diff --git a/README.md b/README.md
index b7b7a17..136164a 100644
--- a/README.md
+++ b/README.md
@@ -25,23 +25,23 @@ module "cluster" {
name = "test-aurora-db-postgres96"
engine = "aurora-postgresql"
- engine_version = "14.5"
- instance_class = "db.r6g.large"
+ engine_version = "17.5"
+ instance_class = "db.r8g.large"
instances = {
one = {}
- 2 = {
- instance_class = "db.r6g.2xlarge"
+ two = {
+ instance_class = "db.r8g.2xlarge"
}
}
vpc_id = "vpc-12345678"
db_subnet_group_name = "db-subnet-group"
- security_group_rules = {
+ security_group_ingress_rules = {
ex1_ingress = {
- cidr_blocks = ["10.20.0.0/20"]
+ cidr_ipv4 = "10.20.0.0/20"
}
ex1_ingress = {
- source_security_group_id = "sg-12345678"
+ referenced_security_group_id = "sg-12345678"
}
}
@@ -62,22 +62,23 @@ module "cluster" {
There are a couple different configuration methods that can be used to create instances within the cluster:
-ℹ️ Only the pertinent attributes are shown for brevity
+ > [!NOTE]
+ > Only the pertinent attributes are shown for brevity
-1. Create homogenous cluster of any number of instances
+ 1. Create homogenous cluster of any number of instances
- Resources created:
- Writer: 1
- Reader(s): 2
-```hcl
- instance_class = "db.r6g.large"
- instances = {
- one = {}
- two = {}
- three = {}
- }
-```
+ ```hcl
+ cluster_instance_class = "db.r8g.large"
+ instances = {
+ one = {}
+ two = {}
+ three = {}
+ }
+ ```
2. Create homogenous cluster of instances w/ autoscaling enabled. This is redundant and we'll show why in the next example.
@@ -87,20 +88,21 @@ There are a couple different configuration methods that can be used to create in
- At least 4 readers (2 created directly, 2 created by appautoscaling)
- At most 7 reader instances (2 created directly, 5 created by appautoscaling)
-ℹ️ Autoscaling uses the instance class specified by `instance_class`.
+ > [!NOTE]
+ > Autoscaling uses the instance class specified by `cluster_instance_class`.
-```hcl
- instance_class = "db.r6g.large"
- instances = {
- one = {}
- two = {}
- three = {}
- }
+ ```hcl
+ cluster_instance_class = "db.r8g.large"
+ instances = {
+ one = {}
+ two = {}
+ three = {}
+ }
- autoscaling_enabled = true
- autoscaling_min_capacity = 2
- autoscaling_max_capacity = 5
-```
+ autoscaling_enabled = true
+ autoscaling_min_capacity = 2
+ autoscaling_max_capacity = 5
+ ```
3. Create homogeneous cluster scaled via autoscaling. At least one instance (writer) is required
@@ -110,16 +112,16 @@ There are a couple different configuration methods that can be used to create in
- At least 1 reader
- At most 5 readers
-```hcl
- instance_class = "db.r6g.large"
- instances = {
- one = {}
- }
+ ```hcl
+ cluster_instance_class = "db.r8g.large"
+ instances = {
+ one = {}
+ }
- autoscaling_enabled = true
- autoscaling_min_capacity = 1
- autoscaling_max_capacity = 5
-```
+ autoscaling_enabled = true
+ autoscaling_min_capacity = 1
+ autoscaling_max_capacity = 5
+ ```
4. Create heterogenous cluster to support mixed-use workloads
@@ -129,24 +131,24 @@ There are a couple different configuration methods that can be used to create in
- Writer: 1
- Readers: 2
-```hcl
- instance_class = "db.r5.large"
- instances = {
- one = {
- instance_class = "db.r5.2xlarge"
- publicly_accessible = true
- }
- two = {
- identifier = "static-member-1"
- instance_class = "db.r5.2xlarge"
+ ```hcl
+ cluster_instance_class = "db.r8g.large"
+ instances = {
+ one = {
+ instance_class = "db.r8g.2xlarge"
+ publicly_accessible = true
+ }
+ two = {
+ identifier = "static-member-1"
+ instance_class = "db.r8g.2xlarge"
+ }
+ three = {
+ identifier = "excluded-member-1"
+ instance_class = "db.r8g.large"
+ promotion_tier = 15
+ }
}
- three = {
- identifier = "excluded-member-1"
- instance_class = "db.r5.large"
- promotion_tier = 15
- }
- }
-```
+ ```
5. Create heterogenous cluster to support mixed-use workloads w/ autoscaling enabled
@@ -156,30 +158,31 @@ There are a couple different configuration methods that can be used to create in
- At least 3 readers (2 created directly, 1 created through appautoscaling)
- At most 7 readers (2 created directly, 5 created through appautoscaling)
-ℹ️ Autoscaling uses the instance class specified by `instance_class`.
-
-```hcl
- instance_class = "db.r5.large"
- instances = {
- one = {
- instance_class = "db.r5.2xlarge"
- publicly_accessible = true
- }
- two = {
- identifier = "static-member-1"
- instance_class = "db.r5.2xlarge"
- }
- three = {
- identifier = "excluded-member-1"
- instance_class = "db.r5.large"
- promotion_tier = 15
+ > [!NOTE]
+ > Autoscaling uses the instance class specified by `cluster_instance_class`.
+
+ ```hcl
+ cluster_instance_class = "db.r8g.large"
+ instances = {
+ one = {
+ instance_class = "db.r8g.2xlarge"
+ publicly_accessible = true
+ }
+ two = {
+ identifier = "static-member-1"
+ instance_class = "db.r8g.2xlarge"
+ }
+ three = {
+ identifier = "excluded-member-1"
+ instance_class = "db.r8g.large"
+ promotion_tier = 15
+ }
}
- }
- autoscaling_enabled = true
- autoscaling_min_capacity = 1
- autoscaling_max_capacity = 5
-```
+ autoscaling_enabled = true
+ autoscaling_min_capacity = 1
+ autoscaling_max_capacity = 5
+ ```
## Conditional Creation
@@ -206,44 +209,17 @@ module "cluster" {
}
```
-## DSQL Multi Region Peered Clusters
-```hcl
-module "dsql_cluster_1" {
- source = "../../modules/dsql"
-
- witness_region = "us-west-2"
- create_cluster_peering = true
- clusters = [module.dsql_cluster_2.arn]
-
- tags = { Name = "dsql-1" }
-}
-
-module "dsql_cluster_2" {
- source = "../../modules/dsql"
-
- witness_region = "us-west-2"
- create_cluster_peering = true
- clusters = [module.dsql_cluster_1.arn]
-
- tags = { Name = "dsql-2" }
-
- providers = {
- aws = aws.region2
- }
-}
-```
-
## Examples
- [Autoscaling](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/autoscaling): A PostgreSQL cluster with enhanced monitoring and autoscaling enabled
-- [Limitless](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/limitless): A PostgreSQL Limitless cluster
+- [DSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/dsql): Multi region and single region DSQL clusters
- [Global Cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/global-cluster): A PostgreSQL global cluster with clusters provisioned in two different region
+- [Limitless](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/limitless): A PostgreSQL Limitless cluster
- [Multi-AZ](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/multi-az): A multi-AZ RDS cluster (not using Aurora engine)
- [MySQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/mysql): A simple MySQL cluster
- [PostgreSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/postgresql): A simple PostgreSQL cluster
- [S3 Import](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/s3-import): A MySQL cluster created from a Percona Xtrabackup stored in S3
- [Serverless](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/serverless): Serverless V1 and V2 (PostgreSQL and MySQL)
-- [DSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/dsql): Multi region and single region DSQL clusters
## Documentation
@@ -254,14 +230,14 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
@@ -287,9 +263,11 @@ No modules.
| [aws_rds_shard_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_shard_group) | resource |
| [aws_secretsmanager_secret_rotation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_rotation) | resource |
| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_vpc_security_group_egress_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
+| [aws_vpc_security_group_ingress_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
| [aws_iam_policy_document.monitoring_rds_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_service_principal.monitoring_rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source |
## Inputs
@@ -298,7 +276,6 @@ No modules.
| [allocated\_storage](#input\_allocated\_storage) | The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (This setting is required to create a Multi-AZ DB cluster) | `number` | `null` | no |
| [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Enable to allow major engine version upgrades when changing engine versions. Defaults to `false` | `bool` | `false` | no |
| [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` | `bool` | `null` | no |
-| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true` | `bool` | `null` | no |
| [autoscaling\_enabled](#input\_autoscaling\_enabled) | Determines whether autoscaling of the cluster read replicas is enabled | `bool` | `false` | no |
| [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of read replicas permitted when autoscaling is enabled | `number` | `2` | no |
| [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of read replicas permitted when autoscaling is enabled | `number` | `0` | no |
@@ -310,50 +287,35 @@ No modules.
| [availability\_zones](#input\_availability\_zones) | List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply | `list(string)` | `null` | no |
| [backtrack\_window](#input\_backtrack\_window) | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | `number` | `null` | no |
| [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for | `number` | `null` | no |
-| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instance | `string` | `null` | no |
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | Additional tags for the CloudWatch log group(s) | `map(string)` | `{}` | no |
+| [cluster\_activity\_stream](#input\_cluster\_activity\_stream) | Map of arguments for the created DB cluster activity stream | object({
include_audit_fields = optional(bool, false)
kms_key_id = string
mode = string
}) | `null` | no |
| [cluster\_ca\_cert\_identifier](#input\_cluster\_ca\_cert\_identifier) | The CA certificate identifier to use for the DB cluster's server certificate. Currently only supported for multi-az DB clusters | `string` | `null` | no |
+| [cluster\_db\_instance\_parameter\_group\_name](#input\_cluster\_db\_instance\_parameter\_group\_name) | Instance parameter group to associate with all instances of the DB cluster. The `cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade` | `string` | `null` | no |
+| [cluster\_instance\_class](#input\_cluster\_instance\_class) | The compute and memory capacity of each DB instance in the Multi-AZ DB cluster (not all DB instance classes are available in all AWS Regions, or for all database engines) | `string` | `null` | no |
| [cluster\_members](#input\_cluster\_members) | List of RDS Instances that are a part of this cluster | `list(string)` | `null` | no |
| [cluster\_monitoring\_interval](#input\_cluster\_monitoring\_interval) | Interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. Valid Values: 0, 1, 5, 10, 15, 30, 60 | `number` | `0` | no |
+| [cluster\_parameter\_group](#input\_cluster\_parameter\_group) | Map of nested arguments for the created DB cluster parameter group | object({
name = optional(string)
use_name_prefix = optional(bool, true)
description = optional(string)
family = string
parameters = optional(list(object({
name = string
value = string
apply_method = optional(string, "immediate")
})))
}) | `null` | no |
+| [cluster\_parameter\_group\_name](#input\_cluster\_parameter\_group\_name) | The name of an existing DB cluster parameter group. Required when `cluster_parameter_group` is not provided (`null`) | `string` | `null` | no |
| [cluster\_performance\_insights\_enabled](#input\_cluster\_performance\_insights\_enabled) | Enables Performance Insights for the RDS Cluster | `bool` | `null` | no |
| [cluster\_performance\_insights\_kms\_key\_id](#input\_cluster\_performance\_insights\_kms\_key\_id) | Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (aws/rds) | `string` | `null` | no |
| [cluster\_performance\_insights\_retention\_period](#input\_cluster\_performance\_insights\_retention\_period) | Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are 7, month * 31 (where month is a number of months from 1-23), and 731 | `number` | `null` | no |
| [cluster\_scalability\_type](#input\_cluster\_scalability\_type) | Specifies the scalability mode of the Aurora DB cluster. When set to limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation. Valid values: limitless, standard | `string` | `null` | no |
| [cluster\_tags](#input\_cluster\_tags) | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | `map(string)` | `{}` | no |
-| [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no |
+| [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | object({
create = optional(string)
update = optional(string)
delete = optional(string)
}) | `null` | no |
| [cluster\_use\_name\_prefix](#input\_cluster\_use\_name\_prefix) | Whether to use `name` as a prefix for the cluster | `bool` | `false` | no |
-| [compute\_redundancy](#input\_compute\_redundancy) | Specifies whether to create standby DB shard groups for the DB shard group | `number` | `null` | no |
-| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy all Cluster `tags` to snapshots | `bool` | `null` | no |
+| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy all Cluster `tags` to snapshots | `bool` | `true` | no |
| [create](#input\_create) | Whether cluster should be created (affects nearly all resources) | `bool` | `true` | no |
| [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no |
-| [create\_db\_cluster\_activity\_stream](#input\_create\_db\_cluster\_activity\_stream) | Determines whether a cluster activity stream is created. | `bool` | `false` | no |
-| [create\_db\_cluster\_parameter\_group](#input\_create\_db\_cluster\_parameter\_group) | Determines whether a cluster parameter should be created or use existing | `bool` | `false` | no |
-| [create\_db\_parameter\_group](#input\_create\_db\_parameter\_group) | Determines whether a DB parameter should be created or use existing | `bool` | `false` | no |
| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Determines whether to create the database subnet group or use existing | `bool` | `false` | no |
| [create\_monitoring\_role](#input\_create\_monitoring\_role) | Determines whether to create the IAM role for RDS enhanced monitoring | `bool` | `true` | no |
| [create\_security\_group](#input\_create\_security\_group) | Determines whether to create security group for RDS cluster | `bool` | `true` | no |
-| [create\_shard\_group](#input\_create\_shard\_group) | Whether to create a shard group resource | `bool` | `false` | no |
| [database\_insights\_mode](#input\_database\_insights\_mode) | The mode of Database Insights to enable for the DB cluster. Valid values: standard, advanced | `string` | `null` | no |
| [database\_name](#input\_database\_name) | Name for an automatically created database on cluster creation | `string` | `null` | no |
-| [db\_cluster\_activity\_stream\_kms\_key\_id](#input\_db\_cluster\_activity\_stream\_kms\_key\_id) | The AWS KMS key identifier for encrypting messages in the database activity stream | `string` | `null` | no |
-| [db\_cluster\_activity\_stream\_mode](#input\_db\_cluster\_activity\_stream\_mode) | Specifies the mode of the database activity stream. Database events such as a change or access generate an activity stream event. One of: sync, async | `string` | `null` | no |
-| [db\_cluster\_db\_instance\_parameter\_group\_name](#input\_db\_cluster\_db\_instance\_parameter\_group\_name) | Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade` | `string` | `null` | no |
-| [db\_cluster\_instance\_class](#input\_db\_cluster\_instance\_class) | The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines | `string` | `null` | no |
-| [db\_cluster\_parameter\_group\_description](#input\_db\_cluster\_parameter\_group\_description) | The description of the DB cluster parameter group. Defaults to "Managed by Terraform" | `string` | `null` | no |
-| [db\_cluster\_parameter\_group\_family](#input\_db\_cluster\_parameter\_group\_family) | The family of the DB cluster parameter group | `string` | `""` | no |
-| [db\_cluster\_parameter\_group\_name](#input\_db\_cluster\_parameter\_group\_name) | The name of the DB cluster parameter group | `string` | `null` | no |
-| [db\_cluster\_parameter\_group\_parameters](#input\_db\_cluster\_parameter\_group\_parameters) | A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other | `list(map(string))` | `[]` | no |
-| [db\_cluster\_parameter\_group\_use\_name\_prefix](#input\_db\_cluster\_parameter\_group\_use\_name\_prefix) | Determines whether the DB cluster parameter group name is used as a prefix | `bool` | `true` | no |
-| [db\_parameter\_group\_description](#input\_db\_parameter\_group\_description) | The description of the DB parameter group. Defaults to "Managed by Terraform" | `string` | `null` | no |
-| [db\_parameter\_group\_family](#input\_db\_parameter\_group\_family) | The family of the DB parameter group | `string` | `""` | no |
-| [db\_parameter\_group\_name](#input\_db\_parameter\_group\_name) | The name of the DB parameter group | `string` | `null` | no |
-| [db\_parameter\_group\_parameters](#input\_db\_parameter\_group\_parameters) | A list of DB parameters to apply. Note that parameters may differ from a family to an other | `list(map(string))` | `[]` | no |
-| [db\_parameter\_group\_use\_name\_prefix](#input\_db\_parameter\_group\_use\_name\_prefix) | Determines whether the DB parameter group name is used as a prefix | `bool` | `true` | no |
-| [db\_shard\_group\_identifier](#input\_db\_shard\_group\_identifier) | The name of the DB shard group | `string` | `null` | no |
+| [db\_parameter\_group](#input\_db\_parameter\_group) | Map of nested arguments for the created DB parameter group | object({
name = optional(string)
use_name_prefix = optional(bool, true)
description = optional(string)
family = string
parameters = optional(list(object({
name = string
value = string
apply_method = optional(string, "immediate")
})))
}) | `null` | no |
| [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | The name of the subnet group name (existing or created) | `string` | `""` | no |
| [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB cluster is deleted | `bool` | `null` | no |
| [deletion\_protection](#input\_deletion\_protection) | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | `bool` | `null` | no |
@@ -361,74 +323,65 @@ No modules.
