feat: DSQL Support

README.md

@@ -15,6 +15,7 @@ Terraform module which creates AWS RDS Aurora resources.
 - Custom endpoints
 - RDS multi-AZ support (not Aurora)
 - Aurora Limitless
+- Aurora DSQL cluster
 
 ## Usage
 
@@ -205,6 +206,33 @@ module "cluster" {
 }
 ```
 
+## DSQL Multi Region Peered Clusters
+```hcl
+module "dsql_cluster_1" {
+  source = "../../modules/dsql"
+
+  witness_region              = "us-west-2"
+  create_cluster_peering      = true
+  clusters                    = [module.dsql_cluster_2.arn]
+
+  tags = { Name = "dsql-1" }
+}
+
+module "dsql_cluster_2" {
+  source = "../../modules/dsql"
+
+  witness_region              = "us-west-2"
+  create_cluster_peering      = true
+  clusters                    = [module.dsql_cluster_1.arn]
+
+  tags = { Name = "dsql-2" }
+
+  providers = {
+    aws = aws.region2
+  }
+}
+```
+
 ## Examples
 
 - [Autoscaling](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/autoscaling): A PostgreSQL cluster with enhanced monitoring and autoscaling enabled
@@ -215,6 +243,7 @@ module "cluster" {
 - [PostgreSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/postgresql): A simple PostgreSQL cluster
 - [S3 Import](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/s3-import): A MySQL cluster created from a Percona Xtrabackup stored in S3
 - [Serverless](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/serverless): Serverless V1 and V2 (PostgreSQL and MySQL)
+- [DSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/dsql): Multi region and single region DSQL clusters
 
 ## Documentation
 

examples/dsql/main.tf

@@ -0,0 +1,63 @@
+provider "aws" {
+  region = local.region
+}
+
+provider "aws" {
+  region = local.region2
+  alias  = "region2"
+}
+
+locals {
+  name           = "ex-${basename(path.cwd)}"
+  region         = "us-east-1"
+  region2        = "us-east-2"
+  witness_region = "us-west-2"
+
+  tags = {
+    Example    = local.name
+    GithubRepo = "terraform-aws-rds-aurora"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}
+
+################################################################################
+# RDS Aurora Module
+################################################################################
+
+module "dsql_cluster_1" {
+  source = "../../modules/dsql"
+
+  deletion_protection_enabled = false
+  witness_region              = local.witness_region
+  create_cluster_peering      = true
+  clusters                    = [module.dsql_cluster_2.arn]
+
+  timeouts = {
+    create = "1h"
+  }
+
+  tags = merge(local.tags, { Name = local.name })
+}
+
+module "dsql_cluster_2" {
+  source = "../../modules/dsql"
+
+  deletion_protection_enabled = false
+  witness_region              = local.witness_region
+  create_cluster_peering      = true
+  clusters                    = [module.dsql_cluster_1.arn]
+
+  tags = merge(local.tags, { Name = local.name })
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+module "dsql_single_region" {
+  source = "../../modules/dsql"
+
+  deletion_protection_enabled = false
+
+  tags = merge(local.tags, { Name = "single-region" })
+}

examples/dsql/outputs.tf

@@ -0,0 +1,49 @@
+output "dsql_cluster_1_arn" {
+  description = "ARN of the cluster"
+  value       = module.dsql_cluster_1.arn
+}
+
+output "dsql_cluster_1_identifier" {
+  description = "Cluster identifier"
+  value       = module.dsql_cluster_1.identifier
+}
+
+output "dsql_cluster_1_encryption_details" {
+  description = "Encryption configuration details for the DSQL cluster"
+  value       = module.dsql_cluster_1.encryption_details
+}
+
+output "dsql_cluster_1_multi_region_properties" {
+  description = "Multi-region properties of the DSQL cluster"
+  value       = module.dsql_cluster_1.multi_region_properties
+}
+
+output "dsql_cluster_1_vpc_endpoint_service_name" {
+  description = "The DSQL cluster's VPC endpoint service name"
+  value       = module.dsql_cluster_1.vpc_endpoint_service_name
