf‎
Lines changed: 2 additions & 9 deletions b/‎examples/dsql/main.tf‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎examples/global-cluster/README.md‎
Lines changed: 2 additions & 3 deletions b/‎examples/global-cluster/README.md‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎examples/global-cluster/main.tf‎
Lines changed: 11 additions & 14 deletions b/‎examples/global-cluster/main.tf‎
Lines changed: 11 additions & 14 deletions
diff --git a/‎examples/limitless/README.md‎
Lines changed: 1 addition & 2 deletions b/‎examples/limitless/README.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎examples/limitless/main.tf‎
Lines changed: 29 additions & 46 deletions b/‎examples/limitless/main.tf‎
Lines changed: 29 additions & 46 deletions
diff --git a/‎examples/multi-az/README.md‎
Lines changed: 1 addition & 1 deletion b/‎examples/multi-az/README.md‎
Lines changed: 1 addition & 1 deletion
@@ -18,6 +18,8 @@ If you find a bug, please open an issue with supporting configuration to reprodu
 ### Modified
 
 - Variable definitions now contain detailed object types in place of the previously used `any` type
+- `copy_tags_to_snapshot` default value is now `true`
+- `db_cluster_parameter_group_parameters` was previously of type `list(map(...))`, now of type `map(object(...))`with `name` being optional and defaulting to the map key if not provided
 
 ### Removed
 
@@ -27,11 +29,50 @@ If you find a bug, please open an issue with supporting configuration to reprodu
 
 1. Removed variables:
 
-    -
+    - `auto_minor_version_upgrade` -> still available within the `instances` variable definition
+    - `ca_cert_identifier` -> available within the `instances` variable definition
+    - `instance_class` -> still available within the `instances` variable definition
+    - `monitoring_interval` -> still available within the `instances` variable definition
+    - `performance_insights_enabled` -> still available within the `instances` variable definition
+    - `performance_insights_kms_key_id` -> still available within the `instances` variable definition
+    - `performance_insights_retention_period` -> still available within the `instances` variable definition
+    - `iam_role_managed_policy_arns` -> deprecated argument on `aws_iam_role` resource
+    - `iam_role_force_detach_policies` -> hardcode to `true`
 
 2. Renamed variables:
 
-    -
+    - `endpoints.cluster_endpoint_identifier` was previously `endpoints.identifier`
+    - `endpoints.custom_endpoint_type` was previously `endpoints.type`
+    - `role_associations` was previously `iam_roles`
+    - The variables for DB shard group have been nested under a single, top-level `shard_group` variable:
+      - `create_shard_group` removed - set `shard_group` to `null` to disable or provide an object to enable
+      - `compute_redundancy` -> `shard_group.compute_redundancy`
+      - `db_shard_group_identifier` -> `shard_group.identifier`
+      - `max_acu` -> `shard_group.max_acu`
+      - `min_acu` -> `shard_group.min_acu`
+      - `publicly_accessible` -> `shard_group.publicly_accessible`
+      - `shard_group_tags` -> `shard_group.tags`
+      - `shard_group_timeouts` -> `shard_group.timeouts`
+    - The variables for the cluster activity stream have been nested under a single, top-level `cluster_activity_stream` variable:
+      - `create_db_cluster_activity_stream` removed - set `cluster_activity_stream` to `null` to disable or provide an object to enable
+      - `db_cluster_activity_stream_mode` -> `cluster_activity_stream.mode`
+      - `db_cluster_activity_stream_kms_key_id` -> `cluster_activity_stream.kms_key_id`
+      - `engine_native_audit_fields_included` -> `cluster_activity_stream.include_audit_fields`
+    - The variables for the cluster parameter group have been nested under a single, top-level `cluster_parameter_group` variable:
+      - `create_db_cluster_parameter_group` removed - set `cluster_parameter_group` to `null` to disable or provide an object to enable
+      - `db_cluster_parameter_group_name` -> `cluster_parameter_group.name`
+      - `db_cluster_parameter_group_use_name_prefix` -> `cluster_parameter_group.use_name_prefix`
+      - `db_cluster_parameter_group_description` -> `cluster_parameter_group.description`
+      - `db_cluster_parameter_group_family` -> `cluster_parameter_group.family`
+      - `db_cluster_parameter_group_parameters` -> `cluster_parameter_group.parameters`
+    - The variables for the instance parameter group have been nested under a single, top-level `db_parameter_group` variable:
+      - `create_db_parameter_group` removed - set `db_parameter_group` to `null` to disable or provide an object to enable
+      - `db_parameter_group_name` -> `db_parameter_group.name`
+        - A variable `cluster_parameter_group_name` has been retained for when users want to provide an existing cluster parameter group name.
+      - `db_parameter_group_use_name_prefix` -> `db_parameter_group.use_name_prefix`
+      - `db_parameter_group_description` -> `db_parameter_group.description`
+      - `db_parameter_group_family` -> `db_parameter_group.family`
+      - `db_parameter_group_parameters` -> `db_parameter_group.parameters`
 