| [domain\_iam\_role\_name](#input\_domain\_iam\_role\_name) | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | `string` | `null` | no |
| [enable\_global\_write\_forwarding](#input\_enable\_global\_write\_forwarding) | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster | `bool` | `null` | no |
| [enable\_http\_endpoint](#input\_enable\_http\_endpoint) | Enable HTTP endpoint (data API). Only valid when engine\_mode is set to `serverless` | `bool` | `null` | no |
-| [enable\_local\_write\_forwarding](#input\_enable\_local\_write\_forwarding) | Whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. | `bool` | `null` | no |
+| [enable\_local\_write\_forwarding](#input\_enable\_local\_write\_forwarding) | Whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances | `bool` | `null` | no |
| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` | `list(string)` | `[]` | no |
-| [endpoints](#input\_endpoints) | Map of additional cluster endpoints and their attributes to be created | `any` | `{}` | no |
+| [endpoints](#input\_endpoints) | Map of additional cluster endpoints and their attributes to be created | map(object({
identifier = string
type = string
excluded_members = optional(list(string))
static_members = optional(list(string))
tags = optional(map(string), {})
})) | `{}` | no |
| [engine](#input\_engine) | The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql` | `string` | `null` | no |
-| [engine\_lifecycle\_support](#input\_engine\_lifecycle\_support) | The life cycle type for this DB instance. This setting is valid for cluster types Aurora DB clusters and Multi-AZ DB clusters. Valid values are `open-source-rds-extended-support`, `open-source-rds-extended-support-disabled`. Default value is `open-source-rds-extended-support`. | `string` | `null` | no |
+| [engine\_lifecycle\_support](#input\_engine\_lifecycle\_support) | The life cycle type for this DB instance. This setting is valid for cluster types Aurora DB clusters and Multi-AZ DB clusters. Valid values are `open-source-rds-extended-support`, `open-source-rds-extended-support-disabled`. Default value is `open-source-rds-extended-support` | `string` | `null` | no |
| [engine\_mode](#input\_engine\_mode) | The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned` | `string` | `"provisioned"` | no |
-| [engine\_native\_audit\_fields\_included](#input\_engine\_native\_audit\_fields\_included) | Specifies whether the database activity stream includes engine-native audit fields. This option only applies to an Oracle DB instance. By default, no engine-native audit fields are included | `bool` | `false` | no |
| [engine\_version](#input\_engine\_version) | The database engine version. Updating this argument results in an outage | `string` | `null` | no |
| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made | `string` | `null` | no |
| [global\_cluster\_identifier](#input\_global\_cluster\_identifier) | The global cluster identifier specified on `aws_rds_global_cluster` | `string` | `null` | no |
| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `null` | no |
| [iam\_role\_description](#input\_iam\_role\_description) | Description of the monitoring role | `string` | `null` | no |
-| [iam\_role\_force\_detach\_policies](#input\_iam\_role\_force\_detach\_policies) | Whether to force detaching any policies the monitoring role has before destroying it | `bool` | `null` | no |
-| [iam\_role\_managed\_policy\_arns](#input\_iam\_role\_managed\_policy\_arns) | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | `list(string)` | `null` | no |
| [iam\_role\_max\_session\_duration](#input\_iam\_role\_max\_session\_duration) | Maximum session duration (in seconds) that you want to set for the monitoring role | `number` | `null` | no |
| [iam\_role\_name](#input\_iam\_role\_name) | Friendly name of the monitoring role | `string` | `null` | no |
| [iam\_role\_path](#input\_iam\_role\_path) | Path for the monitoring role | `string` | `null` | no |
| [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the monitoring role | `string` | `null` | no |
| [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether to use `iam_role_name` as is or create a unique name beginning with the `iam_role_name` as the prefix | `bool` | `false` | no |
-| [iam\_roles](#input\_iam\_roles) | Map of IAM roles and supported feature names to associate with the cluster | `map(map(string))` | `{}` | no |
-| [instance\_class](#input\_instance\_class) | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | `string` | `""` | no |
-| [instance\_timeouts](#input\_instance\_timeouts) | Create, update, and delete timeout configurations for the cluster instance(s) | `map(string)` | `{}` | no |
-| [instances](#input\_instances) | Map of cluster instances and any specific/overriding attributes to be created | `any` | `{}` | no |
+| [instance\_timeouts](#input\_instance\_timeouts) | Create, update, and delete timeout configurations for the cluster instance(s) | object({
create = optional(string)
update = optional(string)
delete = optional(string)
}) | `null` | no |
+| [instances](#input\_instances) | Map of cluster instances and any specific/overriding attributes to be created | map(object({
apply_immediately = optional(bool)
auto_minor_version_upgrade = optional(bool)
availability_zone = optional(string)
ca_cert_identifier = optional(string)
copy_tags_to_snapshot = optional(bool, true)
custom_iam_instance_profile = optional(string)
db_parameter_group_name = optional(string)
db_subnet_group_name = optional(string)
identifier = optional(string)
identifier_prefix = optional(string)
instance_class = optional(string)
monitoring_interval = optional(number)
monitoring_role_arn = optional(string)
performance_insights_enabled = optional(bool)
performance_insights_kms_key_id = optional(string)
performance_insights_retention_period = optional(number)
preferred_maintenance_window = optional(string)
promotion_tier = optional(number)
publicly_accessible = optional(bool)
tags = optional(map(string), {})
})) | `{}` | no |
| [instances\_use\_identifier\_prefix](#input\_instances\_use\_identifier\_prefix) | Determines whether cluster instance identifiers are used as prefixes | `bool` | `false` | no |
| [iops](#input\_iops) | The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster | `number` | `null` | no |
| [is\_primary\_cluster](#input\_is\_primary\_cluster) | Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters) | `bool` | `true` | no |
| [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true` | `string` | `null` | no |
-| [manage\_master\_user\_password](#input\_manage\_master\_user\_password) | Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password` is provided | `bool` | `true` | no |
-| [manage\_master\_user\_password\_rotation](#input\_manage\_master\_user\_password\_rotation) | Whether to manage the master user password rotation. By default, false on creation, rotation is managed by RDS. There is not currently a way to disable this on initial creation even when set to false. Setting this value to false after previously having been set to true will disable automatic rotation. | `bool` | `false` | no |
-| [master\_password](#input\_master\_password) | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Required unless `manage_master_user_password` is set to `true` or unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database | `string` | `null` | no |
-| [master\_user\_password\_rotate\_immediately](#input\_master\_user\_password\_rotate\_immediately) | Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. | `bool` | `null` | no |
+| [manage\_master\_user\_password](#input\_manage\_master\_user\_password) | Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password_wo` is provided | `bool` | `true` | no |
+| [manage\_master\_user\_password\_rotation](#input\_manage\_master\_user\_password\_rotation) | Whether to manage the master user password rotation. By default, false on creation, rotation is managed by RDS. There is not currently a way to disable this on initial creation even when set to false. Setting this value to false after previously having been set to true will disable automatic rotation | `bool` | `false` | no |
+| [master\_password\_wo](#input\_master\_password\_wo) | Write-Only required unless `manage_master_user_password` is set to `true`, a `snapshot_identifier`, `replication_source_identifier`, or unless a `global_cluster_identifier` is provided when the cluster is the "secondary" cluster of a global database) Password for the master DB user | `string` | `null` | no |
+| [master\_password\_wo\_version](#input\_master\_password\_wo\_version) | Used together with `master_password_wo` to trigger an update. Increment this value when an update to the `master_password_wo` is required | `string` | `null` | no |
+| [master\_user\_password\_rotate\_immediately](#input\_master\_user\_password\_rotate\_immediately) | Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window | `bool` | `null` | no |
| [master\_user\_password\_rotation\_automatically\_after\_days](#input\_master\_user\_password\_rotation\_automatically\_after\_days) | Specifies the number of days between automatic scheduled rotations of the secret. Either `master_user_password_rotation_automatically_after_days` or `master_user_password_rotation_schedule_expression` must be specified | `number` | `null` | no |
-| [master\_user\_password\_rotation\_duration](#input\_master\_user\_password\_rotation\_duration) | The length of the rotation window in hours. For example, 3h for a three hour window. | `string` | `null` | no |
+| [master\_user\_password\_rotation\_duration](#input\_master\_user\_password\_rotation\_duration) | The length of the rotation window in hours. For example, 3h for a three hour window | `string` | `null` | no |
| [master\_user\_password\_rotation\_schedule\_expression](#input\_master\_user\_password\_rotation\_schedule\_expression) | A cron() or rate() expression that defines the schedule for rotating your secret. Either `master_user_password_rotation_automatically_after_days` or `master_user_password_rotation_schedule_expression` must be specified | `string` | `null` | no |
| [master\_user\_secret\_kms\_key\_id](#input\_master\_user\_secret\_kms\_key\_id) | The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key | `string` | `null` | no |
| [master\_username](#input\_master\_username) | Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database | `string` | `null` | no |
-| [max\_acu](#input\_max\_acu) | The maximum capacity of the DB shard group in Aurora capacity units (ACUs) | `number` | `null` | no |
-| [min\_acu](#input\_min\_acu) | The minimum capacity of the DB shard group in Aurora capacity units (ACUs) | `number` | `null` | no |
-| [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disable. Default is `0` | `number` | `0` | no |
| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | `string` | `""` | no |
| [name](#input\_name) | Name used across resources created | `string` | `""` | no |
| [network\_type](#input\_network\_type) | The type of network stack to use (IPV4 or DUAL) | `string` | `null` | no |
-| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights is enabled or not | `bool` | `null` | no |
-| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data | `string` | `null` | no |
-| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | `number` | `null` | no |
| [port](#input\_port) | The port on which the DB accepts connections | `string` | `null` | no |
| [predefined\_metric\_type](#input\_predefined\_metric\_type) | The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections` | `string` | `"RDSReaderAverageCPUUtilization"` | no |
-| [preferred\_backup\_window](#input\_preferred\_backup\_window) | The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC | `string` | `"02:00-03:00"` | no |
-| [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | The weekly time range during which system maintenance can occur, in (UTC) | `string` | `"sun:05:00-sun:06:00"` | no |
-| [publicly\_accessible](#input\_publicly\_accessible) | Determines whether instances are publicly accessible. Default `false` | `bool` | `null` | no |
+| [preferred\_backup\_window](#input\_preferred\_backup\_window) | Daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region, e.g. `04:00-09:00` | `string` | `null` | no |
+| [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | Weekly time range during which system maintenance can occur, in (UTC) e.g., `wed:04:00-wed:04:30` | `string` | `null` | no |
| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
+| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
| [replication\_source\_identifier](#input\_replication\_source\_identifier) | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | `string` | `null` | no |
-| [restore\_to\_point\_in\_time](#input\_restore\_to\_point\_in\_time) | Map of nested attributes for cloning Aurora cluster | `map(string)` | `{}` | no |
-| [s3\_import](#input\_s3\_import) | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | `map(string)` | `{}` | no |
-| [scaling\_configuration](#input\_scaling\_configuration) | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | `map(string)` | `{}` | no |
+| [restore\_to\_point\_in\_time](#input\_restore\_to\_point\_in\_time) | Map of nested attributes for cloning Aurora cluster | object({
restore_to_time = optional(string)
restore_type = optional(string)
source_cluster_identifier = optional(string)
source_cluster_resource_id = optional(string)
use_latest_restorable_time = optional(bool)
}) | `null` | no |
+| [role\_associations](#input\_role\_associations) | Map of IAM roles and supported feature names to associate with the cluster | map(object({
feature_name = optional(string)
role_arn = string
})) | `{}` | no |
+| [s3\_import](#input\_s3\_import) | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | object({
bucket_name = string
bucket_prefix = optional(string)
ingestion_role = string
source_engine_version = string
}) | `null` | no |
+| [scaling\_configuration](#input\_scaling\_configuration) | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | object({
auto_pause = optional(bool)
max_capacity = optional(number)
min_capacity = optional(number)
seconds_before_timeout = optional(number)
seconds_until_auto_pause = optional(number)
timeout_action = optional(string)
}) | `null` | no |
| [security\_group\_description](#input\_security\_group\_description) | The description of the security group. If value is set to empty string it will contain cluster name in the description | `string` | `null` | no |
+| [security\_group\_egress\_rules](#input\_security\_group\_egress\_rules) | Map of security group egress rules to add to the security group created | map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
region = optional(string)
tags = optional(map(string), {})
to_port = optional(number)
})) | `{}` | no |
+| [security\_group\_ingress\_rules](#input\_security\_group\_ingress\_rules) | Map of security group ingress rules to add to the security group created | map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
region = optional(string)
tags = optional(map(string), {})
to_port = optional(number)
})) | `{}` | no |
| [security\_group\_name](#input\_security\_group\_name) | The security group name. Default value is (`var.name`) | `string` | `""` | no |
-| [security\_group\_rules](#input\_security\_group\_rules) | Map of security group rules to add to the cluster security group created | `any` | `{}` | no |
| [security\_group\_tags](#input\_security\_group\_tags) | Additional tags for the security group | `map(string)` | `{}` | no |
| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`var.name`) is used as a prefix | `bool` | `true` | no |
-| [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned` | `map(string)` | `{}` | no |
-| [shard\_group\_tags](#input\_shard\_group\_tags) | Additional tags for the shard group | `map(string)` | `{}` | no |
-| [shard\_group\_timeouts](#input\_shard\_group\_timeouts) | Create, update, and delete timeout configurations for the shard group | `map(string)` | `{}` | no |
+| [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned` | object({
max_capacity = number
min_capacity = optional(number)
seconds_until_auto_pause = optional(number)
}) | `null` | no |
+| [shard\_group](#input\_shard\_group) | Arguments for the DB shard group to be created | object({
compute_redundancy = optional(number)
identifier = string
max_acu = number
min_acu = optional(number)
publicly_accessible = optional(bool)
tags = optional(map(string), {})
timeouts = optional(object({
create = optional(string)
update = optional(string)
delete = optional(string)
}))
}) | `null` | no |
| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | `bool` | `false` | no |
| [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | `string` | `null` | no |
| [source\_region](#input\_source\_region) | The source region for an encrypted replica DB cluster | `string` | `null` | no |
| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB cluster is encrypted. The default is `true` | `bool` | `true` | no |
-| [storage\_type](#input\_storage\_type) | Determines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ: `aurora`, `""` (default, both refer to Aurora Standard), `aurora-iopt1` (Aurora I/O Optimized). Valid values for Multi-AZ: `io1` (default). | `string` | `null` | no |
+| [storage\_type](#input\_storage\_type) | Determines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ: `aurora`, `""` (default, both refer to Aurora Standard), `aurora-iopt1` (Aurora I/O Optimized). Valid values for Multi-AZ: `io1` (default) | `string` | `null` | no |
| [subnets](#input\_subnets) | List of subnet IDs used by database subnet group created | `list(string)` | `[]` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [vpc\_id](#input\_vpc\_id) | ID of the VPC where to create security group | `string` | `""` | no |
diff --git a/docs/UPGRADE-10.0.md b/docs/UPGRADE-10.0.md
new file mode 100644
index 0000000..73f6aba
--- /dev/null
+++ b/docs/UPGRADE-10.0.md
@@ -0,0 +1,260 @@
+# Upgrade from v9.x to v10.x
+
+If you have any questions regarding this upgrade process, please consult the `examples` directory.
+If you find a bug, please open an issue with supporting configuration to reproduce.
+
+## List of backwards incompatible changes
+
+- Terraform `v1.11` is now minimum supported version to support write-only (`wo_*`) attributes.
+- AWS provider `v6.18` is now minimum supported version
+- The underlying `aws_security_group_rule` resources has been replaced with `aws_vpc_security_group_ingress_rule` and `aws_vpc_security_group_egress_rule` to allow for more flexibility in defining security group rules.
+- `master_password` is no longer supported and only the write-only equivalent is supported (`master_password_wo` and `master_password_wo_version`) ([#513](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/pull/513))
+- `security_group_rules` has been split into `security_group_ingress_rules` and `security_group_egress_rules` to better match the AWS API and allow for more flexibility in defining security group rules
+
+## Additional changes
+
+### Added
+
+- Support for `region` argument to specify the AWS region for the resources created if different from the provider region.
+
+### Modified
+
+- Variable definitions now contain detailed object types in place of the previously used `any` type
+- `copy_tags_to_snapshot` default value is now `true` ([#521](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/issues/521))
+- `db_cluster_parameter_group_parameters` was previously of type `list(map(...))`, now of type `map(object(...))`with `name` being optional and defaulting to the map key if not provided
+- `preferred_maintenance_window` and `preferred_backup_window` default values are now `null` ([#524](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/pull/524))
+
+### Removed
+
+- None
+
+### Variable and output changes
+
+1. Removed variables:
+
+ - `auto_minor_version_upgrade` -> still available within the `instances` variable definition
+ - `ca_cert_identifier` -> available within the `instances` variable definition
+ - `monitoring_interval` -> still available within the `instances` variable definition
+ - `performance_insights_enabled` -> still available within the `instances` variable definition
+ - `performance_insights_kms_key_id` -> still available within the `instances` variable definition
+ - `performance_insights_retention_period` -> still available within the `instances` variable definition
+ - `iam_role_managed_policy_arns` -> deprecated argument on `aws_iam_role` resource
+ - `iam_role_force_detach_policies` -> hardcode to `true`
+
+2. Renamed variables:
+
+ - `instance_class` -> `cluster_instance_class`
+ - `db_cluster_db_instance_parameter_group_name` -> `cluster_db_instance_parameter_group_name`
+ - `role_associations` was previously `iam_roles`
+ - `master_password` replaced with `master_password_wo` and `master_password_wo_version`
+ - The variables for DB shard group have been nested under a single, top-level `shard_group` variable:
+ - `create_shard_group` removed - set `shard_group` to `null` to disable or provide an object to enable
+ - `compute_redundancy` -> `shard_group.compute_redundancy`
+ - `db_shard_group_identifier` -> `shard_group.identifier`
+ - `max_acu` -> `shard_group.max_acu`
+ - `min_acu` -> `shard_group.min_acu`
+ - `publicly_accessible` -> `shard_group.publicly_accessible`
+ - `shard_group_tags` -> `shard_group.tags`
+ - `shard_group_timeouts` -> `shard_group.timeouts`
+ - The variables for the cluster activity stream have been nested under a single, top-level `cluster_activity_stream` variable:
+ - `create_db_cluster_activity_stream` removed - set `cluster_activity_stream` to `null` to disable or provide an object to enable
+ - `db_cluster_activity_stream_mode` -> `cluster_activity_stream.mode`
+ - `db_cluster_activity_stream_kms_key_id` -> `cluster_activity_stream.kms_key_id`
+ - `engine_native_audit_fields_included` -> `cluster_activity_stream.include_audit_fields`
+ - The variables for the cluster parameter group have been nested under a single, top-level `cluster_parameter_group` variable:
+ - `create_db_cluster_parameter_group` removed - set `cluster_parameter_group` to `null` to disable or provide an object to enable
+ - `db_cluster_parameter_group_name` -> `cluster_parameter_group.name`
+ - `db_cluster_parameter_group_use_name_prefix` -> `cluster_parameter_group.use_name_prefix`
+ - `db_cluster_parameter_group_description` -> `cluster_parameter_group.description`
+ - `db_cluster_parameter_group_family` -> `cluster_parameter_group.family`
+ - `db_cluster_parameter_group_parameters` -> `cluster_parameter_group.parameters`
+ - The variables for the instance parameter group have been nested under a single, top-level `db_parameter_group` variable:
+ - `create_db_parameter_group` removed - set `db_parameter_group` to `null` to disable or provide an object to enable
+ - `db_parameter_group_name` -> `db_parameter_group.name`
+ - A variable `cluster_parameter_group_name` has been retained for when users want to provide an existing cluster parameter group name.