+}
+
+output "dsql_cluster_2_arn" {
+  description = "ARN of the cluster"
+  value       = module.dsql_cluster_2.arn
+}
+
+output "dsql_cluster_2_identifier" {
+  description = "Cluster identifier"
+  value       = module.dsql_cluster_2.identifier
+}
+
+output "dsql_cluster_2_encryption_details" {
+  description = "Encryption configuration details for the DSQL cluster"
+  value       = module.dsql_cluster_2.encryption_details
+}
+
+output "dsql_cluster_2_multi_region_properties" {
+  description = "Multi-region properties of the DSQL cluster"
+  value       = module.dsql_cluster_2.multi_region_properties
+}
+
+output "dsql_cluster_2_vpc_endpoint_service_name" {
+  description = "The DSQL cluster's VPC endpoint service name"
+  value       = module.dsql_cluster_2.vpc_endpoint_service_name
+}

examples/dsql/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.100"
+    }
+  }
+}

modules/dsql/main.tf

@@ -0,0 +1,27 @@
+resource "aws_dsql_cluster" "this" {
+  count = var.create ? 1 : 0
+
+  deletion_protection_enabled = var.deletion_protection_enabled
+  kms_encryption_key          = var.kms_encryption_key
+
+  dynamic "multi_region_properties" {
+    for_each = var.witness_region != null ? [true] : []
+    content {
+      witness_region = var.witness_region
+    }
+  }
+
+  tags = var.tags
+}
+
+resource "aws_dsql_cluster_peering" "this" {
+  count = var.create && var.create_cluster_peering ? 1 : 0
+
+  clusters       = var.clusters
+  identifier     = aws_dsql_cluster.this[0].identifier
+  witness_region = var.witness_region
+
+  timeouts {
+    create = try(var.timeouts.create, null)
+  }
+}

modules/dsql/outputs.tf

@@ -0,0 +1,24 @@
+output "arn" {
+  description = "ARN of the cluster"
+  value       = try(aws_dsql_cluster.this[0].arn, null)
+}
+
+output "identifier" {
+  description = "Cluster identifier"
+  value       = try(aws_dsql_cluster.this[0].identifier, null)
+}
+
+output "encryption_details" {
+  description = "Encryption configuration details for the DSQL cluster"
+  value       = try(aws_dsql_cluster.this[0].encryption_details, null)
+}
+
+output "multi_region_properties" {
+  description = "Multi-region properties of the DSQL cluster"
+  value       = try(aws_dsql_cluster.this[0].multi_region_properties, null)
+}
+
+output "vpc_endpoint_service_name" {
+  description = "The DSQL cluster's VPC endpoint service name"
+  value       = try(aws_dsql_cluster.this[0].vpc_endpoint_service_name, null)
+}

modules/dsql/variables.tf

@@ -0,0 +1,47 @@
+variable "create" {
+  description = "Whether cluster should be created (affects all resources)"
+  type        = bool
+  default     = true
+}
+
+variable "deletion_protection_enabled" {
+  description = "Whether deletion protection is enabled in this cluster"
+  type        = bool
+  default     = null
+}
+
+variable "kms_encryption_key" {
+  description = "The ARN of the AWS KMS key that encrypts data in the DSQL Cluster, or `AWS_OWNED_KMS_KEY`"
+  type        = string
+  default     = null
+}
+
+variable "create_cluster_peering" {
+  description = "Whether to create cluster peering"
+  type        = bool
+  default     = false
+}
+
+variable "clusters" {
+  description = "List of DSQL Cluster ARNs to be peered to this cluster"
+  type        = list(string)
+  default     = null
+}
+
+variable "witness_region" {
+  description = "Witness region for the multi-region clusters. Setting this makes this cluster a multi-region cluster. Changing it recreates the cluster"
+  type        = string
+  default     = null
+}
+
+variable "timeouts" {
+  description = "Create timeout configuration for the cluster"
+  type        = any
+  default     = {}
+}
+
+variable "tags" {
+  description = "A map of tags to be associated with the AWS DSQL Cluster resource"
+  type        = map(string)
+  default     = {}
+}

modules/dsql/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.100"
+    }
+  }
+}