 3. Added variables:
 
 
@@ -34,7 +34,7 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | <a name="module_aurora"></a> [aurora](#module\_aurora) | ../../ | n/a |
 | <a name="module_disabled_aurora"></a> [disabled\_aurora](#module\_disabled\_aurora) | ../../ | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 
 
@@ -25,12 +25,12 @@ locals {
 module "aurora" {
   source = "../../"
 
-  name            = local.name
-  engine          = "aurora-postgresql"
-  engine_version  = "14.5"
-  instance_class  = "db.r6g.large"
-  instances       = { 1 = {} }
-  master_username = "root"
+  name                      = local.name
+  engine                    = "aurora-postgresql"
+  engine_version            = "14.5"
+  db_cluster_instance_class = "db.r6g.large"
+  instances                 = { 1 = {} }
+  master_username           = "root"
 
   vpc_id               = module.vpc.vpc_id
   db_subnet_group_name = module.vpc.database_subnet_group_name
@@ -44,7 +44,7 @@ module "aurora" {
   autoscaling_min_capacity = 1
   autoscaling_max_capacity = 5
 
-  monitoring_interval           = 60
+  cluster_monitoring_interval   = 60
   iam_role_name                 = "${local.name}-monitor"
   iam_role_use_name_prefix      = true
   iam_role_description          = "${local.name} RDS enhanced monitoring IAM role"
@@ -71,7 +71,7 @@ module "disabled_aurora" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.vpc_cidr
 
@@ -2,11 +2,6 @@ provider "aws" {
   region = local.region
 }
 
-provider "aws" {
-  region = local.region2
-  alias  = "region2"
-}
-
 locals {
   name           = "ex-${basename(path.cwd)}"
   region         = "us-east-1"
@@ -42,16 +37,14 @@ module "dsql_cluster_1" {
 module "dsql_cluster_2" {
   source = "../../modules/dsql"
 
+  region = local.region2
+
   deletion_protection_enabled = false
   witness_region              = local.witness_region
   create_cluster_peering      = true
   clusters                    = [module.dsql_cluster_1.arn]
 
   tags = merge(local.tags, { Name = local.name })
-
-  providers = {
-    aws = aws.region2
-  }
 }
 
 module "dsql_single_region" {
 
@@ -28,7 +28,6 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.18 |
-| <a name="provider_aws.secondary"></a> [aws.secondary](#provider\_aws.secondary) | >= 6.18 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.5 |
 
 ## Modules
@@ -37,8 +36,8 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|--------|---------|
 | <a name="module_aurora_primary"></a> [aurora\_primary](#module\_aurora\_primary) | ../../ | n/a |
 | <a name="module_aurora_secondary"></a> [aurora\_secondary](#module\_aurora\_secondary) | ../../ | n/a |
-| <a name="module_primary_vpc"></a> [primary\_vpc](#module\_primary\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| <a name="module_secondary_vpc"></a> [secondary\_vpc](#module\_secondary\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_primary_vpc"></a> [primary\_vpc](#module\_primary\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| <a name="module_secondary_vpc"></a> [secondary\_vpc](#module\_secondary\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 
 
@@ -2,15 +2,12 @@ provider "aws" {
   region = local.primary_region
 }
 
-provider "aws" {
-  alias  = "secondary"
-  region = local.secondary_region
-}
-
 data "aws_caller_identity" "current" {}
-data "aws_availability_zones" "primary" {}
+data "aws_availability_zones" "primary" {
+  region = local.primary_region
+}
 data "aws_availability_zones" "secondary" {
-  provider = aws.secondary
+  region = local.secondary_region
 }
 
 locals {
@@ -52,7 +49,7 @@ module "aurora_primary" {
   engine_version            = aws_rds_global_cluster.this.engine_version
   master_username           = "root"
   global_cluster_identifier = aws_rds_global_cluster.this.id
-  instance_class            = "db.r6g.large"
+  db_cluster_instance_class = "db.r6g.large"
   instances                 = { for i in range(2) : i => {} }
   kms_key_id                = aws_kms_key.primary.arn
 