+ - `db_parameter_group_use_name_prefix` -> `db_parameter_group.use_name_prefix`
+ - `db_parameter_group_description` -> `db_parameter_group.description`
+ - `db_parameter_group_family` -> `db_parameter_group.family`
+ - `db_parameter_group_parameters` -> `db_parameter_group.parameters`
+
+3. Added variables:
+
+ - `region`
+
+4. Removed outputs:
+
+ - None
+
+5. Renamed outputs:
+
+ - None
+
+6. Added outputs:
+
+ - None
+
+## Upgrade Migrations
+
+### Before 9.x Example
+
+```hcl
+module "cluster" {
+ source = "terraform-aws-modules/rds-aurora/aws"
+ version = "~> 9.0"
+
+ # Only the affected attributes are shown
+ instance_class = "db.r8g.large"
+ monitoring_interval = 60
+
+ security_group_rules = {
+ vpc_ingress = {
+ cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ }
+ }
+
+ master_password = random_password.master.result
+
+ # For limitless databases
+ create_shard_group = true
+ compute_redundancy = 0
+ db_shard_group_identifier = "example"
+ max_acu = 16
+
+ create_db_cluster_parameter_group = true
+ db_cluster_parameter_group_name = "example"
+ db_cluster_parameter_group_family = "aurora-postgresql16"
+ db_cluster_parameter_group_description = "Example cluster parameter group"
+ db_cluster_parameter_group_parameters = [
+ {
+ name = "log_min_duration_statement"
+ value = 4000
+ apply_method = "immediate"
+ }, {
+ name = "rds.force_ssl"
+ value = 1
+ apply_method = "immediate"
+ }
+ ]
+
+ create_db_parameter_group = true
+ db_parameter_group_name = "example"
+ db_parameter_group_family = "aurora-mysql8.0"
+ db_parameter_group_description = "Example DB parameter group"
+ db_parameter_group_parameters = [
+ {
+ name = "connect_timeout"
+ value = 60
+ apply_method = "immediate"
+ },
+ ]
+
+ create_db_cluster_activity_stream = true
+ db_cluster_activity_stream_kms_key_id = module.kms.key_id
+ db_cluster_activity_stream_mode = "async"
+
+ iam_roles = {
+ s3_import = {
+ role_arn = aws_iam_role.s3_import.arn
+ feature_name = "s3Import"
+ }
+ }
+
+ tags = {
+ Environment = "dev"
+ Terraform = "true"
+ }
+}
+```
+
+### After 10.x Example
+
+```hcl
+module "cluster" {
+ source = "terraform-aws-modules/rds-aurora/aws"
+ version = "~> 10.0"
+
+ # Only the affected attributes are shown
+ cluster_instance_class = "db.r8g.large"
+ cluster_monitoring_interval = 60
+
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
+ }
+ }
+
+ master_password_wo = random_password.master.result
+ master_password_wo_version = 1
+
+ # For limitless databases
+ shard_group = {
+ compute_redundancy = 0
+ identifier = "example"
+ max_acu = 16
+ }
+
+ cluster_parameter_group = {
+ name = "example"
+ family = "aurora-postgresql16"
+ description = "Example cluster parameter group"
+ parameters = [
+ {
+ name = "log_min_duration_statement"
+ value = 4000
+ apply_method = "immediate"
+ }, {
+ name = "rds.force_ssl"
+ value = 1
+ apply_method = "immediate"
+ }
+ ]
+ }
+
+ db_parameter_group = {
+ name = "example"
+ family = "aurora-mysql8.0"
+ description = "Example DB parameter group"
+ parameters = [
+ {
+ name = "connect_timeout"
+ value = 60
+ apply_method = "immediate"
+ },
+ ]
+ }
+
+ cluster_activity_stream = {
+ kms_key_id = module.kms.key_id
+ mode = "async"
+ }
+
+ role_associations = {
+ s3Import = {
+ role_arn = aws_iam_role.s3_import.arn
+ # feature_name = "s3Import" # same as setting value to key
+ }
+ }
+
+ tags = {
+ Environment = "dev"
+ Terraform = "true"
+ }
+}
+```
+
+### State Changes
+
+Due to the change from `aws_security_group_rule` to `aws_vpc_security_group_ingress_rule` and `aws_vpc_security_group_egress_rule`, the following reference state changes are required to maintain the current security group rules. (Note: these are different resource types so they cannot be moved with `terraform mv ...`)
+
+```sh
+terraform state rm 'module.aurora.aws_security_group_rule.this["vpc_ingress"]'
+terraform state import 'module.aurora.aws_vpc_security_group_ingress_rule.this["private-az1"]' 'sg-xxx'
+terraform state import 'module.aurora.aws_vpc_security_group_ingress_rule.this["private-az2"]' 'sg-xxx'
+terraform state import 'module.aurora.aws_vpc_security_group_ingress_rule.this["private-az3"]' 'sg-xxx'
+```
diff --git a/examples/autoscaling/README.md b/examples/autoscaling/README.md
index c40b4e5..885eacf 100644
--- a/examples/autoscaling/README.md
+++ b/examples/autoscaling/README.md
@@ -19,14 +19,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
@@ -34,7 +34,7 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
| [disabled\_aurora](#module\_disabled\_aurora) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/autoscaling/main.tf b/examples/autoscaling/main.tf
index d2252be..42f243f 100644
--- a/examples/autoscaling/main.tf
+++ b/examples/autoscaling/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -25,18 +31,24 @@ locals {
module "aurora" {
source = "../../"
- name = local.name
- engine = "aurora-postgresql"
- engine_version = "14.5"
- instance_class = "db.r6g.large"
- instances = { 1 = {} }
- master_username = "root"
+ name = local.name
+ engine = "aurora-postgresql"
+ engine_version = "17.5"
+ cluster_instance_class = "db.r8g.large"
+ instances = { 1 = {} }
+ master_username = "root"
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
@@ -44,7 +56,7 @@ module "aurora" {
autoscaling_min_capacity = 1
autoscaling_max_capacity = 5
- monitoring_interval = 60
+ cluster_monitoring_interval = 60
iam_role_name = "${local.name}-monitor"
iam_role_use_name_prefix = true
iam_role_description = "${local.name} RDS enhanced monitoring IAM role"
@@ -71,7 +83,7 @@ module "disabled_aurora" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
diff --git a/examples/autoscaling/versions.tf b/examples/autoscaling/versions.tf
index c00acf7..23d5557 100644
--- a/examples/autoscaling/versions.tf
+++ b/examples/autoscaling/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/dsql/README.md b/examples/dsql/README.md
index e381540..23dbf54 100644
--- a/examples/dsql/README.md
+++ b/examples/dsql/README.md
@@ -19,8 +19,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.100 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
diff --git a/examples/dsql/main.tf b/examples/dsql/main.tf
index c605446..4a11bcb 100644
--- a/examples/dsql/main.tf
+++ b/examples/dsql/main.tf
@@ -1,15 +1,10 @@
provider "aws" {
- region = local.region
-}
-
-provider "aws" {
- region = local.region2
- alias = "region2"
+ region = local.region1
}
locals {
name = "ex-${basename(path.cwd)}"
- region = "us-east-1"
+ region1 = "us-east-1"
region2 = "us-east-2"
witness_region = "us-west-2"
@@ -27,37 +22,46 @@ locals {
module "dsql_cluster_1" {
source = "../../modules/dsql"
+ name = "${local.name}-1"
+
+ # For example only
deletion_protection_enabled = false
- witness_region = local.witness_region
- create_cluster_peering = true
- clusters = [module.dsql_cluster_2.arn]
+
+ witness_region = local.witness_region
+ create_cluster_peering = true
+ clusters = [module.dsql_cluster_2.arn]
timeouts = {
create = "1h"
}
- tags = merge(local.tags, { Name = local.name })
+ tags = local.tags
}
module "dsql_cluster_2" {
source = "../../modules/dsql"
+ region = local.region2
+
+ name = "${local.name}-2"
+
+ # For example only
deletion_protection_enabled = false
- witness_region = local.witness_region
- create_cluster_peering = true
- clusters = [module.dsql_cluster_1.arn]
- tags = merge(local.tags, { Name = local.name })
+ witness_region = local.witness_region
+ create_cluster_peering = true
+ clusters = [module.dsql_cluster_1.arn]
- providers = {
- aws = aws.region2
- }
+ tags = merge(local.tags, { Name = local.name })
}
module "dsql_single_region" {
source = "../../modules/dsql"
+ name = local.name
+
+ # For example only
deletion_protection_enabled = false
- tags = merge(local.tags, { Name = "single-region" })
+ tags = local.tags
}
diff --git a/examples/dsql/versions.tf b/examples/dsql/versions.tf
index 7aad8ab..23d5557 100644
--- a/examples/dsql/versions.tf
+++ b/examples/dsql/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.100"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/global-cluster/README.md b/examples/global-cluster/README.md
index af76781..1c84cd4 100644
--- a/examples/global-cluster/README.md
+++ b/examples/global-cluster/README.md
@@ -19,17 +19,16 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
-| [random](#requirement\_random) | >= 2.2 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
+| [random](#requirement\_random) | >= 3.5 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
-| [aws.secondary](#provider\_aws.secondary) | >= 5.89 |
-| [random](#provider\_random) | >= 2.2 |
+| [aws](#provider\_aws) | >= 6.18 |
+| [random](#provider\_random) | >= 3.5 |
## Modules
@@ -37,8 +36,8 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| [aurora\_primary](#module\_aurora\_primary) | ../../ | n/a |
| [aurora\_secondary](#module\_aurora\_secondary) | ../../ | n/a |
-| [primary\_vpc](#module\_primary\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| [secondary\_vpc](#module\_secondary\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [primary\_vpc](#module\_primary\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| [secondary\_vpc](#module\_secondary\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/global-cluster/main.tf b/examples/global-cluster/main.tf
index 3ebc5ca..f022fff 100644
--- a/examples/global-cluster/main.tf
+++ b/examples/global-cluster/main.tf
@@ -2,15 +2,26 @@ provider "aws" {
region = local.primary_region
}
-provider "aws" {
- alias = "secondary"
- region = local.secondary_region
+data "aws_caller_identity" "current" {}
+
+data "aws_availability_zones" "primary" {
+ region = local.primary_region
+
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
}
-data "aws_caller_identity" "current" {}
-data "aws_availability_zones" "primary" {}
data "aws_availability_zones" "secondary" {
- provider = aws.secondary
+ region = local.secondary_region
+
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
}
locals {
@@ -38,7 +49,7 @@ locals {
resource "aws_rds_global_cluster" "this" {
global_cluster_identifier = local.name
engine = "aurora-postgresql"
- engine_version = "14.5"
+ engine_version = "17.5"
database_name = "example_db"
storage_encrypted = true
}
@@ -52,21 +63,27 @@ module "aurora_primary" {
engine_version = aws_rds_global_cluster.this.engine_version
master_username = "root"
global_cluster_identifier = aws_rds_global_cluster.this.id
- instance_class = "db.r6g.large"
+ cluster_instance_class = "db.r8g.large"
instances = { for i in range(2) : i => {} }
kms_key_id = aws_kms_key.primary.arn
vpc_id = module.primary_vpc.vpc_id
db_subnet_group_name = module.primary_vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.primary_vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.primary_vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.primary_vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.primary_vpc.private_subnets_cidr_blocks, 2)
}
}
# Global clusters do not support managed master user password
- manage_master_user_password = false
- master_password = random_password.master.result
+ master_password_wo = random_password.master.result
+ master_password_wo_version = 1
skip_final_snapshot = true
@@ -76,7 +93,7 @@ module "aurora_primary" {
module "aurora_secondary" {
source = "../../"
- providers = { aws = aws.secondary }
+ region = local.secondary_region
is_primary_cluster = false
@@ -85,20 +102,27 @@ module "aurora_secondary" {
engine_version = aws_rds_global_cluster.this.engine_version
global_cluster_identifier = aws_rds_global_cluster.this.id
source_region = local.primary_region
- instance_class = "db.r6g.large"
+ cluster_instance_class = "db.r8g.large"
instances = { for i in range(2) : i => {} }
kms_key_id = aws_kms_key.secondary.arn
vpc_id = module.secondary_vpc.vpc_id
db_subnet_group_name = module.secondary_vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.secondary_vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.secondary_vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.secondary_vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.secondary_vpc.private_subnets_cidr_blocks, 2)
}
}
# Global clusters do not support managed master user password
- master_password = random_password.master.result
+ master_password_wo = random_password.master.result
+ master_password_wo_version = 1
skip_final_snapshot = true
@@ -120,7 +144,7 @@ resource "random_password" "master" {
module "primary_vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.primary_vpc_cidr
@@ -136,9 +160,9 @@ module "primary_vpc" {
module "secondary_vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
- providers = { aws = aws.secondary }
+ region = local.secondary_region
name = local.name
cidr = local.secondary_vpc_cidr
@@ -193,7 +217,7 @@ resource "aws_kms_key" "primary" {
}
resource "aws_kms_key" "secondary" {
- provider = aws.secondary
+ region = local.secondary_region
policy = data.aws_iam_policy_document.rds.json
tags = local.tags
diff --git a/examples/global-cluster/versions.tf b/examples/global-cluster/versions.tf
index 157cc31..1e701a3 100644
--- a/examples/global-cluster/versions.tf
+++ b/examples/global-cluster/versions.tf
@@ -1,15 +1,14 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
-
random = {
source = "hashicorp/random"
- version = ">= 2.2"
+ version = ">= 3.5"
}
}
}
diff --git a/examples/limitless/README.md b/examples/limitless/README.md
index efbf8c2..b2a9f16 100644
--- a/examples/limitless/README.md
+++ b/examples/limitless/README.md
@@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
| [random](#requirement\_random) | >= 3.5 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
| [random](#provider\_random) | >= 3.5 |
## Modules
@@ -35,8 +35,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
-| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/limitless/main.tf b/examples/limitless/main.tf
index 5524cbd..eb652fc 100644
--- a/examples/limitless/main.tf
+++ b/examples/limitless/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -25,66 +31,66 @@ locals {
module "aurora" {
source = "../../"
- name = local.name
- engine = "aurora-postgresql"
- engine_version = "16.6-limitless"
- master_username = "root"
- storage_type = "aurora-iopt1"
- cluster_monitoring_interval = 30
- cluster_scalability_type = "limitless"
+ name = local.name
+ engine = "aurora-postgresql"
+ engine_version = "16.9-limitless"
+ storage_type = "aurora-iopt1"
+ cluster_scalability_type = "limitless"
+ cluster_monitoring_interval = 30
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless-reqs-limits.html
cluster_performance_insights_enabled = true
cluster_performance_insights_retention_period = 31
- create_shard_group = true
- compute_redundancy = 0
- db_shard_group_identifier = local.name
- max_acu = 16
+ shard_group = {
+ compute_redundancy = 0
+ identifier = local.name
+ max_acu = 16
+ }
# aurora limitless clusters do not support managed master user password
manage_master_user_password = false
- master_password = random_password.master.result
+ master_username = "root"
+ master_password_wo = random_password.master.result
+ master_password_wo_version = 1
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
}
- egress_example = {
- type = "egress"
- cidr_blocks = ["10.33.0.0/28"]
- description = "Egress to corporate printer closet"
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
apply_immediately = true
skip_final_snapshot = true
- create_db_cluster_parameter_group = true
- db_cluster_parameter_group_name = local.name
- db_cluster_parameter_group_family = "aurora-postgresql16"
- db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
- db_cluster_parameter_group_parameters = [
- {
- name = "log_min_duration_statement"
- value = 4000
- apply_method = "immediate"
- }, {
- name = "rds.force_ssl"
- value = 1
- apply_method = "immediate"
- }
- ]
+ cluster_parameter_group = {
+ name = local.name
+ family = "aurora-postgresql16"
+ description = "${local.name} example cluster parameter group"
+ parameters = [
+ {
+ name = "log_min_duration_statement"
+ value = 4000
+ apply_method = "immediate"
+ }, {
+ name = "rds.force_ssl"
+ value = 1
+ apply_method = "immediate"
+ }
+ ]
+ }
enabled_cloudwatch_logs_exports = ["postgresql"]
create_cloudwatch_log_group = true
- cloudwatch_log_group_tags = {
- Sensitivity = "high"
- }
-
tags = local.tags
}
@@ -99,7 +105,7 @@ resource "random_password" "master" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
@@ -111,18 +117,3 @@ module "vpc" {
tags = local.tags
}
-
-module "kms" {
- source = "terraform-aws-modules/kms/aws"
- version = "~> 2.0"
-
- deletion_window_in_days = 7
- description = "KMS key for ${local.name} cluster activity stream."
- enable_key_rotation = true
- is_enabled = true
- key_usage = "ENCRYPT_DECRYPT"
-
- aliases = [local.name]
-
- tags = local.tags
-}
diff --git a/examples/limitless/versions.tf b/examples/limitless/versions.tf
index 2832cf7..1e701a3 100644
--- a/examples/limitless/versions.tf
+++ b/examples/limitless/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
random = {
source = "hashicorp/random"
diff --git a/examples/multi-az/README.md b/examples/multi-az/README.md
index d97a1a8..7394c06 100644
--- a/examples/multi-az/README.md
+++ b/examples/multi-az/README.md
@@ -19,21 +19,21 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/multi-az/main.tf b/examples/multi-az/main.tf
index 25dd353..848b4d8 100644
--- a/examples/multi-az/main.tf
+++ b/examples/multi-az/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -27,7 +33,7 @@ module "aurora" {
name = local.name
engine = "postgres" # This uses RDS engine, not Aurora
- engine_version = "15.7"
+ engine_version = "17.5"
master_username = "root"
vpc_id = module.vpc.vpc_id
@@ -42,11 +48,11 @@ module "aurora" {
cluster_performance_insights_retention_period = 31
# Multi-AZ
- availability_zones = module.vpc.azs
- allocated_storage = 256
- db_cluster_instance_class = "db.r6gd.large"
- iops = 2500
- storage_type = "io1"
+ availability_zones = module.vpc.azs
+ allocated_storage = 256
+ cluster_instance_class = "db.c6gd.large"
+ iops = 2500
+ storage_type = "io1"
cluster_ca_cert_identifier = "rds-ca-rsa4096-g1"
@@ -61,7 +67,7 @@ module "aurora" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
diff --git a/examples/multi-az/versions.tf b/examples/multi-az/versions.tf
index c00acf7..23d5557 100644
--- a/examples/multi-az/versions.tf
+++ b/examples/multi-az/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/mysql/README.md b/examples/mysql/README.md
index ec4fcab..70ec9fa 100644
--- a/examples/mysql/README.md
+++ b/examples/mysql/README.md
@@ -19,23 +19,23 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
-| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 5.0 |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 4.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 6.0 |
## Resources
diff --git a/examples/mysql/main.tf b/examples/mysql/main.tf
index d513874..9f0a446 100644
--- a/examples/mysql/main.tf
+++ b/examples/mysql/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -31,132 +37,154 @@ module "aurora" {
master_username = "root"
instances = {
1 = {
- instance_class = "db.r5.large"
+ instance_class = "db.r8g.large"
publicly_accessible = true
}
2 = {
identifier = "mysql-static-1"
- instance_class = "db.r5.2xlarge"
+ instance_class = "db.r8g.2xlarge"
}
3 = {
identifier = "mysql-excluded-1"
- instance_class = "db.r5.xlarge"
+ instance_class = "db.r8g.xlarge"
promotion_tier = 15
}
}
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
}
- kms_vpc_endpoint = {
- type = "egress"
- from_port = 443
- to_port = 443
- source_security_group_id = module.vpc_endpoints.security_group_id
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
+ }
+ }
+ security_group_egress_rules = {
+ kms-vpc-endpoint = {
+ to_port = 443
+ referenced_security_group_id = module.vpc_endpoints.security_group_id
}
}
apply_immediately = true
skip_final_snapshot = true
- create_db_cluster_parameter_group = true
- db_cluster_parameter_group_name = local.name
- db_cluster_parameter_group_family = "aurora-mysql8.0"
- db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
- db_cluster_parameter_group_parameters = [
- {
- name = "connect_timeout"
- value = 120
- apply_method = "immediate"
- }, {
- name = "innodb_lock_wait_timeout"
- value = 300
- apply_method = "immediate"
- }, {
- name = "log_output"
- value = "FILE"
- apply_method = "immediate"
- }, {
- name = "max_allowed_packet"
- value = "67108864"
- apply_method = "immediate"
- }, {
- name = "aurora_parallel_query"
- value = "OFF"
- apply_method = "pending-reboot"
- }, {
- name = "binlog_format"
- value = "ROW"
- apply_method = "pending-reboot"
- }, {
- name = "log_bin_trust_function_creators"
- value = 1
- apply_method = "immediate"
- }, {
- name = "require_secure_transport"
- value = "ON"
- apply_method = "immediate"
- }, {
- name = "tls_version"
- value = "TLSv1.2"
- apply_method = "pending-reboot"
- }
- ]
-
- create_db_parameter_group = true
- db_parameter_group_name = local.name
- db_parameter_group_family = "aurora-mysql8.0"
- db_parameter_group_description = "${local.name} example DB parameter group"
- db_parameter_group_parameters = [
- {
- name = "connect_timeout"
- value = 60
- apply_method = "immediate"
- }, {
- name = "general_log"
- value = 0
- apply_method = "immediate"
- }, {
- name = "innodb_lock_wait_timeout"
- value = 300
- apply_method = "immediate"
- }, {
- name = "log_output"
- value = "FILE"
- apply_method = "pending-reboot"
- }, {
- name = "long_query_time"
- value = 5
- apply_method = "immediate"
- }, {
- name = "max_connections"
- value = 2000
- apply_method = "immediate"
- }, {
- name = "slow_query_log"
- value = 1
- apply_method = "immediate"
- }, {
- name = "log_bin_trust_function_creators"
- value = 1
- apply_method = "immediate"
- }
- ]
+ cluster_parameter_group = {
+ name = local.name
+ family = "aurora-mysql8.0"
+ description = "${local.name} example cluster parameter group"
+ parameters = [
+ {
+ name = "connect_timeout"
+ value = 120
+ apply_method = "immediate"
+ },
+ {
+ name = "innodb_lock_wait_timeout"
+ value = 300
+ apply_method = "immediate"
+ },
+ {
+ name = "log_output"
+ value = "FILE"
+ apply_method = "pending-reboot"
+ },
+ {
+ name = "max_allowed_packet"
+ value = "67108864"
+ apply_method = "immediate"
+ },
+ {
+ name = "aurora_parallel_query"
+ value = 0
+ apply_method = "pending-reboot"
+ },
+ {
+ name = "binlog_format"
+ value = "ROW"
+ apply_method = "pending-reboot"
+ },
+ {
+ name = "log_bin_trust_function_creators"
+ value = 1
+ apply_method = "immediate"
+ },
+ {
+ name = "require_secure_transport"
+ value = "ON"
+ apply_method = "immediate"
+ },
+ {
+ name = "tls_version"
+ value = "TLSv1.2"
+ apply_method = "pending-reboot"
+ }
+ ]
+ }
+
+ db_parameter_group = {
+ name = local.name
+ family = "aurora-mysql8.0"
+ description = "${local.name} example DB parameter group"
+ parameters = [
+ {
+ name = "connect_timeout"
+ value = 60
+ apply_method = "immediate"
+ },
+ {
+ name = "general_log"
+ value = 0
+ apply_method = "immediate"
+ },
+ {
+ name = "innodb_lock_wait_timeout"
+ value = 300
+ apply_method = "immediate"
+ },
+ {
+ name = "log_output"
+ value = "FILE"
+ apply_method = "pending-reboot"
+ },
+ {
+ name = "long_query_time"
+ value = 5
+ apply_method = "immediate"
+ },
+ {
+ name = "max_connections"
+ value = 2000
+ apply_method = "immediate"
+ },
+ {
+ name = "slow_query_log"
+ value = 1
+ apply_method = "immediate"
+ },
+ {
+ name = "log_bin_trust_function_creators"
+ value = 1
+ apply_method = "immediate"
+ }
+ ]
+ }
enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
- create_db_cluster_activity_stream = true
- db_cluster_activity_stream_kms_key_id = module.kms.key_id
+ cluster_activity_stream = {
+ kms_key_id = module.kms.key_id
+ mode = "async"
+ }
manage_master_user_password_rotation = true
master_user_password_rotation_schedule_expression = "rate(15 days)"
- # https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Overview.html#DBActivityStreams.Overview.sync-mode
- db_cluster_activity_stream_mode = "async"
-
tags = local.tags
}
@@ -166,7 +194,7 @@ module "aurora" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
@@ -181,10 +209,10 @@ module "vpc" {
module "kms" {
source = "terraform-aws-modules/kms/aws"
- version = "~> 2.0"
+ version = "~> 4.0"
deletion_window_in_days = 7
- description = "KMS key for ${local.name} cluster activity stream."
+ description = "KMS key for ${local.name} cluster activity stream"
enable_key_rotation = true
is_enabled = true
key_usage = "ENCRYPT_DECRYPT"
@@ -197,7 +225,7 @@ module "kms" {
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Prereqs.html#DBActivityStreams.Prereqs.KMS
module "vpc_endpoints" {
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
- version = "~> 5.0"
+ version = "~> 6.0"
vpc_id = module.vpc.vpc_id
diff --git a/examples/mysql/versions.tf b/examples/mysql/versions.tf
index c00acf7..23d5557 100644
--- a/examples/mysql/versions.tf
+++ b/examples/mysql/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/postgresql/README.md b/examples/postgresql/README.md
index 223fd64..1315274 100644
--- a/examples/postgresql/README.md
+++ b/examples/postgresql/README.md
@@ -19,22 +19,22 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
-| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 4.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/postgresql/main.tf b/examples/postgresql/main.tf
index f521fe2..3b7e1f2 100644
--- a/examples/postgresql/main.tf
+++ b/examples/postgresql/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -27,24 +33,24 @@ module "aurora" {
name = local.name
engine = "aurora-postgresql"
- engine_version = "14.13"
+ engine_version = "17.5"
master_username = "root"
storage_type = "aurora-iopt1"
cluster_monitoring_interval = 30
instances = {
1 = {
- instance_class = "db.r5.2xlarge"
+ instance_class = "db.r8g.2xlarge"
publicly_accessible = true
db_parameter_group_name = "default.aurora-postgresql14"
}
2 = {
identifier = "static-member-1"
- instance_class = "db.r5.2xlarge"
+ instance_class = "db.r8g.2xlarge"
}
3 = {
identifier = "excluded-member-1"
- instance_class = "db.r5.large"
+ instance_class = "db.r8g.large"
promotion_tier = 15
}
}
@@ -66,14 +72,15 @@ module "aurora" {
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
}
- egress_example = {
- type = "egress"
- cidr_blocks = ["10.33.0.0/28"]
- description = "Egress to corporate printer closet"
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
@@ -82,45 +89,45 @@ module "aurora" {
engine_lifecycle_support = "open-source-rds-extended-support-disabled"
- create_db_cluster_parameter_group = true
- db_cluster_parameter_group_name = local.name
- db_cluster_parameter_group_family = "aurora-postgresql14"
- db_cluster_parameter_group_description = "${local.name} example cluster parameter group"
- db_cluster_parameter_group_parameters = [
- {
- name = "log_min_duration_statement"
- value = 4000
- apply_method = "immediate"
- }, {
- name = "rds.force_ssl"
- value = 1
- apply_method = "immediate"
- }
- ]
-
- create_db_parameter_group = true
- db_parameter_group_name = local.name
- db_parameter_group_family = "aurora-postgresql14"
- db_parameter_group_description = "${local.name} example DB parameter group"
- db_parameter_group_parameters = [
- {
- name = "log_min_duration_statement"
- value = 4000
- apply_method = "immediate"
- }
- ]
+ cluster_parameter_group = {
+ name = local.name
+ family = "aurora-postgresql17"
+ description = "${local.name} example cluster parameter group"
+ parameters = [
+ {
+ name = "log_min_duration_statement"
+ value = 4000
+ apply_method = "immediate"
+ },
+ {
+ name = "rds.force_ssl"
+ value = 1
+ apply_method = "pending-reboot"
+ }
+ ]
+ }
+
+ db_parameter_group = {
+ name = local.name
+ family = "aurora-postgresql17"
+ description = "${local.name} example DB parameter group"
+ parameters = [
+ {
+ name = "log_min_duration_statement"
+ value = 4000
+ apply_method = "immediate"
+ }
+ ]
+ }
enabled_cloudwatch_logs_exports = ["postgresql"]
create_cloudwatch_log_group = true
- cloudwatch_log_group_tags = {
- Sensitivity = "high"
+ cluster_activity_stream = {
+ kms_key_id = module.kms.key_id
+ mode = "async"
}
- create_db_cluster_activity_stream = true
- db_cluster_activity_stream_kms_key_id = module.kms.key_id
- db_cluster_activity_stream_mode = "async"
-
tags = local.tags
}
@@ -130,7 +137,7 @@ module "aurora" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
@@ -145,15 +152,15 @@ module "vpc" {
module "kms" {
source = "terraform-aws-modules/kms/aws"
- version = "~> 2.0"
+ version = "~> 4.0"
deletion_window_in_days = 7
- description = "KMS key for ${local.name} cluster activity stream."
+ description = "KMS key for ${local.name} cluster activity stream"
enable_key_rotation = true
is_enabled = true
key_usage = "ENCRYPT_DECRYPT"
- aliases = [local.name]
+ aliases = ["rds/${local.name}"]
tags = local.tags
}
diff --git a/examples/postgresql/versions.tf b/examples/postgresql/versions.tf
index c00acf7..23d5557 100644
--- a/examples/postgresql/versions.tf
+++ b/examples/postgresql/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/s3-import/README.md b/examples/s3-import/README.md
index e128f91..74200b0 100644
--- a/examples/s3-import/README.md
+++ b/examples/s3-import/README.md
@@ -48,22 +48,22 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [aurora](#module\_aurora) | ../../ | n/a |
-| [import\_s3\_bucket](#module\_import\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [import\_s3\_bucket](#module\_import\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
diff --git a/examples/s3-import/main.tf b/examples/s3-import/main.tf
index 86f9bf0..f1cc8b5 100644
--- a/examples/s3-import/main.tf
+++ b/examples/s3-import/main.tf
@@ -2,7 +2,13 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
@@ -25,25 +31,31 @@ locals {
module "aurora" {
source = "../../"
- name = local.name
- engine = "aurora-mysql"
- engine_version = "5.7.12"
- master_username = "root"
- instance_class = "db.r5.large"
- instances = { 1 = {} }
+ name = local.name
+ engine = "aurora-mysql"
+ engine_version = "5.7.12"
+ master_username = "root"
+ cluster_instance_class = "db.r8g.large"
+ instances = { 1 = {} }
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
- iam_roles = {
- s3_import = {
- role_arn = aws_iam_role.s3_import.arn
- feature_name = "s3Import"
+ role_associations = {
+ s3Import = {
+ role_arn = aws_iam_role.s3_import.arn
+ # feature_name = "s3Import" # same as setting value to key
}
}
@@ -67,7 +79,7 @@ module "aurora" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
@@ -82,7 +94,7 @@ module "vpc" {
module "import_s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
- version = "~> 3.0"
+ version = "~> 5.0"
bucket_prefix = "${local.name}-"
acl = "private"
diff --git a/examples/s3-import/versions.tf b/examples/s3-import/versions.tf
index c00acf7..23d5557 100644
--- a/examples/s3-import/versions.tf
+++ b/examples/s3-import/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/examples/serverless/README.md b/examples/serverless/README.md
index 42eb54c..b6901d6 100644
--- a/examples/serverless/README.md
+++ b/examples/serverless/README.md
@@ -19,15 +19,15 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.89 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
| [random](#requirement\_random) | >= 3.5 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.89 |
+| [aws](#provider\_aws) | >= 6.18 |
| [random](#provider\_random) | >= 3.5 |
## Modules
@@ -35,10 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| [aurora\_mysql](#module\_aurora\_mysql) | ../../ | n/a |
-| [aurora\_mysql\_v2](#module\_aurora\_mysql\_v2) | ../../ | n/a |
| [aurora\_postgresql](#module\_aurora\_postgresql) | ../../ | n/a |
-| [aurora\_postgresql\_v2](#module\_aurora\_postgresql\_v2) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
## Resources
@@ -56,85 +54,45 @@ No inputs.
| Name | Description |
|------|-------------|
-| [aurora\_mysql\_v2\_additional\_cluster\_endpoints](#output\_aurora\_mysql\_v2\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
-| [aurora\_mysql\_v2\_cluster\_arn](#output\_aurora\_mysql\_v2\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
-| [aurora\_mysql\_v2\_cluster\_database\_name](#output\_aurora\_mysql\_v2\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
-| [aurora\_mysql\_v2\_cluster\_endpoint](#output\_aurora\_mysql\_v2\_cluster\_endpoint) | Writer endpoint for the cluster |
-| [aurora\_mysql\_v2\_cluster\_engine\_version\_actual](#output\_aurora\_mysql\_v2\_cluster\_engine\_version\_actual) | The running version of the cluster database |
-| [aurora\_mysql\_v2\_cluster\_hosted\_zone\_id](#output\_aurora\_mysql\_v2\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
-| [aurora\_mysql\_v2\_cluster\_id](#output\_aurora\_mysql\_v2\_cluster\_id) | The RDS Cluster Identifier |
-| [aurora\_mysql\_v2\_cluster\_instances](#output\_aurora\_mysql\_v2\_cluster\_instances) | A map of cluster instances and their attributes |
-| [aurora\_mysql\_v2\_cluster\_master\_password](#output\_aurora\_mysql\_v2\_cluster\_master\_password) | The database master password |
-| [aurora\_mysql\_v2\_cluster\_master\_username](#output\_aurora\_mysql\_v2\_cluster\_master\_username) | The database master username |
-| [aurora\_mysql\_v2\_cluster\_members](#output\_aurora\_mysql\_v2\_cluster\_members) | List of RDS Instances that are a part of this cluster |
-| [aurora\_mysql\_v2\_cluster\_port](#output\_aurora\_mysql\_v2\_cluster\_port) | The database port |
-| [aurora\_mysql\_v2\_cluster\_reader\_endpoint](#output\_aurora\_mysql\_v2\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
-| [aurora\_mysql\_v2\_cluster\_resource\_id](#output\_aurora\_mysql\_v2\_cluster\_resource\_id) | The RDS Cluster Resource ID |
-| [aurora\_mysql\_v2\_cluster\_role\_associations](#output\_aurora\_mysql\_v2\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
-| [aurora\_mysql\_v2\_db\_subnet\_group\_name](#output\_aurora\_mysql\_v2\_db\_subnet\_group\_name) | The db subnet group name |
-| [aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_arn](#output\_aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
-| [aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
-| [aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_mysql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
-| [aurora\_mysql\_v2\_security\_group\_id](#output\_aurora\_mysql\_v2\_security\_group\_id) | The security group ID of the cluster |
-| [aurora\_postgresql\_v2\_additional\_cluster\_endpoints](#output\_aurora\_postgresql\_v2\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
-| [aurora\_postgresql\_v2\_cluster\_arn](#output\_aurora\_postgresql\_v2\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
-| [aurora\_postgresql\_v2\_cluster\_database\_name](#output\_aurora\_postgresql\_v2\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
-| [aurora\_postgresql\_v2\_cluster\_endpoint](#output\_aurora\_postgresql\_v2\_cluster\_endpoint) | Writer endpoint for the cluster |
-| [aurora\_postgresql\_v2\_cluster\_engine\_version\_actual](#output\_aurora\_postgresql\_v2\_cluster\_engine\_version\_actual) | The running version of the cluster database |
-| [aurora\_postgresql\_v2\_cluster\_hosted\_zone\_id](#output\_aurora\_postgresql\_v2\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
-| [aurora\_postgresql\_v2\_cluster\_id](#output\_aurora\_postgresql\_v2\_cluster\_id) | The RDS Cluster Identifier |
-| [aurora\_postgresql\_v2\_cluster\_instances](#output\_aurora\_postgresql\_v2\_cluster\_instances) | A map of cluster instances and their attributes |
-| [aurora\_postgresql\_v2\_cluster\_master\_password](#output\_aurora\_postgresql\_v2\_cluster\_master\_password) | The database master password |
-| [aurora\_postgresql\_v2\_cluster\_master\_username](#output\_aurora\_postgresql\_v2\_cluster\_master\_username) | The database master username |
-| [aurora\_postgresql\_v2\_cluster\_members](#output\_aurora\_postgresql\_v2\_cluster\_members) | List of RDS Instances that are a part of this cluster |
-| [aurora\_postgresql\_v2\_cluster\_port](#output\_aurora\_postgresql\_v2\_cluster\_port) | The database port |
-| [aurora\_postgresql\_v2\_cluster\_reader\_endpoint](#output\_aurora\_postgresql\_v2\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
-| [aurora\_postgresql\_v2\_cluster\_resource\_id](#output\_aurora\_postgresql\_v2\_cluster\_resource\_id) | The RDS Cluster Resource ID |
-| [aurora\_postgresql\_v2\_cluster\_role\_associations](#output\_aurora\_postgresql\_v2\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
-| [aurora\_postgresql\_v2\_db\_subnet\_group\_name](#output\_aurora\_postgresql\_v2\_db\_subnet\_group\_name) | The db subnet group name |
-| [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_arn](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
-| [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
-| [aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_postgresql\_v2\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
-| [aurora\_postgresql\_v2\_security\_group\_id](#output\_aurora\_postgresql\_v2\_security\_group\_id) | The security group ID of the cluster |
-| [aurora\_postresql\_v2\_cloudwatch\_log\_groups](#output\_aurora\_postresql\_v2\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes |
-| [mysql\_additional\_cluster\_endpoints](#output\_mysql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
-| [mysql\_cluster\_arn](#output\_mysql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
-| [mysql\_cluster\_database\_name](#output\_mysql\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
-| [mysql\_cluster\_endpoint](#output\_mysql\_cluster\_endpoint) | Writer endpoint for the cluster |
-| [mysql\_cluster\_engine\_version\_actual](#output\_mysql\_cluster\_engine\_version\_actual) | The running version of the cluster database |
-| [mysql\_cluster\_hosted\_zone\_id](#output\_mysql\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
-| [mysql\_cluster\_id](#output\_mysql\_cluster\_id) | The RDS Cluster Identifier |
-| [mysql\_cluster\_instances](#output\_mysql\_cluster\_instances) | A map of cluster instances and their attributes |
-| [mysql\_cluster\_master\_password](#output\_mysql\_cluster\_master\_password) | The database master password |
-| [mysql\_cluster\_master\_username](#output\_mysql\_cluster\_master\_username) | The database master username |
-| [mysql\_cluster\_members](#output\_mysql\_cluster\_members) | List of RDS Instances that are a part of this cluster |
-| [mysql\_cluster\_port](#output\_mysql\_cluster\_port) | The database port |
-| [mysql\_cluster\_reader\_endpoint](#output\_mysql\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
-| [mysql\_cluster\_resource\_id](#output\_mysql\_cluster\_resource\_id) | The RDS Cluster Resource ID |
-| [mysql\_cluster\_role\_associations](#output\_mysql\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
-| [mysql\_db\_subnet\_group\_name](#output\_mysql\_db\_subnet\_group\_name) | The db subnet group name |
-| [mysql\_enhanced\_monitoring\_iam\_role\_arn](#output\_mysql\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
-| [mysql\_enhanced\_monitoring\_iam\_role\_name](#output\_mysql\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
-| [mysql\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_mysql\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
-| [mysql\_security\_group\_id](#output\_mysql\_security\_group\_id) | The security group ID of the cluster |
-| [postgresql\_additional\_cluster\_endpoints](#output\_postgresql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
-| [postgresql\_cluster\_arn](#output\_postgresql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
-| [postgresql\_cluster\_database\_name](#output\_postgresql\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
-| [postgresql\_cluster\_endpoint](#output\_postgresql\_cluster\_endpoint) | Writer endpoint for the cluster |
-| [postgresql\_cluster\_engine\_version\_actual](#output\_postgresql\_cluster\_engine\_version\_actual) | The running version of the cluster database |
-| [postgresql\_cluster\_hosted\_zone\_id](#output\_postgresql\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
-| [postgresql\_cluster\_id](#output\_postgresql\_cluster\_id) | The RDS Cluster Identifier |
-| [postgresql\_cluster\_instances](#output\_postgresql\_cluster\_instances) | A map of cluster instances and their attributes |
-| [postgresql\_cluster\_master\_password](#output\_postgresql\_cluster\_master\_password) | The database master password |
-| [postgresql\_cluster\_master\_username](#output\_postgresql\_cluster\_master\_username) | The database master username |
-| [postgresql\_cluster\_members](#output\_postgresql\_cluster\_members) | List of RDS Instances that are a part of this cluster |
-| [postgresql\_cluster\_port](#output\_postgresql\_cluster\_port) | The database port |
-| [postgresql\_cluster\_reader\_endpoint](#output\_postgresql\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
-| [postgresql\_cluster\_resource\_id](#output\_postgresql\_cluster\_resource\_id) | The RDS Cluster Resource ID |
-| [postgresql\_cluster\_role\_associations](#output\_postgresql\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
-| [postgresql\_db\_subnet\_group\_name](#output\_postgresql\_db\_subnet\_group\_name) | The db subnet group name |
-| [postgresql\_enhanced\_monitoring\_iam\_role\_arn](#output\_postgresql\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
-| [postgresql\_enhanced\_monitoring\_iam\_role\_name](#output\_postgresql\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
-| [postgresql\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_postgresql\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
-| [postgresql\_security\_group\_id](#output\_postgresql\_security\_group\_id) | The security group ID of the cluster |
+| [aurora\_mysql\_additional\_cluster\_endpoints](#output\_aurora\_mysql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
+| [aurora\_mysql\_cluster\_arn](#output\_aurora\_mysql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
+| [aurora\_mysql\_cluster\_database\_name](#output\_aurora\_mysql\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
+| [aurora\_mysql\_cluster\_endpoint](#output\_aurora\_mysql\_cluster\_endpoint) | Writer endpoint for the cluster |
+| [aurora\_mysql\_cluster\_engine\_version\_actual](#output\_aurora\_mysql\_cluster\_engine\_version\_actual) | The running version of the cluster database |
+| [aurora\_mysql\_cluster\_hosted\_zone\_id](#output\_aurora\_mysql\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
+| [aurora\_mysql\_cluster\_id](#output\_aurora\_mysql\_cluster\_id) | The RDS Cluster Identifier |
+| [aurora\_mysql\_cluster\_instances](#output\_aurora\_mysql\_cluster\_instances) | A map of cluster instances and their attributes |
+| [aurora\_mysql\_cluster\_master\_password](#output\_aurora\_mysql\_cluster\_master\_password) | The database master password |
+| [aurora\_mysql\_cluster\_master\_username](#output\_aurora\_mysql\_cluster\_master\_username) | The database master username |
+| [aurora\_mysql\_cluster\_members](#output\_aurora\_mysql\_cluster\_members) | List of RDS Instances that are a part of this cluster |
+| [aurora\_mysql\_cluster\_port](#output\_aurora\_mysql\_cluster\_port) | The database port |
+| [aurora\_mysql\_cluster\_reader\_endpoint](#output\_aurora\_mysql\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
+| [aurora\_mysql\_cluster\_resource\_id](#output\_aurora\_mysql\_cluster\_resource\_id) | The RDS Cluster Resource ID |
+| [aurora\_mysql\_cluster\_role\_associations](#output\_aurora\_mysql\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
+| [aurora\_mysql\_db\_subnet\_group\_name](#output\_aurora\_mysql\_db\_subnet\_group\_name) | The db subnet group name |
+| [aurora\_mysql\_enhanced\_monitoring\_iam\_role\_arn](#output\_aurora\_mysql\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
+| [aurora\_mysql\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_mysql\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
+| [aurora\_mysql\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_mysql\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
+| [aurora\_mysql\_security\_group\_id](#output\_aurora\_mysql\_security\_group\_id) | The security group ID of the cluster |
+| [aurora\_postgresql\_additional\_cluster\_endpoints](#output\_aurora\_postgresql\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
+| [aurora\_postgresql\_cluster\_arn](#output\_aurora\_postgresql\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
+| [aurora\_postgresql\_cluster\_database\_name](#output\_aurora\_postgresql\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
+| [aurora\_postgresql\_cluster\_endpoint](#output\_aurora\_postgresql\_cluster\_endpoint) | Writer endpoint for the cluster |
+| [aurora\_postgresql\_cluster\_engine\_version\_actual](#output\_aurora\_postgresql\_cluster\_engine\_version\_actual) | The running version of the cluster database |
+| [aurora\_postgresql\_cluster\_hosted\_zone\_id](#output\_aurora\_postgresql\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
+| [aurora\_postgresql\_cluster\_id](#output\_aurora\_postgresql\_cluster\_id) | The RDS Cluster Identifier |