@@ -76,7 +73,7 @@ module "aurora_primary" {
 module "aurora_secondary" {
   source = "../../"
 
-  providers = { aws = aws.secondary }
+  region = local.secondary_region
 
   is_primary_cluster = false
 
@@ -85,7 +82,7 @@ module "aurora_secondary" {
   engine_version            = aws_rds_global_cluster.this.engine_version
   global_cluster_identifier = aws_rds_global_cluster.this.id
   source_region             = local.primary_region
-  instance_class            = "db.r6g.large"
+  db_cluster_instance_class = "db.r6g.large"
   instances                 = { for i in range(2) : i => {} }
   kms_key_id                = aws_kms_key.secondary.arn
 
@@ -120,7 +117,7 @@ resource "random_password" "master" {
 
 module "primary_vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.primary_vpc_cidr
@@ -136,9 +133,9 @@ module "primary_vpc" {
 
 module "secondary_vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
-  providers = { aws = aws.secondary }
+  region = local.secondary_region
 
   name = local.name
   cidr = local.secondary_vpc_cidr
@@ -193,7 +190,7 @@ resource "aws_kms_key" "primary" {
 }
 
 resource "aws_kms_key" "secondary" {
-  provider = aws.secondary
+  region = local.secondary_region
 
   policy = data.aws_iam_policy_document.rds.json
   tags   = local.tags
 
@@ -35,8 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_aurora"></a> [aurora](#module\_aurora) | ../../ | n/a |
-| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources
 
 
@@ -25,24 +25,25 @@ locals {
 module "aurora" {
   source = "../../"
 
-  name                        = local.name
-  engine                      = "aurora-postgresql"
-  engine_version              = "16.6-limitless"
-  master_username             = "root"
-  storage_type                = "aurora-iopt1"
-  cluster_monitoring_interval = 30
-  cluster_scalability_type    = "limitless"
+  name           = local.name
+  engine         = "aurora-postgresql"
+  engine_version = "16.6-limitless"
+  storage_type   = "aurora-iopt1"
 
+  cluster_scalability_type    = "limitless"
+  cluster_monitoring_interval = 30
   # https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless-reqs-limits.html
   cluster_performance_insights_enabled          = true
   cluster_performance_insights_retention_period = 31
 
-  create_shard_group        = true
-  compute_redundancy        = 0
-  db_shard_group_identifier = local.name
-  max_acu                   = 16
+  shard_group = {
+    compute_redundancy = 0
+    identifier         = local.name
+    max_acu            = 16
+  }
 
   # aurora limitless clusters do not support managed master user password
+  master_username             = "root"
   manage_master_user_password = false
   master_password             = random_password.master.result
 
@@ -62,29 +63,26 @@ module "aurora" {
   apply_immediately   = true
   skip_final_snapshot = true
 
-  create_db_cluster_parameter_group      = true
-  db_cluster_parameter_group_name        = local.name
-  db_cluster_parameter_group_family      = "aurora-postgresql16"
-  db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
-  db_cluster_parameter_group_parameters = [
-    {
-      name         = "log_min_duration_statement"
-      value        = 4000
-      apply_method = "immediate"
-      }, {
-      name         = "rds.force_ssl"
-      value        = 1
-      apply_method = "immediate"
-    }
-  ]
+  cluster_parameter_group = {
+    name        = local.name
+    family      = "aurora-postgresql16"
+    description = "${local.name} example cluster parameter group"
+    parameters = [
+      {
+        name         = "log_min_duration_statement"
+        value        = 4000
+        apply_method = "immediate"
+        }, {
+        name         = "rds.force_ssl"
+        value        = 1
+        apply_method = "immediate"
+      }
+    ]
+  }
 
   enabled_cloudwatch_logs_exports = ["postgresql"]
   create_cloudwatch_log_group     = true
 
-  cloudwatch_log_group_tags = {
-    Sensitivity = "high"
-  }
-
   tags = local.tags
 }
 
@@ -99,7 +97,7 @@ resource "random_password" "master" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
 
   name = local.name
   cidr = local.vpc_cidr
@@ -111,18 +109,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-module "kms" {
-  source  = "terraform-aws-modules/kms/aws"
-  version = "~> 2.0"
-
-  deletion_window_in_days = 7
-  description             = "KMS key for ${local.name} cluster activity stream."
-  enable_key_rotation     = true
-  is_enabled              = true
-  key_usage               = "ENCRYPT_DECRYPT"
-
-  aliases = [local.name]
-
-  tags = local.tags
-}
@@ -33,7 +33,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_aurora"></a> [aurora](#module\_aurora) | ../../ | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 
 ## Resources