+| [aurora\_postgresql\_cluster\_instances](#output\_aurora\_postgresql\_cluster\_instances) | A map of cluster instances and their attributes |
+| [aurora\_postgresql\_cluster\_master\_password](#output\_aurora\_postgresql\_cluster\_master\_password) | The database master password |
+| [aurora\_postgresql\_cluster\_master\_username](#output\_aurora\_postgresql\_cluster\_master\_username) | The database master username |
+| [aurora\_postgresql\_cluster\_members](#output\_aurora\_postgresql\_cluster\_members) | List of RDS Instances that are a part of this cluster |
+| [aurora\_postgresql\_cluster\_port](#output\_aurora\_postgresql\_cluster\_port) | The database port |
+| [aurora\_postgresql\_cluster\_reader\_endpoint](#output\_aurora\_postgresql\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
+| [aurora\_postgresql\_cluster\_resource\_id](#output\_aurora\_postgresql\_cluster\_resource\_id) | The RDS Cluster Resource ID |
+| [aurora\_postgresql\_cluster\_role\_associations](#output\_aurora\_postgresql\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
+| [aurora\_postgresql\_db\_subnet\_group\_name](#output\_aurora\_postgresql\_db\_subnet\_group\_name) | The db subnet group name |
+| [aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_arn](#output\_aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
+| [aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_name](#output\_aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
+| [aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_unique\_id](#output\_aurora\_postgresql\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
+| [aurora\_postgresql\_security\_group\_id](#output\_aurora\_postgresql\_security\_group\_id) | The security group ID of the cluster |
+| [aurora\_postresql\_cloudwatch\_log\_groups](#output\_aurora\_postresql\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes |
diff --git a/examples/serverless/main.tf b/examples/serverless/main.tf
index 04ca33f..ae5032f 100644
--- a/examples/serverless/main.tf
+++ b/examples/serverless/main.tf
@@ -2,15 +2,20 @@ provider "aws" {
region = local.region
}
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {
+ # Exclude local zones
+ filter {
+ name = "opt-in-status"
+ values = ["opt-in-not-required"]
+ }
+}
locals {
name = "ex-${basename(path.cwd)}"
region = "eu-west-1"
- vpc_cidr = "10.0.0.0/16"
- azs = slice(data.aws_availability_zones.available.names, 0, 3)
- preferred_maintenance_window = "sun:05:00-sun:06:00"
+ vpc_cidr = "10.0.0.0/16"
+ azs = slice(data.aws_availability_zones.available.names, 0, 3)
tags = {
Example = local.name
@@ -19,98 +24,11 @@ locals {
}
}
-################################################################################
-# PostgreSQL Serverless v1
-################################################################################
-
-module "aurora_postgresql" {
- source = "../../"
-
- name = "${local.name}-postgresql"
- engine = "aurora-postgresql"
- engine_mode = "serverless"
- storage_encrypted = true
- master_username = "root"
-
- vpc_id = module.vpc.vpc_id
- db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
- }
- }
-
- # Serverless v1 clusters do not support managed master user password
- manage_master_user_password = false
- master_password = random_password.master.result
-
- monitoring_interval = 60
-
- preferred_maintenance_window = local.preferred_maintenance_window
- skip_final_snapshot = true
-
- # enabled_cloudwatch_logs_exports = # NOT SUPPORTED
-
- scaling_configuration = {
- auto_pause = true
- min_capacity = 2
- max_capacity = 16
- seconds_until_auto_pause = 300
- seconds_before_timeout = 600
- timeout_action = "ForceApplyCapacityChange"
- }
-
- tags = local.tags
-}
-
-################################################################################
-# MySQL Serverless v1
-################################################################################
-
-module "aurora_mysql" {
- source = "../../"
-
- name = "${local.name}-mysql"
- engine = "aurora-mysql"
- engine_mode = "serverless"
- storage_encrypted = true
- master_username = "root"
-
- vpc_id = module.vpc.vpc_id
- db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
- }
- }
-
- # Serverless v1 clusters do not support managed master user password
- manage_master_user_password = false
- master_password = random_password.master.result
-
- monitoring_interval = 60
-
- apply_immediately = true
- skip_final_snapshot = true
-
- # enabled_cloudwatch_logs_exports = # NOT SUPPORTED
-
- scaling_configuration = {
- auto_pause = true
- min_capacity = 2
- max_capacity = 16
- seconds_until_auto_pause = 300
- timeout_action = "ForceApplyCapacityChange"
- }
-
- tags = local.tags
-}
-
################################################################################
# MySQL Serverless v2
################################################################################
-module "aurora_mysql_v2" {
+module "aurora_mysql" {
source = "../../"
name = "${local.name}-mysqlv2"
@@ -122,13 +40,19 @@ module "aurora_mysql_v2" {
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
- monitoring_interval = 60
+ cluster_monitoring_interval = 60
apply_immediately = true
skip_final_snapshot = true
@@ -138,7 +62,7 @@ module "aurora_mysql_v2" {
max_capacity = 10
}
- instance_class = "db.serverless"
+ cluster_instance_class = "db.serverless"
instances = {
one = {}
two = {}
@@ -153,10 +77,10 @@ module "aurora_mysql_v2" {
data "aws_rds_engine_version" "postgresql" {
engine = "aurora-postgresql"
- version = "14.12"
+ version = "17.5"
}
-module "aurora_postgresql_v2" {
+module "aurora_postgresql" {
source = "../../"
name = "${local.name}-postgresqlv2"
@@ -168,13 +92,19 @@ module "aurora_postgresql_v2" {
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
- security_group_rules = {
- vpc_ingress = {
- cidr_blocks = module.vpc.private_subnets_cidr_blocks
+ security_group_ingress_rules = {
+ private-az1 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
+ }
+ private-az2 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
+ }
+ private-az3 = {
+ cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
- monitoring_interval = 60
+ cluster_monitoring_interval = 60
apply_immediately = true
skip_final_snapshot = true
@@ -187,7 +117,7 @@ module "aurora_postgresql_v2" {
seconds_until_auto_pause = 3600
}
- instance_class = "db.serverless"
+ cluster_instance_class = "db.serverless"
instances = {
one = {}
two = {}
@@ -207,7 +137,7 @@ resource "random_password" "master" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
- version = "~> 5.0"
+ version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
diff --git a/examples/serverless/outputs.tf b/examples/serverless/outputs.tf
index 34eed05..fd02fbc 100644
--- a/examples/serverless/outputs.tf
+++ b/examples/serverless/outputs.tf
@@ -1,462 +1,233 @@
################################################################################
-# RDS Aurora Module - PostgreSQL
-################################################################################
-
-# aws_db_subnet_group
-output "postgresql_db_subnet_group_name" {
- description = "The db subnet group name"
- value = module.aurora_postgresql.db_subnet_group_name
-}
-
-# aws_rds_cluster
-output "postgresql_cluster_arn" {
- description = "Amazon Resource Name (ARN) of cluster"
- value = module.aurora_postgresql.cluster_arn
-}
-
-output "postgresql_cluster_id" {
- description = "The RDS Cluster Identifier"
- value = module.aurora_postgresql.cluster_id
-}
-
-output "postgresql_cluster_resource_id" {
- description = "The RDS Cluster Resource ID"
- value = module.aurora_postgresql.cluster_resource_id
-}
-
-output "postgresql_cluster_members" {
- description = "List of RDS Instances that are a part of this cluster"
- value = module.aurora_postgresql.cluster_members
-}
-
-output "postgresql_cluster_endpoint" {
- description = "Writer endpoint for the cluster"
- value = module.aurora_postgresql.cluster_endpoint
-}
-
-output "postgresql_cluster_reader_endpoint" {
- description = "A read-only endpoint for the cluster, automatically load-balanced across replicas"
- value = module.aurora_postgresql.cluster_reader_endpoint
-}
-
-output "postgresql_cluster_engine_version_actual" {
- description = "The running version of the cluster database"
- value = module.aurora_postgresql.cluster_engine_version_actual
-}
-
-# database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output
-output "postgresql_cluster_database_name" {
- description = "Name for an automatically created database on cluster creation"
- value = module.aurora_postgresql.cluster_database_name
-}
-
-output "postgresql_cluster_port" {
- description = "The database port"
- value = module.aurora_postgresql.cluster_port
-}
-
-output "postgresql_cluster_master_password" {
- description = "The database master password"
- value = module.aurora_postgresql.cluster_master_password
- sensitive = true
-}
-
-output "postgresql_cluster_master_username" {
- description = "The database master username"
- value = module.aurora_postgresql.cluster_master_username
- sensitive = true
-}
-
-output "postgresql_cluster_hosted_zone_id" {
- description = "The Route53 Hosted Zone ID of the endpoint"
- value = module.aurora_postgresql.cluster_hosted_zone_id
-}
-
-# aws_rds_cluster_instances
-output "postgresql_cluster_instances" {
- description = "A map of cluster instances and their attributes"
- value = module.aurora_postgresql.cluster_instances
-}
-
-# aws_rds_cluster_endpoint
-output "postgresql_additional_cluster_endpoints" {
- description = "A map of additional cluster endpoints and their attributes"
- value = module.aurora_postgresql.additional_cluster_endpoints
-}
-
-# aws_rds_cluster_role_association
-output "postgresql_cluster_role_associations" {
- description = "A map of IAM roles associated with the cluster and their attributes"
- value = module.aurora_postgresql.cluster_role_associations
-}
-
-# Enhanced monitoring role
-output "postgresql_enhanced_monitoring_iam_role_name" {
- description = "The name of the enhanced monitoring role"
- value = module.aurora_postgresql.enhanced_monitoring_iam_role_name
-}
-
-output "postgresql_enhanced_monitoring_iam_role_arn" {
- description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role"
- value = module.aurora_postgresql.enhanced_monitoring_iam_role_arn
-}
-
-output "postgresql_enhanced_monitoring_iam_role_unique_id" {
- description = "Stable and unique string identifying the enhanced monitoring role"
- value = module.aurora_postgresql.enhanced_monitoring_iam_role_unique_id
-}
-
-# aws_security_group
-output "postgresql_security_group_id" {
- description = "The security group ID of the cluster"
- value = module.aurora_postgresql.security_group_id
-}
-
-################################################################################
-# RDS Aurora Module - MySQL
+# RDS Aurora Module - MySQL Serverless V2
################################################################################
# aws_db_subnet_group
-output "mysql_db_subnet_group_name" {
+output "aurora_mysql_db_subnet_group_name" {
description = "The db subnet group name"
value = module.aurora_mysql.db_subnet_group_name
}
# aws_rds_cluster
-output "mysql_cluster_arn" {
+output "aurora_mysql_cluster_arn" {
description = "Amazon Resource Name (ARN) of cluster"
value = module.aurora_mysql.cluster_arn
}
-output "mysql_cluster_id" {
+output "aurora_mysql_cluster_id" {
description = "The RDS Cluster Identifier"
value = module.aurora_mysql.cluster_id
}
-output "mysql_cluster_resource_id" {
+output "aurora_mysql_cluster_resource_id" {
description = "The RDS Cluster Resource ID"
value = module.aurora_mysql.cluster_resource_id
}
-output "mysql_cluster_members" {
+output "aurora_mysql_cluster_members" {
description = "List of RDS Instances that are a part of this cluster"
value = module.aurora_mysql.cluster_members
}
-output "mysql_cluster_endpoint" {
+output "aurora_mysql_cluster_endpoint" {
description = "Writer endpoint for the cluster"
value = module.aurora_mysql.cluster_endpoint
}
-output "mysql_cluster_reader_endpoint" {
+output "aurora_mysql_cluster_reader_endpoint" {
description = "A read-only endpoint for the cluster, automatically load-balanced across replicas"
value = module.aurora_mysql.cluster_reader_endpoint
}
-output "mysql_cluster_engine_version_actual" {
+output "aurora_mysql_cluster_engine_version_actual" {
description = "The running version of the cluster database"
value = module.aurora_mysql.cluster_engine_version_actual
}
# database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output
-output "mysql_cluster_database_name" {
+output "aurora_mysql_cluster_database_name" {
description = "Name for an automatically created database on cluster creation"
value = module.aurora_mysql.cluster_database_name
}
-output "mysql_cluster_port" {
+output "aurora_mysql_cluster_port" {
description = "The database port"
value = module.aurora_mysql.cluster_port
}
-output "mysql_cluster_master_password" {
+output "aurora_mysql_cluster_master_password" {
description = "The database master password"
value = module.aurora_mysql.cluster_master_password
sensitive = true
}
-output "mysql_cluster_master_username" {
+output "aurora_mysql_cluster_master_username" {
description = "The database master username"
value = module.aurora_mysql.cluster_master_username
sensitive = true
}
-output "mysql_cluster_hosted_zone_id" {
+output "aurora_mysql_cluster_hosted_zone_id" {
description = "The Route53 Hosted Zone ID of the endpoint"
value = module.aurora_mysql.cluster_hosted_zone_id
}
# aws_rds_cluster_instances
-output "mysql_cluster_instances" {
+output "aurora_mysql_cluster_instances" {
description = "A map of cluster instances and their attributes"
value = module.aurora_mysql.cluster_instances
}
# aws_rds_cluster_endpoint
-output "mysql_additional_cluster_endpoints" {
+output "aurora_mysql_additional_cluster_endpoints" {
description = "A map of additional cluster endpoints and their attributes"
value = module.aurora_mysql.additional_cluster_endpoints
}
# aws_rds_cluster_role_association
-output "mysql_cluster_role_associations" {
+output "aurora_mysql_cluster_role_associations" {
description = "A map of IAM roles associated with the cluster and their attributes"
value = module.aurora_mysql.cluster_role_associations
}
# Enhanced monitoring role
-output "mysql_enhanced_monitoring_iam_role_name" {
+output "aurora_mysql_enhanced_monitoring_iam_role_name" {
description = "The name of the enhanced monitoring role"
value = module.aurora_mysql.enhanced_monitoring_iam_role_name
}
-output "mysql_enhanced_monitoring_iam_role_arn" {
+output "aurora_mysql_enhanced_monitoring_iam_role_arn" {
description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role"
value = module.aurora_mysql.enhanced_monitoring_iam_role_arn
}
-output "mysql_enhanced_monitoring_iam_role_unique_id" {
+output "aurora_mysql_enhanced_monitoring_iam_role_unique_id" {
description = "Stable and unique string identifying the enhanced monitoring role"
value = module.aurora_mysql.enhanced_monitoring_iam_role_unique_id
}
# aws_security_group
-output "mysql_security_group_id" {
+output "aurora_mysql_security_group_id" {
description = "The security group ID of the cluster"
value = module.aurora_mysql.security_group_id
}
-
-################################################################################
-# RDS Aurora Module - MySQL Serverless V2
-################################################################################
-
-# aws_db_subnet_group
-output "aurora_mysql_v2_db_subnet_group_name" {
- description = "The db subnet group name"
- value = module.aurora_mysql_v2.db_subnet_group_name
-}
-
-# aws_rds_cluster
-output "aurora_mysql_v2_cluster_arn" {
- description = "Amazon Resource Name (ARN) of cluster"
- value = module.aurora_mysql_v2.cluster_arn
-}
-
-output "aurora_mysql_v2_cluster_id" {
- description = "The RDS Cluster Identifier"
- value = module.aurora_mysql_v2.cluster_id
-}
-
-output "aurora_mysql_v2_cluster_resource_id" {
- description = "The RDS Cluster Resource ID"
- value = module.aurora_mysql_v2.cluster_resource_id
-}
-
-output "aurora_mysql_v2_cluster_members" {
- description = "List of RDS Instances that are a part of this cluster"
- value = module.aurora_mysql_v2.cluster_members
-}
-
-output "aurora_mysql_v2_cluster_endpoint" {
- description = "Writer endpoint for the cluster"
- value = module.aurora_mysql_v2.cluster_endpoint
-}
-
-output "aurora_mysql_v2_cluster_reader_endpoint" {
- description = "A read-only endpoint for the cluster, automatically load-balanced across replicas"
- value = module.aurora_mysql_v2.cluster_reader_endpoint
-}
-
-output "aurora_mysql_v2_cluster_engine_version_actual" {
- description = "The running version of the cluster database"
- value = module.aurora_mysql_v2.cluster_engine_version_actual
-}
-
-# database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output
-output "aurora_mysql_v2_cluster_database_name" {
- description = "Name for an automatically created database on cluster creation"
- value = module.aurora_mysql_v2.cluster_database_name
-}
-
-output "aurora_mysql_v2_cluster_port" {
- description = "The database port"
- value = module.aurora_mysql_v2.cluster_port
-}
-
-output "aurora_mysql_v2_cluster_master_password" {
- description = "The database master password"
- value = module.aurora_mysql_v2.cluster_master_password
- sensitive = true
-}
-
-output "aurora_mysql_v2_cluster_master_username" {
- description = "The database master username"
- value = module.aurora_mysql_v2.cluster_master_username
- sensitive = true
-}
-
-output "aurora_mysql_v2_cluster_hosted_zone_id" {
- description = "The Route53 Hosted Zone ID of the endpoint"
- value = module.aurora_mysql_v2.cluster_hosted_zone_id
-}
-
-# aws_rds_cluster_instances
-output "aurora_mysql_v2_cluster_instances" {
- description = "A map of cluster instances and their attributes"
- value = module.aurora_mysql_v2.cluster_instances
-}
-
-# aws_rds_cluster_endpoint
-output "aurora_mysql_v2_additional_cluster_endpoints" {
- description = "A map of additional cluster endpoints and their attributes"
- value = module.aurora_mysql_v2.additional_cluster_endpoints
-}
-
-# aws_rds_cluster_role_association
-output "aurora_mysql_v2_cluster_role_associations" {
- description = "A map of IAM roles associated with the cluster and their attributes"
- value = module.aurora_mysql_v2.cluster_role_associations
-}
-
-# Enhanced monitoring role
-output "aurora_mysql_v2_enhanced_monitoring_iam_role_name" {
- description = "The name of the enhanced monitoring role"
- value = module.aurora_mysql_v2.enhanced_monitoring_iam_role_name
-}
-
-output "aurora_mysql_v2_enhanced_monitoring_iam_role_arn" {
- description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role"
- value = module.aurora_mysql_v2.enhanced_monitoring_iam_role_arn
-}
-
-output "aurora_mysql_v2_enhanced_monitoring_iam_role_unique_id" {
- description = "Stable and unique string identifying the enhanced monitoring role"
- value = module.aurora_mysql_v2.enhanced_monitoring_iam_role_unique_id
-}
-
-# aws_security_group
-output "aurora_mysql_v2_security_group_id" {
- description = "The security group ID of the cluster"
- value = module.aurora_mysql_v2.security_group_id
-}
-
################################################################################
# RDS Aurora Module - PostgreSQL Serverless V2
################################################################################
# aws_db_subnet_group
-output "aurora_postgresql_v2_db_subnet_group_name" {
+output "aurora_postgresql_db_subnet_group_name" {
description = "The db subnet group name"
- value = module.aurora_postgresql_v2.db_subnet_group_name
+ value = module.aurora_postgresql.db_subnet_group_name
}
# aws_rds_cluster
-output "aurora_postgresql_v2_cluster_arn" {
+output "aurora_postgresql_cluster_arn" {
description = "Amazon Resource Name (ARN) of cluster"
- value = module.aurora_postgresql_v2.cluster_arn
+ value = module.aurora_postgresql.cluster_arn
}
-output "aurora_postgresql_v2_cluster_id" {
+output "aurora_postgresql_cluster_id" {
description = "The RDS Cluster Identifier"
- value = module.aurora_postgresql_v2.cluster_id
+ value = module.aurora_postgresql.cluster_id
}
-output "aurora_postgresql_v2_cluster_resource_id" {
+output "aurora_postgresql_cluster_resource_id" {
description = "The RDS Cluster Resource ID"
- value = module.aurora_postgresql_v2.cluster_resource_id
+ value = module.aurora_postgresql.cluster_resource_id
}
-output "aurora_postgresql_v2_cluster_members" {
+output "aurora_postgresql_cluster_members" {
description = "List of RDS Instances that are a part of this cluster"
- value = module.aurora_postgresql_v2.cluster_members
+ value = module.aurora_postgresql.cluster_members
}
-output "aurora_postgresql_v2_cluster_endpoint" {
+output "aurora_postgresql_cluster_endpoint" {
description = "Writer endpoint for the cluster"
- value = module.aurora_postgresql_v2.cluster_endpoint
+ value = module.aurora_postgresql.cluster_endpoint
}
-output "aurora_postgresql_v2_cluster_reader_endpoint" {
+output "aurora_postgresql_cluster_reader_endpoint" {
description = "A read-only endpoint for the cluster, automatically load-balanced across replicas"
- value = module.aurora_postgresql_v2.cluster_reader_endpoint
+ value = module.aurora_postgresql.cluster_reader_endpoint
}
-output "aurora_postgresql_v2_cluster_engine_version_actual" {
+output "aurora_postgresql_cluster_engine_version_actual" {
description = "The running version of the cluster database"
- value = module.aurora_postgresql_v2.cluster_engine_version_actual
+ value = module.aurora_postgresql.cluster_engine_version_actual
}
# database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output
-output "aurora_postgresql_v2_cluster_database_name" {
+output "aurora_postgresql_cluster_database_name" {
description = "Name for an automatically created database on cluster creation"
- value = module.aurora_postgresql_v2.cluster_database_name
+ value = module.aurora_postgresql.cluster_database_name
}
-output "aurora_postgresql_v2_cluster_port" {
+output "aurora_postgresql_cluster_port" {
description = "The database port"
- value = module.aurora_postgresql_v2.cluster_port
+ value = module.aurora_postgresql.cluster_port
}
-output "aurora_postgresql_v2_cluster_master_password" {
+output "aurora_postgresql_cluster_master_password" {
description = "The database master password"
- value = module.aurora_postgresql_v2.cluster_master_password
+ value = module.aurora_postgresql.cluster_master_password
sensitive = true
}
-output "aurora_postgresql_v2_cluster_master_username" {
+output "aurora_postgresql_cluster_master_username" {
description = "The database master username"
- value = module.aurora_postgresql_v2.cluster_master_username
+ value = module.aurora_postgresql.cluster_master_username
sensitive = true
}
-output "aurora_postgresql_v2_cluster_hosted_zone_id" {
+output "aurora_postgresql_cluster_hosted_zone_id" {
description = "The Route53 Hosted Zone ID of the endpoint"
- value = module.aurora_postgresql_v2.cluster_hosted_zone_id
+ value = module.aurora_postgresql.cluster_hosted_zone_id
}
# aws_rds_cluster_instances
-output "aurora_postgresql_v2_cluster_instances" {
+output "aurora_postgresql_cluster_instances" {
description = "A map of cluster instances and their attributes"
- value = module.aurora_postgresql_v2.cluster_instances
+ value = module.aurora_postgresql.cluster_instances
}
# aws_rds_cluster_endpoint
-output "aurora_postgresql_v2_additional_cluster_endpoints" {
+output "aurora_postgresql_additional_cluster_endpoints" {
description = "A map of additional cluster endpoints and their attributes"
- value = module.aurora_postgresql_v2.additional_cluster_endpoints
+ value = module.aurora_postgresql.additional_cluster_endpoints
}
# aws_rds_cluster_role_association
-output "aurora_postgresql_v2_cluster_role_associations" {
+output "aurora_postgresql_cluster_role_associations" {
description = "A map of IAM roles associated with the cluster and their attributes"
- value = module.aurora_postgresql_v2.cluster_role_associations
+ value = module.aurora_postgresql.cluster_role_associations
}
# Enhanced monitoring role
-output "aurora_postgresql_v2_enhanced_monitoring_iam_role_name" {
+output "aurora_postgresql_enhanced_monitoring_iam_role_name" {
description = "The name of the enhanced monitoring role"
- value = module.aurora_postgresql_v2.enhanced_monitoring_iam_role_name
+ value = module.aurora_postgresql.enhanced_monitoring_iam_role_name
}
-output "aurora_postgresql_v2_enhanced_monitoring_iam_role_arn" {
+output "aurora_postgresql_enhanced_monitoring_iam_role_arn" {
description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role"
- value = module.aurora_postgresql_v2.enhanced_monitoring_iam_role_arn
+ value = module.aurora_postgresql.enhanced_monitoring_iam_role_arn
}
-output "aurora_postgresql_v2_enhanced_monitoring_iam_role_unique_id" {
+output "aurora_postgresql_enhanced_monitoring_iam_role_unique_id" {
description = "Stable and unique string identifying the enhanced monitoring role"
- value = module.aurora_postgresql_v2.enhanced_monitoring_iam_role_unique_id
+ value = module.aurora_postgresql.enhanced_monitoring_iam_role_unique_id
}
# aws_security_group
-output "aurora_postgresql_v2_security_group_id" {
+output "aurora_postgresql_security_group_id" {
description = "The security group ID of the cluster"
- value = module.aurora_postgresql_v2.security_group_id
+ value = module.aurora_postgresql.security_group_id
}
# Cloudwatch Log groups
-output "aurora_postresql_v2_cloudwatch_log_groups" {
+output "aurora_postresql_cloudwatch_log_groups" {
description = "Map of CloudWatch log groups created and their attributes"
- value = module.aurora_postgresql_v2.db_cluster_cloudwatch_log_groups
+ value = module.aurora_postgresql.db_cluster_cloudwatch_log_groups
}
diff --git a/examples/serverless/versions.tf b/examples/serverless/versions.tf
index 2832cf7..1e701a3 100644
--- a/examples/serverless/versions.tf
+++ b/examples/serverless/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
random = {
source = "hashicorp/random"
diff --git a/main.tf b/main.tf
index 4f56970..33f30b5 100644
--- a/main.tf
+++ b/main.tf
@@ -5,14 +5,6 @@ locals {
port = coalesce(var.port, (var.engine == "aurora-postgresql" || var.engine == "postgres" ? 5432 : 3306))
- internal_db_subnet_group_name = try(coalesce(var.db_subnet_group_name, var.name), "")
- db_subnet_group_name = var.create_db_subnet_group ? try(aws_db_subnet_group.this[0].name, null) : local.internal_db_subnet_group_name
-
- security_group_name = try(coalesce(var.security_group_name, var.name), "")
-
- cluster_parameter_group_name = try(coalesce(var.db_cluster_parameter_group_name, var.name), null)
- db_parameter_group_name = try(coalesce(var.db_parameter_group_name, var.name), null)
-
backtrack_window = (var.engine == "aurora-mysql" || var.engine == "aurora") && var.engine_mode != "serverless" ? var.backtrack_window : 0
is_serverless = var.engine_mode == "serverless"
@@ -22,9 +14,16 @@ locals {
# DB Subnet Group
################################################################################
+locals {
+ internal_db_subnet_group_name = try(coalesce(var.db_subnet_group_name, var.name), "")
+ db_subnet_group_name = var.create_db_subnet_group ? try(aws_db_subnet_group.this[0].name, null) : local.internal_db_subnet_group_name
+}
+
resource "aws_db_subnet_group" "this" {
count = local.create && var.create_db_subnet_group ? 1 : 0
+ region = var.region
+
name = local.internal_db_subnet_group_name
description = "For Aurora cluster ${var.name}"
subnet_ids = var.subnets
@@ -36,26 +35,35 @@ resource "aws_db_subnet_group" "this" {
# Cluster
################################################################################
+locals {
+ use_master_password = var.is_primary_cluster && !local.use_managed_master_password
+ use_managed_master_password = var.manage_master_user_password && var.global_cluster_identifier == null
+}
+
resource "aws_rds_cluster" "this" {
count = local.create ? 1 : 0
- allocated_storage = var.allocated_storage
- allow_major_version_upgrade = var.allow_major_version_upgrade
- apply_immediately = var.apply_immediately
- availability_zones = var.availability_zones
- backup_retention_period = var.backup_retention_period
- backtrack_window = local.backtrack_window
- ca_certificate_identifier = var.cluster_ca_cert_identifier
- cluster_identifier = var.cluster_use_name_prefix ? null : var.name
- cluster_identifier_prefix = var.cluster_use_name_prefix ? "${var.name}-" : null
- cluster_members = var.cluster_members
- cluster_scalability_type = var.cluster_scalability_type
- copy_tags_to_snapshot = var.copy_tags_to_snapshot
- database_insights_mode = var.database_insights_mode
- database_name = var.is_primary_cluster ? var.database_name : null
- db_cluster_instance_class = var.db_cluster_instance_class
- db_cluster_parameter_group_name = var.create_db_cluster_parameter_group ? aws_rds_cluster_parameter_group.this[0].id : var.db_cluster_parameter_group_name
- db_instance_parameter_group_name = var.allow_major_version_upgrade ? var.db_cluster_db_instance_parameter_group_name : null
+ region = var.region
+
+ allocated_storage = var.allocated_storage
+ allow_major_version_upgrade = var.allow_major_version_upgrade
+ apply_immediately = var.apply_immediately
+ availability_zones = var.availability_zones
+ backup_retention_period = var.backup_retention_period
+ backtrack_window = local.backtrack_window
+ ca_certificate_identifier = var.cluster_ca_cert_identifier
+ cluster_identifier = var.cluster_use_name_prefix ? null : var.name
+ cluster_identifier_prefix = var.cluster_use_name_prefix ? "${var.name}-" : null
+ cluster_members = var.cluster_members
+ cluster_scalability_type = var.cluster_scalability_type
+ copy_tags_to_snapshot = var.copy_tags_to_snapshot
+ database_insights_mode = var.database_insights_mode
+ database_name = var.is_primary_cluster ? var.database_name : null
+ # We are using `allocated_storage` as a proxy to determine if this is RDS multi-az or not
+ # https://github.com/hashicorp/terraform-provider-aws/issues/30596#issuecomment-1639292427
+ db_cluster_instance_class = var.allocated_storage != null ? var.cluster_instance_class : null
+ db_cluster_parameter_group_name = local.create_cluster_parameter_group ? aws_rds_cluster_parameter_group.this[0].id : var.cluster_parameter_group_name
+ db_instance_parameter_group_name = var.allow_major_version_upgrade ? var.cluster_db_instance_parameter_group_name : null
db_subnet_group_name = local.db_subnet_group_name
delete_automated_backups = var.delete_automated_backups
deletion_protection = var.deletion_protection
@@ -75,9 +83,10 @@ resource "aws_rds_cluster" "this" {
# iam_roles has been removed from this resource and instead will be used with aws_rds_cluster_role_association below to avoid conflicts per docs
iops = var.iops
kms_key_id = var.kms_key_id
- manage_master_user_password = var.global_cluster_identifier == null && var.manage_master_user_password ? var.manage_master_user_password : null
- master_user_secret_kms_key_id = var.global_cluster_identifier == null && var.manage_master_user_password ? var.master_user_secret_kms_key_id : null
- master_password = var.is_primary_cluster && !var.manage_master_user_password ? var.master_password : null
+ manage_master_user_password = local.use_managed_master_password ? var.manage_master_user_password : null
+ master_user_secret_kms_key_id = local.use_managed_master_password ? var.master_user_secret_kms_key_id : null
+ master_password_wo = local.use_master_password ? var.master_password_wo : null
+ master_password_wo_version = local.use_master_password ? var.master_password_wo_version : null
master_username = var.is_primary_cluster ? var.master_username : null
monitoring_interval = var.cluster_monitoring_interval
monitoring_role_arn = var.create_monitoring_role && var.cluster_monitoring_interval > 0 ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn
@@ -91,23 +100,23 @@ resource "aws_rds_cluster" "this" {
replication_source_identifier = var.replication_source_identifier
dynamic "restore_to_point_in_time" {
- for_each = length(var.restore_to_point_in_time) > 0 ? [var.restore_to_point_in_time] : []
+ for_each = var.restore_to_point_in_time != null ? [var.restore_to_point_in_time] : []
content {
- restore_to_time = try(restore_to_point_in_time.value.restore_to_time, null)
- restore_type = try(restore_to_point_in_time.value.restore_type, null)
- source_cluster_identifier = try(restore_to_point_in_time.value.source_cluster_identifier, null)
- source_cluster_resource_id = try(restore_to_point_in_time.value.source_cluster_resource_id, null)
- use_latest_restorable_time = try(restore_to_point_in_time.value.use_latest_restorable_time, null)
+ restore_to_time = restore_to_point_in_time.value.restore_to_time
+ restore_type = restore_to_point_in_time.value.restore_type
+ source_cluster_identifier = restore_to_point_in_time.value.source_cluster_identifier
+ source_cluster_resource_id = restore_to_point_in_time.value.source_cluster_resource_id
+ use_latest_restorable_time = restore_to_point_in_time.value.use_latest_restorable_time
}
}
dynamic "s3_import" {
- for_each = length(var.s3_import) > 0 && !local.is_serverless ? [var.s3_import] : []
+ for_each = var.s3_import != null && !local.is_serverless ? [var.s3_import] : []
content {
bucket_name = s3_import.value.bucket_name
- bucket_prefix = try(s3_import.value.bucket_prefix, null)
+ bucket_prefix = s3_import.value.bucket_prefix
ingestion_role = s3_import.value.ingestion_role
source_engine = "mysql"
source_engine_version = s3_import.value.source_engine_version
@@ -115,25 +124,25 @@ resource "aws_rds_cluster" "this" {
}
dynamic "scaling_configuration" {
- for_each = length(var.scaling_configuration) > 0 && local.is_serverless ? [var.scaling_configuration] : []
+ for_each = var.scaling_configuration != null && local.is_serverless ? [var.scaling_configuration] : []
content {
- auto_pause = try(scaling_configuration.value.auto_pause, null)
- max_capacity = try(scaling_configuration.value.max_capacity, null)
- min_capacity = try(scaling_configuration.value.min_capacity, null)
- seconds_until_auto_pause = try(scaling_configuration.value.seconds_until_auto_pause, null)
- seconds_before_timeout = try(scaling_configuration.value.seconds_before_timeout, null)
- timeout_action = try(scaling_configuration.value.timeout_action, null)
+ auto_pause = scaling_configuration.value.auto_pause
+ max_capacity = scaling_configuration.value.max_capacity
+ min_capacity = scaling_configuration.value.min_capacity
+ seconds_before_timeout = scaling_configuration.value.seconds_before_timeout
+ seconds_until_auto_pause = scaling_configuration.value.seconds_until_auto_pause
+ timeout_action = scaling_configuration.value.timeout_action
}
}
dynamic "serverlessv2_scaling_configuration" {
- for_each = length(var.serverlessv2_scaling_configuration) > 0 && var.engine_mode == "provisioned" ? [var.serverlessv2_scaling_configuration] : []
+ for_each = var.serverlessv2_scaling_configuration != null && var.engine_mode == "provisioned" ? [var.serverlessv2_scaling_configuration] : []
content {
max_capacity = serverlessv2_scaling_configuration.value.max_capacity
min_capacity = serverlessv2_scaling_configuration.value.min_capacity
- seconds_until_auto_pause = try(serverlessv2_scaling_configuration.value.seconds_until_auto_pause, null)
+ seconds_until_auto_pause = serverlessv2_scaling_configuration.value.seconds_until_auto_pause
}
}
@@ -143,12 +152,16 @@ resource "aws_rds_cluster" "this" {
storage_encrypted = var.storage_encrypted
storage_type = var.storage_type
tags = merge(var.tags, var.cluster_tags)
- vpc_security_group_ids = compact(concat([try(aws_security_group.this[0].id, "")], var.vpc_security_group_ids))
+ vpc_security_group_ids = compact(concat(aws_security_group.this[*].id, var.vpc_security_group_ids))
- timeouts {
- create = try(var.cluster_timeouts.create, null)
- update = try(var.cluster_timeouts.update, null)
- delete = try(var.cluster_timeouts.delete, null)
+ dynamic "timeouts" {
+ for_each = var.cluster_timeouts != null ? [var.cluster_timeouts] : []
+
+ content {
+ create = each.value.create
+ update = each.value.update
+ delete = each.value.delete
+ }
}
lifecycle {
@@ -172,40 +185,46 @@ resource "aws_rds_cluster" "this" {
resource "aws_rds_cluster_instance" "this" {
for_each = { for k, v in var.instances : k => v if local.create && !local.is_serverless }
- apply_immediately = try(each.value.apply_immediately, var.apply_immediately)
- auto_minor_version_upgrade = try(each.value.auto_minor_version_upgrade, var.auto_minor_version_upgrade)
- availability_zone = try(each.value.availability_zone, null)
- ca_cert_identifier = var.ca_cert_identifier
+ region = var.region
+
+ apply_immediately = try(coalesce(each.value.apply_immediately, var.apply_immediately), null)
+ auto_minor_version_upgrade = each.value.auto_minor_version_upgrade
+ availability_zone = each.value.availability_zone
+ ca_cert_identifier = try(coalesce(each.value.ca_cert_identifier, var.cluster_ca_cert_identifier), null)
cluster_identifier = aws_rds_cluster.this[0].id
- copy_tags_to_snapshot = try(each.value.copy_tags_to_snapshot, var.copy_tags_to_snapshot)
- db_parameter_group_name = var.create_db_parameter_group ? aws_db_parameter_group.this[0].id : try(each.value.db_parameter_group_name, var.db_parameter_group_name)
+ copy_tags_to_snapshot = try(coalesce(each.value.copy_tags_to_snapshot, var.copy_tags_to_snapshot), null)
+ custom_iam_instance_profile = each.value.custom_iam_instance_profile
+ db_parameter_group_name = local.create_db_parameter_group ? aws_db_parameter_group.this[0].id : each.value.db_parameter_group_name
db_subnet_group_name = local.db_subnet_group_name
engine = var.engine
engine_version = var.engine_version
- identifier = var.instances_use_identifier_prefix ? null : try(each.value.identifier, "${var.name}-${each.key}")
- identifier_prefix = var.instances_use_identifier_prefix ? try(each.value.identifier_prefix, "${var.name}-${each.key}-") : null
- instance_class = try(each.value.instance_class, var.instance_class)
- monitoring_interval = var.cluster_monitoring_interval > 0 ? var.cluster_monitoring_interval : try(each.value.monitoring_interval, var.monitoring_interval)
- monitoring_role_arn = var.create_monitoring_role ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn
- performance_insights_enabled = try(each.value.performance_insights_enabled, var.performance_insights_enabled)
- performance_insights_kms_key_id = try(each.value.performance_insights_kms_key_id, var.performance_insights_kms_key_id)
- performance_insights_retention_period = try(each.value.performance_insights_retention_period, var.performance_insights_retention_period)
+ identifier = var.instances_use_identifier_prefix ? null : try(coalesce(each.value.identifier, "${var.name}-${each.key}"))
+ identifier_prefix = var.instances_use_identifier_prefix ? try(coalesce(each.value.identifier_prefix, "${var.name}-${each.key}-")) : null
+ instance_class = try(coalesce(each.value.instance_class, var.cluster_instance_class), null)
+ monitoring_interval = try(coalesce(each.value.monitoring_interval, var.cluster_monitoring_interval), null)
+ monitoring_role_arn = try(aws_iam_role.rds_enhanced_monitoring[0].arn, each.value.monitoring_role_arn)
+ performance_insights_enabled = try(coalesce(each.value.performance_insights_enabled, var.cluster_performance_insights_enabled), null)
+ performance_insights_kms_key_id = try(coalesce(each.value.performance_insights_kms_key_id, var.cluster_performance_insights_kms_key_id), null)
+ performance_insights_retention_period = try(coalesce(each.value.performance_insights_retention_period, var.cluster_performance_insights_retention_period), null)
# preferred_backup_window - is set at the cluster level and will error if provided here
- preferred_maintenance_window = try(each.value.preferred_maintenance_window, var.preferred_maintenance_window)
- promotion_tier = try(each.value.promotion_tier, null)
- publicly_accessible = try(each.value.publicly_accessible, var.publicly_accessible)
- tags = merge(var.tags, try(each.value.tags, {}))
-
- timeouts {
- create = try(var.instance_timeouts.create, null)
- update = try(var.instance_timeouts.update, null)
- delete = try(var.instance_timeouts.delete, null)
+ preferred_maintenance_window = try(coalesce(each.value.preferred_maintenance_window, var.preferred_maintenance_window), null)
+ promotion_tier = each.value.promotion_tier
+ publicly_accessible = each.value.publicly_accessible
+ tags = merge(var.tags, each.value.tags)
+
+ dynamic "timeouts" {
+ for_each = var.instance_timeouts != null ? [var.instance_timeouts] : []
+
+ content {
+ create = each.value.create
+ update = each.value.update
+ delete = each.value.delete
+ }
}
lifecycle {
create_before_destroy = true
}
-
}
################################################################################
@@ -215,12 +234,14 @@ resource "aws_rds_cluster_instance" "this" {
resource "aws_rds_cluster_endpoint" "this" {
for_each = { for k, v in var.endpoints : k => v if local.create && !local.is_serverless }
+ region = var.region
+
cluster_endpoint_identifier = each.value.identifier
cluster_identifier = aws_rds_cluster.this[0].id
custom_endpoint_type = each.value.type
- excluded_members = try(each.value.excluded_members, null)
- static_members = try(each.value.static_members, null)
- tags = merge(var.tags, try(each.value.tags, {}))
+ excluded_members = each.value.excluded_members
+ static_members = each.value.static_members
+ tags = merge(var.tags, each.value.tags)
depends_on = [
aws_rds_cluster_instance.this
@@ -232,10 +253,12 @@ resource "aws_rds_cluster_endpoint" "this" {
################################################################################
resource "aws_rds_cluster_role_association" "this" {
- for_each = { for k, v in var.iam_roles : k => v if local.create }
+ for_each = { for k, v in var.role_associations : k => v if local.create }
+
+ region = var.region
db_cluster_identifier = aws_rds_cluster.this[0].id
- feature_name = each.value.feature_name
+ feature_name = try(coalesce(each.value.feature_name, each.key))
role_arn = each.value.role_arn
}
@@ -244,7 +267,16 @@ resource "aws_rds_cluster_role_association" "this" {
################################################################################
locals {
- create_monitoring_role = local.create && var.create_monitoring_role && (var.monitoring_interval > 0 || var.cluster_monitoring_interval > 0)
+ instances_has_monitoring_enabled = anytrue([for k, v in var.instances : v.monitoring_interval != null && try(coalesce(v.monitoring_interval, 0), 0) > 0])
+ create_monitoring_role = local.create && var.create_monitoring_role && (local.instances_has_monitoring_enabled || var.cluster_monitoring_interval > 0)
+
+ iam_role_name = try(coalesce(var.iam_role_name, "${var.name}-monitor"))
+}
+
+data "aws_service_principal" "monitoring_rds" {
+ count = local.create_monitoring_role ? 1 : 0
+
+ service_name = "monitoring.rds"
}
data "aws_iam_policy_document" "monitoring_rds_assume_role" {
@@ -255,7 +287,7 @@ data "aws_iam_policy_document" "monitoring_rds_assume_role" {
principals {
type = "Service"
- identifiers = ["monitoring.rds.amazonaws.com"]
+ identifiers = [data.aws_service_principal.monitoring_rds[0].name]
}
}
}
@@ -263,15 +295,14 @@ data "aws_iam_policy_document" "monitoring_rds_assume_role" {
resource "aws_iam_role" "rds_enhanced_monitoring" {
count = local.create_monitoring_role ? 1 : 0
- name = var.iam_role_use_name_prefix ? null : var.iam_role_name
- name_prefix = var.iam_role_use_name_prefix ? "${var.iam_role_name}-" : null
+ name = var.iam_role_use_name_prefix ? null : local.iam_role_name
+ name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null
description = var.iam_role_description
path = var.iam_role_path
assume_role_policy = data.aws_iam_policy_document.monitoring_rds_assume_role[0].json
- managed_policy_arns = var.iam_role_managed_policy_arns
permissions_boundary = var.iam_role_permissions_boundary
- force_detach_policies = var.iam_role_force_detach_policies
+ force_detach_policies = true
max_session_duration = var.iam_role_max_session_duration
tags = var.tags
@@ -291,6 +322,8 @@ resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
resource "aws_appautoscaling_target" "this" {
count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0
+ region = var.region
+
max_capacity = var.autoscaling_max_capacity
min_capacity = var.autoscaling_min_capacity
resource_id = "cluster:${aws_rds_cluster.this[0].cluster_identifier}"
@@ -309,6 +342,8 @@ resource "aws_appautoscaling_target" "this" {
resource "aws_appautoscaling_policy" "this" {
count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0
+ region = var.region
+
name = var.autoscaling_policy_name
policy_type = "TargetTrackingScaling"
resource_id = "cluster:${aws_rds_cluster.this[0].cluster_identifier}"
@@ -334,59 +369,100 @@ resource "aws_appautoscaling_policy" "this" {
# Security Group
################################################################################
+locals {
+ create_security_group = local.create && var.create_security_group
+ security_group_name = try(coalesce(var.security_group_name, var.name), "")
+}
+
resource "aws_security_group" "this" {
- count = local.create && var.create_security_group ? 1 : 0
+ count = local.create_security_group ? 1 : 0
+
+ region = var.region
name = var.security_group_use_name_prefix ? null : local.security_group_name
name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
vpc_id = var.vpc_id
- description = coalesce(var.security_group_description, "Control traffic to/from RDS Aurora ${var.name}")
+ description = coalesce(var.security_group_description, "Control traffic to/from RDS Aurora ${local.create_security_group}")
- tags = merge(var.tags, var.security_group_tags, { Name = local.security_group_name })
+ tags = merge(
+ var.tags,
+ var.security_group_tags,
+ { "Name" = local.security_group_name }
+ )
lifecycle {
create_before_destroy = true
}
}
-resource "aws_security_group_rule" "this" {
- for_each = { for k, v in var.security_group_rules : k => v if local.create && var.create_security_group }
-
- # required
- type = try(each.value.type, "ingress")
- from_port = try(each.value.from_port, local.port)
- to_port = try(each.value.to_port, local.port)
- protocol = try(each.value.protocol, "tcp")
- security_group_id = aws_security_group.this[0].id
-
- # optional
- cidr_blocks = try(each.value.cidr_blocks, null)
- description = try(each.value.description, null)
- ipv6_cidr_blocks = try(each.value.ipv6_cidr_blocks, null)
- prefix_list_ids = try(each.value.prefix_list_ids, null)
- source_security_group_id = try(each.value.source_security_group_id, null)
- self = try(each.value.self, null)
+resource "aws_vpc_security_group_ingress_rule" "this" {
+ for_each = { for k, v in var.security_group_ingress_rules : k => v if var.security_group_ingress_rules != null && local.create_security_group }
+
+ region = var.region
+
+ cidr_ipv4 = each.value.cidr_ipv4
+ cidr_ipv6 = each.value.cidr_ipv6
+ description = each.value.description
+ from_port = try(coalesce(each.value.from_port, local.port), null)
+ ip_protocol = each.value.ip_protocol
+ prefix_list_id = each.value.prefix_list_id
+ referenced_security_group_id = each.value.referenced_security_group_id == "self" ? aws_security_group.this[0].id : each.value.referenced_security_group_id
+ security_group_id = aws_security_group.this[0].id
+ tags = merge(
+ var.tags,
+ { "Name" = coalesce(each.value.name, "${local.security_group_name}-${each.key}") },
+ each.value.tags
+ )
+ to_port = try(coalesce(each.value.to_port, each.value.from_port, local.port), null)
+}
+
+resource "aws_vpc_security_group_egress_rule" "this" {
+ for_each = { for k, v in var.security_group_egress_rules : k => v if var.security_group_egress_rules != null && local.create_security_group }
+
+ region = var.region
+
+ cidr_ipv4 = each.value.cidr_ipv4
+ cidr_ipv6 = each.value.cidr_ipv6
+ description = each.value.description
+ from_port = try(coalesce(each.value.from_port, each.value.to_port, local.port), null)
+ ip_protocol = each.value.ip_protocol
+ prefix_list_id = each.value.prefix_list_id
+ referenced_security_group_id = each.value.referenced_security_group_id == "self" ? aws_security_group.this[0].id : each.value.referenced_security_group_id
+ security_group_id = aws_security_group.this[0].id
+ tags = merge(
+ var.tags,
+ { "Name" = coalesce(each.value.name, "${local.security_group_name}-${each.key}") },
+ each.value.tags
+ )
+ to_port = try(coalesce(each.value.to_port, local.port), null)
}
+
################################################################################
# Cluster Parameter Group
################################################################################
+locals {
+ create_cluster_parameter_group = local.create && var.cluster_parameter_group != null
+}
+
resource "aws_rds_cluster_parameter_group" "this" {
- count = local.create && var.create_db_cluster_parameter_group ? 1 : 0
+ count = local.create_cluster_parameter_group ? 1 : 0
- name = var.db_cluster_parameter_group_use_name_prefix ? null : local.cluster_parameter_group_name
- name_prefix = var.db_cluster_parameter_group_use_name_prefix ? "${local.cluster_parameter_group_name}-" : null
- description = var.db_cluster_parameter_group_description
- family = var.db_cluster_parameter_group_family
+ region = var.region
+
+ name = var.cluster_parameter_group.use_name_prefix ? null : try(coalesce(var.cluster_parameter_group.name, var.name), "")
+ name_prefix = var.cluster_parameter_group.use_name_prefix ? "${try(coalesce(var.cluster_parameter_group.name, var.name), "")}-" : null
+ description = coalesce(var.cluster_parameter_group.description, "${var.cluster_parameter_group.family} for Aurora cluster ${var.name}")
+ family = var.cluster_parameter_group.family
dynamic "parameter" {
- for_each = var.db_cluster_parameter_group_parameters
+ for_each = var.cluster_parameter_group.parameters != null ? var.cluster_parameter_group.parameters : []
content {
- name = parameter.value.name
+ name = try(coalesce(parameter.value.name, parameter.key))
value = parameter.value.value
- apply_method = try(parameter.value.apply_method, "immediate")
+ apply_method = parameter.value.apply_method
}
}
@@ -401,21 +477,27 @@ resource "aws_rds_cluster_parameter_group" "this" {
# DB Parameter Group
################################################################################
+locals {
+ create_db_parameter_group = local.create && var.db_parameter_group != null
+}
+
resource "aws_db_parameter_group" "this" {
- count = local.create && var.create_db_parameter_group ? 1 : 0
+ count = local.create_db_parameter_group ? 1 : 0
- name = var.db_parameter_group_use_name_prefix ? null : local.db_parameter_group_name
- name_prefix = var.db_parameter_group_use_name_prefix ? "${local.db_parameter_group_name}-" : null
- description = var.db_parameter_group_description
- family = var.db_parameter_group_family
+ region = var.region
+
+ name = var.db_parameter_group.use_name_prefix ? null : try(coalesce(var.db_parameter_group.name, var.name), "")
+ name_prefix = var.db_parameter_group.use_name_prefix ? "${try(coalesce(var.db_parameter_group.name, var.name), "")}-" : null
+ description = coalesce(var.db_parameter_group.description, "${var.db_parameter_group.family} for Aurora cluster ${var.name}")
+ family = var.db_parameter_group.family
dynamic "parameter" {
- for_each = var.db_parameter_group_parameters
+ for_each = var.db_parameter_group.parameters != null ? var.db_parameter_group.parameters : []
content {
- name = parameter.value.name
+ name = try(coalesce(parameter.value.name, parameter.key))
value = parameter.value.value
- apply_method = try(parameter.value.apply_method, "immediate")
+ apply_method = parameter.value.apply_method
}
}
@@ -434,6 +516,8 @@ resource "aws_db_parameter_group" "this" {
resource "aws_cloudwatch_log_group" "this" {
for_each = toset([for log in var.enabled_cloudwatch_logs_exports : log if local.create && var.create_cloudwatch_log_group && !var.cluster_use_name_prefix])
+ region = var.region
+
name = "/aws/rds/cluster/${var.name}/${each.value}"
retention_in_days = var.cloudwatch_log_group_retention_in_days
kms_key_id = var.cloudwatch_log_group_kms_key_id
@@ -448,12 +532,14 @@ resource "aws_cloudwatch_log_group" "this" {
################################################################################
resource "aws_rds_cluster_activity_stream" "this" {
- count = local.create && var.create_db_cluster_activity_stream ? 1 : 0
+ count = local.create && var.cluster_activity_stream != null ? 1 : 0
+
+ region = var.region
+ engine_native_audit_fields_included = var.cluster_activity_stream.include_audit_fields
+ kms_key_id = var.cluster_activity_stream.kms_key_id
+ mode = var.cluster_activity_stream.mode
resource_arn = aws_rds_cluster.this[0].arn
- mode = var.db_cluster_activity_stream_mode
- kms_key_id = var.db_cluster_activity_stream_kms_key_id
- engine_native_audit_fields_included = var.engine_native_audit_fields_included
depends_on = [aws_rds_cluster_instance.this]
}
@@ -471,6 +557,8 @@ resource "aws_rds_cluster_activity_stream" "this" {
resource "aws_secretsmanager_secret_rotation" "this" {
count = local.create && var.manage_master_user_password && var.manage_master_user_password_rotation ? 1 : 0
+ region = var.region
+
secret_id = aws_rds_cluster.this[0].master_user_secret[0].secret_arn
rotate_immediately = var.master_user_password_rotate_immediately
@@ -486,19 +574,25 @@ resource "aws_secretsmanager_secret_rotation" "this" {
################################################################################
resource "aws_rds_shard_group" "this" {
- count = local.create && var.create_shard_group ? 1 : 0
+ count = local.create && var.shard_group != null ? 1 : 0
+
+ region = var.region
- compute_redundancy = var.compute_redundancy
+ compute_redundancy = var.shard_group.compute_redundancy
db_cluster_identifier = aws_rds_cluster.this[0].id
- db_shard_group_identifier = var.db_shard_group_identifier
- max_acu = var.max_acu
- min_acu = var.min_acu
- publicly_accessible = var.publicly_accessible
- tags = merge(var.tags, var.shard_group_tags)
-
- timeouts {
- create = try(var.shard_group_timeouts.create, null)
- update = try(var.shard_group_timeouts.update, null)
- delete = try(var.shard_group_timeouts.delete, null)
+ db_shard_group_identifier = var.shard_group.identifier
+ max_acu = var.shard_group.max_acu
+ min_acu = var.shard_group.min_acu
+ publicly_accessible = var.shard_group.publicly_accessible
+ tags = merge(var.tags, var.shard_group.tags)
+
+ dynamic "timeouts" {
+ for_each = var.shard_group.timeouts != null ? [var.shard_group.timeouts] : []
+
+ content {
+ create = timeouts.value.create
+ update = timeouts.value.update
+ delete = timeouts.value.delete
+ }
}
}
diff --git a/modules/dsql/README.md b/modules/dsql/README.md
index 0834266..c92a0b0 100644
--- a/modules/dsql/README.md
+++ b/modules/dsql/README.md
@@ -1,6 +1,6 @@
-# DSQL Cluster
+# AWS RDS Aurora DSQL Terraform module
-Terraform sub-module which creates DSQL cluster and peering resources.
+Terraform sub-module which creates DSQL resources.
## Usage
@@ -10,25 +10,31 @@ See [DSQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tre
module "dsql_cluster_1" {
source = "../../modules/dsql"
- witness_region = "us-west-2"
+ name = "dsql-1"
+
+ witness_region = "us-east-2"
create_cluster_peering = true
clusters = [module.dsql_cluster_2.arn]
- tags = { Name = "dsql-1" }
+ tags = {
+ Environment = "production"
+ }
}
module "dsql_cluster_2" {
source = "../../modules/dsql"
+ region = "us-east-2"
+
+ name = "dsql-2"
+
witness_region = "us-west-2"
create_cluster_peering = true
clusters = [module.dsql_cluster_1.arn]
- tags = { Name = "dsql-2" }
-
- providers = {
- aws = aws.region2
- }
+ tags = {
+ Environment = "production"
+ }
}
```
@@ -37,14 +43,14 @@ module "dsql_cluster_2" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.100 |
+| [terraform](#requirement\_terraform) | >= 1.11 |
+| [aws](#requirement\_aws) | >= 6.18 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.100 |
+| [aws](#provider\_aws) | >= 6.18 |
## Modules
@@ -66,8 +72,10 @@ No modules.
| [create\_cluster\_peering](#input\_create\_cluster\_peering) | Whether to create cluster peering | `bool` | `false` | no |
| [deletion\_protection\_enabled](#input\_deletion\_protection\_enabled) | Whether deletion protection is enabled in this cluster | `bool` | `null` | no |
| [kms\_encryption\_key](#input\_kms\_encryption\_key) | The ARN of the AWS KMS key that encrypts data in the DSQL Cluster, or `AWS_OWNED_KMS_KEY` | `string` | `null` | no |
-| [tags](#input\_tags) | A map of tags to be associated with the AWS DSQL Cluster resource | `map(string)` | `{}` | no |
-| [timeouts](#input\_timeouts) | Create timeout configuration for the cluster | `any` | `{}` | no |
+| [name](#input\_name) | Name used across resources created | `string` | `""` | no |
+| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
+| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| [timeouts](#input\_timeouts) | Timeout configuration for the cluster | object({
create = optional(string)
}) | `null` | no |
| [witness\_region](#input\_witness\_region) | Witness region for the multi-region clusters. Setting this makes this cluster a multi-region cluster. Changing it recreates the cluster | `string` | `null` | no |
## Outputs
diff --git a/modules/dsql/main.tf b/modules/dsql/main.tf
index 450574c..a5005e7 100644
--- a/modules/dsql/main.tf
+++ b/modules/dsql/main.tf
@@ -1,27 +1,47 @@
+################################################################################
+# Cluster
+################################################################################
+
resource "aws_dsql_cluster" "this" {
count = var.create ? 1 : 0
+ region = var.region
+
deletion_protection_enabled = var.deletion_protection_enabled
kms_encryption_key = var.kms_encryption_key
dynamic "multi_region_properties" {
for_each = var.witness_region != null ? [true] : []
+
content {
witness_region = var.witness_region
}
}
- tags = var.tags
+ tags = merge(
+ var.tags,
+ { for k, v in { Name = var.name } : k => v if v != "" }
+ )
}
+################################################################################
+# Cluster Peering
+################################################################################
+
resource "aws_dsql_cluster_peering" "this" {
count = var.create && var.create_cluster_peering ? 1 : 0
+ region = var.region
+
clusters = var.clusters
identifier = aws_dsql_cluster.this[0].identifier
witness_region = var.witness_region
- timeouts {
- create = try(var.timeouts.create, null)
+ dynamic "timeouts" {
+ for_each = var.timeouts != null ? [var.timeouts] : []
+
+ content {
+ create = timeouts.value.create
+ }
}
}
diff --git a/modules/dsql/outputs.tf b/modules/dsql/outputs.tf
index d0831f5..724298c 100644
--- a/modules/dsql/outputs.tf
+++ b/modules/dsql/outputs.tf
@@ -1,3 +1,7 @@
+################################################################################
+# Cluster
+################################################################################
+
output "arn" {
description = "ARN of the cluster"
value = try(aws_dsql_cluster.this[0].arn, null)
diff --git a/modules/dsql/variables.tf b/modules/dsql/variables.tf
index ecf2ec3..62e3f05 100644
--- a/modules/dsql/variables.tf
+++ b/modules/dsql/variables.tf
@@ -4,6 +4,28 @@ variable "create" {
default = true
}
+variable "region" {
+ description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
+ type = string
+ default = null
+}
+
+variable "name" {
+ description = "Name used across resources created"
+ type = string
+ default = ""
+}
+
+variable "tags" {
+ description = "A map of tags to add to all resources"
+ type = map(string)
+ default = {}
+}
+
+################################################################################
+# Cluster
+################################################################################
+
variable "deletion_protection_enabled" {
description = "Whether deletion protection is enabled in this cluster"
type = bool
@@ -16,6 +38,10 @@ variable "kms_encryption_key" {
default = null
}
+################################################################################
+# Cluster Peering
+################################################################################
+
variable "create_cluster_peering" {
description = "Whether to create cluster peering"
type = bool
@@ -35,13 +61,9 @@ variable "witness_region" {
}
variable "timeouts" {
- description = "Create timeout configuration for the cluster"
- type = any
- default = {}
-}
-
-variable "tags" {
- description = "A map of tags to be associated with the AWS DSQL Cluster resource"
- type = map(string)
- default = {}
+ description = "Timeout configuration for the cluster"
+ type = object({
+ create = optional(string)
+ })
+ default = null
}
diff --git a/modules/dsql/versions.tf b/modules/dsql/versions.tf
index 7aad8ab..23d5557 100644
--- a/modules/dsql/versions.tf
+++ b/modules/dsql/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.100"
+ version = ">= 6.18"
}
}
}
diff --git a/variables.tf b/variables.tf
index 7a1dadc..5e4e2b3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,6 +4,12 @@ variable "create" {
default = true
}
+variable "region" {
+ description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
+ type = string
+ default = null
+}
+
variable "name" {
description = "Name used across resources created"
type = string
@@ -135,7 +141,7 @@ variable "cluster_monitoring_interval" {
variable "copy_tags_to_snapshot" {
description = "Copy all Cluster `tags` to snapshots"
type = bool
- default = null
+ default = true
}
variable "database_insights_mode" {
@@ -150,14 +156,14 @@ variable "database_name" {
default = null
}
-variable "db_cluster_instance_class" {
- description = "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines"
+variable "cluster_instance_class" {
+ description = "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster (not all DB instance classes are available in all AWS Regions, or for all database engines)"
type = string
default = null
}
-variable "db_cluster_db_instance_parameter_group_name" {
- description = "Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade`"
+variable "cluster_db_instance_parameter_group_name" {
+ description = "Instance parameter group to associate with all instances of the DB cluster. The `cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade`"
type = string
default = null
}
@@ -181,7 +187,7 @@ variable "enable_global_write_forwarding" {
}
variable "enable_local_write_forwarding" {
- description = "Whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances."
+ description = "Whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances"
type = bool
default = null
}
@@ -217,7 +223,7 @@ variable "engine_version" {
}
variable "engine_lifecycle_support" {
- description = "The life cycle type for this DB instance. This setting is valid for cluster types Aurora DB clusters and Multi-AZ DB clusters. Valid values are `open-source-rds-extended-support`, `open-source-rds-extended-support-disabled`. Default value is `open-source-rds-extended-support`."
+ description = "The life cycle type for this DB instance. This setting is valid for cluster types Aurora DB clusters and Multi-AZ DB clusters. Valid values are `open-source-rds-extended-support`, `open-source-rds-extended-support-disabled`. Default value is `open-source-rds-extended-support`"
type = string
default = null
}
@@ -265,7 +271,7 @@ variable "kms_key_id" {
}
variable "manage_master_user_password" {
- description = "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password` is provided"
+ description = "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password_wo` is provided"
type = bool
default = true
}
@@ -276,8 +282,14 @@ variable "master_user_secret_kms_key_id" {
default = null
}
-variable "master_password" {
- description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Required unless `manage_master_user_password` is set to `true` or unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database"
+variable "master_password_wo" {
+ description = "Write-Only required unless `manage_master_user_password` is set to `true`, a `snapshot_identifier`, `replication_source_identifier`, or unless a `global_cluster_identifier` is provided when the cluster is the \"secondary\" cluster of a global database) Password for the master DB user"
+ type = string
+ default = null
+}
+
+variable "master_password_wo_version" {
+ description = "Used together with `master_password_wo` to trigger an update. Increment this value when an update to the `master_password_wo` is required"
type = string
default = null
}
@@ -301,15 +313,15 @@ variable "port" {
}
variable "preferred_backup_window" {
- description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC"
+ description = "Daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region, e.g. `04:00-09:00`"
type = string
- default = "02:00-03:00"
+ default = null
}
variable "preferred_maintenance_window" {
- description = "The weekly time range during which system maintenance can occur, in (UTC)"
+ description = "Weekly time range during which system maintenance can occur, in (UTC) e.g., `wed:04:00-wed:04:30`"
type = string
- default = "sun:05:00-sun:06:00"
+ default = null
}
variable "replication_source_identifier" {
@@ -320,26 +332,48 @@ variable "replication_source_identifier" {
variable "restore_to_point_in_time" {
description = "Map of nested attributes for cloning Aurora cluster"
- type = map(string)
- default = {}
+ type = object({
+ restore_to_time = optional(string)
+ restore_type = optional(string)
+ source_cluster_identifier = optional(string)
+ source_cluster_resource_id = optional(string)
+ use_latest_restorable_time = optional(bool)
+ })
+ default = null
}
variable "s3_import" {
description = "Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported)"
- type = map(string)
- default = {}
+ type = object({
+ bucket_name = string
+ bucket_prefix = optional(string)
+ ingestion_role = string
+ source_engine_version = string
+ })
+ default = null
}
variable "scaling_configuration" {
description = "Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless`"
- type = map(string)
- default = {}
+ type = object({
+ auto_pause = optional(bool)
+ max_capacity = optional(number)
+ min_capacity = optional(number)
+ seconds_before_timeout = optional(number)
+ seconds_until_auto_pause = optional(number)
+ timeout_action = optional(string)
+ })
+ default = null
}
variable "serverlessv2_scaling_configuration" {
description = "Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned`"
- type = map(string)
- default = {}
+ type = object({
+ max_capacity = number
+ min_capacity = optional(number)
+ seconds_until_auto_pause = optional(number)
+ })
+ default = null
}
variable "skip_final_snapshot" {
@@ -367,7 +401,7 @@ variable "storage_encrypted" {
}
variable "storage_type" {
- description = "Determines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ: `aurora`, `\"\"` (default, both refer to Aurora Standard), `aurora-iopt1` (Aurora I/O Optimized). Valid values for Multi-AZ: `io1` (default)."
+ description = "Determines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ: `aurora`, `\"\"` (default, both refer to Aurora Standard), `aurora-iopt1` (Aurora I/O Optimized). Valid values for Multi-AZ: `io1` (default)"
type = string
default = null
}
@@ -386,8 +420,12 @@ variable "vpc_security_group_ids" {
variable "cluster_timeouts" {
description = "Create, update, and delete timeout configurations for the cluster"
- type = map(string)
- default = {}
+ type = object({
+ create = optional(string)
+ update = optional(string)
+ delete = optional(string)
+ })
+ default = null
}
################################################################################
@@ -396,26 +434,30 @@ variable "cluster_timeouts" {
variable "instances" {
description = "Map of cluster instances and any specific/overriding attributes to be created"
- type = any
- default = {}
-}
-
-variable "auto_minor_version_upgrade" {
- description = "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`"
- type = bool
- default = null
-}
-
-variable "ca_cert_identifier" {
- description = "The identifier of the CA certificate for the DB instance"
- type = string
- default = null
-}
-
-variable "db_parameter_group_name" {
- description = "The name of the DB parameter group"
- type = string
- default = null
+ type = map(object({
+ apply_immediately = optional(bool)
+ auto_minor_version_upgrade = optional(bool)
+ availability_zone = optional(string)
+ ca_cert_identifier = optional(string)
+ copy_tags_to_snapshot = optional(bool, true)
+ custom_iam_instance_profile = optional(string)
+ db_parameter_group_name = optional(string)
+ db_subnet_group_name = optional(string)
+ identifier = optional(string)
+ identifier_prefix = optional(string)
+ instance_class = optional(string)
+ monitoring_interval = optional(number)
+ monitoring_role_arn = optional(string)
+ performance_insights_enabled = optional(bool)
+ performance_insights_kms_key_id = optional(string)
+ performance_insights_retention_period = optional(number)
+ preferred_maintenance_window = optional(string)
+ promotion_tier = optional(number)
+ publicly_accessible = optional(bool)
+ tags = optional(map(string), {})
+ }))
+ default = {}
+ nullable = false
}
variable "instances_use_identifier_prefix" {
@@ -424,46 +466,14 @@ variable "instances_use_identifier_prefix" {
default = false
}
-variable "instance_class" {
- description = "Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling"
- type = string
- default = ""
-}
-
-variable "monitoring_interval" {
- description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disable. Default is `0`"
- type = number
- default = 0
-}
-
-variable "performance_insights_enabled" {
- description = "Specifies whether Performance Insights is enabled or not"
- type = bool
- default = null
-}
-
-variable "performance_insights_kms_key_id" {
- description = "The ARN for the KMS key to encrypt Performance Insights data"
- type = string
- default = null
-}
-
-variable "performance_insights_retention_period" {
- description = "Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)"
- type = number
- default = null
-}
-
-variable "publicly_accessible" {
- description = "Determines whether instances are publicly accessible. Default `false`"
- type = bool
- default = null
-}
-
variable "instance_timeouts" {
description = "Create, update, and delete timeout configurations for the cluster instance(s)"
- type = map(string)
- default = {}
+ type = object({
+ create = optional(string)
+ update = optional(string)
+ delete = optional(string)
+ })
+ default = null
}
################################################################################
@@ -472,18 +482,29 @@ variable "instance_timeouts" {
variable "endpoints" {
description = "Map of additional cluster endpoints and their attributes to be created"
- type = any
- default = {}
+ type = map(object({
+ identifier = string
+ type = string
+ excluded_members = optional(list(string))
+ static_members = optional(list(string))
+ tags = optional(map(string), {})
+ }))
+ default = {}
+ nullable = false
}
################################################################################
-# Cluster IAM Roles
+# Cluster IAM Role Association(s)
################################################################################
-variable "iam_roles" {
+variable "role_associations" {
description = "Map of IAM roles and supported feature names to associate with the cluster"
- type = map(map(string))
- default = {}
+ type = map(object({
+ feature_name = optional(string)
+ role_arn = string
+ }))
+ default = {}
+ nullable = false
}
################################################################################
@@ -526,24 +547,12 @@ variable "iam_role_path" {
default = null
}
-variable "iam_role_managed_policy_arns" {
- description = "Set of exclusive IAM managed policy ARNs to attach to the monitoring role"
- type = list(string)
- default = null
-}
-
variable "iam_role_permissions_boundary" {
description = "The ARN of the policy that is used to set the permissions boundary for the monitoring role"
type = string
default = null
}
-variable "iam_role_force_detach_policies" {
- description = "Whether to force detaching any policies the monitoring role has before destroying it"
- type = bool
- default = null
-}
-
variable "iam_role_max_session_duration" {
description = "Maximum session duration (in seconds) that you want to set for the monitoring role"
type = number
@@ -642,10 +651,44 @@ variable "vpc_id" {
default = ""
}
-variable "security_group_rules" {
- description = "Map of security group rules to add to the cluster security group created"
- type = any
- default = {}
+variable "security_group_ingress_rules" {
+ description = "Map of security group ingress rules to add to the security group created"
+ type = map(object({
+ name = optional(string)
+
+ cidr_ipv4 = optional(string)
+ cidr_ipv6 = optional(string)
+ description = optional(string)
+ from_port = optional(number)
+ ip_protocol = optional(string, "tcp")
+ prefix_list_id = optional(string)
+ referenced_security_group_id = optional(string)
+ region = optional(string)
+ tags = optional(map(string), {})
+ to_port = optional(number)
+ }))
+ default = {}
+ nullable = false
+}
+
+variable "security_group_egress_rules" {
+ description = "Map of security group egress rules to add to the security group created"
+ type = map(object({
+ name = optional(string)
+
+ cidr_ipv4 = optional(string)
+ cidr_ipv6 = optional(string)
+ description = optional(string)
+ from_port = optional(number)
+ ip_protocol = optional(string, "tcp")
+ prefix_list_id = optional(string)
+ referenced_security_group_id = optional(string)
+ region = optional(string)
+ tags = optional(map(string), {})
+ to_port = optional(number)
+ }))
+ default = {}
+ nullable = false
}
variable "security_group_tags" {
@@ -658,80 +701,46 @@ variable "security_group_tags" {
# Cluster Parameter Group
################################################################################
-variable "create_db_cluster_parameter_group" {
- description = "Determines whether a cluster parameter should be created or use existing"
- type = bool
- default = false
-}
-
-variable "db_cluster_parameter_group_name" {
- description = "The name of the DB cluster parameter group"
- type = string
- default = null
-}
-
-variable "db_cluster_parameter_group_use_name_prefix" {
- description = "Determines whether the DB cluster parameter group name is used as a prefix"
- type = bool
- default = true
-}
-
-variable "db_cluster_parameter_group_description" {
- description = "The description of the DB cluster parameter group. Defaults to \"Managed by Terraform\""
+variable "cluster_parameter_group_name" {
+ description = "The name of an existing DB cluster parameter group. Required when `cluster_parameter_group` is not provided (`null`)"
type = string
default = null
}
-variable "db_cluster_parameter_group_family" {
- description = "The family of the DB cluster parameter group"
- type = string
- default = ""
-}
-
-variable "db_cluster_parameter_group_parameters" {
- description = "A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other"
- type = list(map(string))
- default = []
+variable "cluster_parameter_group" {
+ description = "Map of nested arguments for the created DB cluster parameter group"
+ type = object({
+ name = optional(string)
+ use_name_prefix = optional(bool, true)
+ description = optional(string)
+ family = string
+ parameters = optional(list(object({
+ name = string
+ value = string
+ apply_method = optional(string, "immediate")
+ })))
+ })
+ default = null
}
################################################################################
# DB Parameter Group
################################################################################
-variable "create_db_parameter_group" {
- description = "Determines whether a DB parameter should be created or use existing"
- type = bool
- default = false
-}
-
-variable "db_parameter_group_use_name_prefix" {
- description = "Determines whether the DB parameter group name is used as a prefix"
- type = bool
- default = true
-}
-
-variable "db_parameter_group_description" {
- description = "The description of the DB parameter group. Defaults to \"Managed by Terraform\""
- type = string
- default = null
-}
-
-variable "db_parameter_group_family" {
- description = "The family of the DB parameter group"
- type = string
- default = ""
-}
-
-variable "db_parameter_group_parameters" {
- description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other"
- type = list(map(string))
- default = []
-}
-
-variable "putin_khuylo" {
- description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
- type = bool
- default = true
+variable "db_parameter_group" {
+ description = "Map of nested arguments for the created DB parameter group"
+ type = object({
+ name = optional(string)
+ use_name_prefix = optional(bool, true)
+ description = optional(string)
+ family = string
+ parameters = optional(list(object({
+ name = string
+ value = string
+ apply_method = optional(string, "immediate")
+ })))
+ })
+ default = null
}
################################################################################
@@ -778,28 +787,14 @@ variable "cloudwatch_log_group_tags" {
# Cluster Activity Stream
################################################################################
-variable "create_db_cluster_activity_stream" {
- description = "Determines whether a cluster activity stream is created."
- type = bool
- default = false
-}
-
-variable "db_cluster_activity_stream_mode" {
- description = "Specifies the mode of the database activity stream. Database events such as a change or access generate an activity stream event. One of: sync, async"
- type = string
- default = null
-}
-
-variable "db_cluster_activity_stream_kms_key_id" {
- description = "The AWS KMS key identifier for encrypting messages in the database activity stream"
- type = string
- default = null
-}
-
-variable "engine_native_audit_fields_included" {
- description = "Specifies whether the database activity stream includes engine-native audit fields. This option only applies to an Oracle DB instance. By default, no engine-native audit fields are included"
- type = bool
- default = false
+variable "cluster_activity_stream" {
+ description = "Map of arguments for the created DB cluster activity stream"
+ type = object({
+ include_audit_fields = optional(bool, false)
+ kms_key_id = string
+ mode = string
+ })
+ default = null
}
################################################################################
@@ -807,13 +802,13 @@ variable "engine_native_audit_fields_included" {
################################################################################
variable "manage_master_user_password_rotation" {
- description = "Whether to manage the master user password rotation. By default, false on creation, rotation is managed by RDS. There is not currently a way to disable this on initial creation even when set to false. Setting this value to false after previously having been set to true will disable automatic rotation."
+ description = "Whether to manage the master user password rotation. By default, false on creation, rotation is managed by RDS. There is not currently a way to disable this on initial creation even when set to false. Setting this value to false after previously having been set to true will disable automatic rotation"
type = bool
default = false
}
variable "master_user_password_rotate_immediately" {
- description = "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window."
+ description = "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window"
type = bool
default = null
}
@@ -825,7 +820,7 @@ variable "master_user_password_rotation_automatically_after_days" {
}
variable "master_user_password_rotation_duration" {
- description = "The length of the rotation window in hours. For example, 3h for a three hour window."
+ description = "The length of the rotation window in hours. For example, 3h for a three hour window"
type = string
default = null
}
@@ -840,44 +835,26 @@ variable "master_user_password_rotation_schedule_expression" {
# RDS Shard Group
################################################################################
-variable "create_shard_group" {
- description = "Whether to create a shard group resource"
- type = bool
- default = false
-}
-
-variable "compute_redundancy" {
- description = "Specifies whether to create standby DB shard groups for the DB shard group"
- type = number
- default = null
-}
-
-variable "db_shard_group_identifier" {
- description = "The name of the DB shard group"
- type = string
- default = null
-}
-
-variable "max_acu" {
- description = "The maximum capacity of the DB shard group in Aurora capacity units (ACUs)"
- type = number
- default = null
-}
-
-variable "min_acu" {
- description = "The minimum capacity of the DB shard group in Aurora capacity units (ACUs)"
- type = number
- default = null
+variable "shard_group" {
+ description = "Arguments for the DB shard group to be created"
+ type = object({
+ compute_redundancy = optional(number)
+ identifier = string
+ max_acu = number
+ min_acu = optional(number)
+ publicly_accessible = optional(bool)
+ tags = optional(map(string), {})
+ timeouts = optional(object({
+ create = optional(string)
+ update = optional(string)
+ delete = optional(string)
+ }))
+ })
+ default = null
}
-variable "shard_group_tags" {
- description = "Additional tags for the shard group"
- type = map(string)
- default = {}
-}
-
-variable "shard_group_timeouts" {
- description = "Create, update, and delete timeout configurations for the shard group"
- type = map(string)
- default = {}
+variable "putin_khuylo" {
+ description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ type = bool
+ default = true
}
diff --git a/versions.tf b/versions.tf
index c00acf7..23d5557 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}
diff --git a/wrappers/dsql/main.tf b/wrappers/dsql/main.tf
index 07daf12..fd3999b 100644
--- a/wrappers/dsql/main.tf
+++ b/wrappers/dsql/main.tf
@@ -8,7 +8,9 @@ module "wrapper" {
create_cluster_peering = try(each.value.create_cluster_peering, var.defaults.create_cluster_peering, false)
deletion_protection_enabled = try(each.value.deletion_protection_enabled, var.defaults.deletion_protection_enabled, null)
kms_encryption_key = try(each.value.kms_encryption_key, var.defaults.kms_encryption_key, null)
+ name = try(each.value.name, var.defaults.name, "")
+ region = try(each.value.region, var.defaults.region, null)
tags = try(each.value.tags, var.defaults.tags, {})
- timeouts = try(each.value.timeouts, var.defaults.timeouts, {})
+ timeouts = try(each.value.timeouts, var.defaults.timeouts, null)
witness_region = try(each.value.witness_region, var.defaults.witness_region, null)
}
diff --git a/wrappers/dsql/versions.tf b/wrappers/dsql/versions.tf
index 7aad8ab..23d5557 100644
--- a/wrappers/dsql/versions.tf
+++ b/wrappers/dsql/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.100"
+ version = ">= 6.18"
}
}
}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index b684e9e..cdfc9ee 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -6,7 +6,6 @@ module "wrapper" {
allocated_storage = try(each.value.allocated_storage, var.defaults.allocated_storage, null)
allow_major_version_upgrade = try(each.value.allow_major_version_upgrade, var.defaults.allow_major_version_upgrade, false)
apply_immediately = try(each.value.apply_immediately, var.defaults.apply_immediately, null)
- auto_minor_version_upgrade = try(each.value.auto_minor_version_upgrade, var.defaults.auto_minor_version_upgrade, null)
autoscaling_enabled = try(each.value.autoscaling_enabled, var.defaults.autoscaling_enabled, false)
autoscaling_max_capacity = try(each.value.autoscaling_max_capacity, var.defaults.autoscaling_max_capacity, 2)
autoscaling_min_capacity = try(each.value.autoscaling_min_capacity, var.defaults.autoscaling_min_capacity, 0)
@@ -18,50 +17,35 @@ module "wrapper" {
availability_zones = try(each.value.availability_zones, var.defaults.availability_zones, null)
backtrack_window = try(each.value.backtrack_window, var.defaults.backtrack_window, null)
backup_retention_period = try(each.value.backup_retention_period, var.defaults.backup_retention_period, null)
- ca_cert_identifier = try(each.value.ca_cert_identifier, var.defaults.ca_cert_identifier, null)
cloudwatch_log_group_class = try(each.value.cloudwatch_log_group_class, var.defaults.cloudwatch_log_group_class, null)
cloudwatch_log_group_kms_key_id = try(each.value.cloudwatch_log_group_kms_key_id, var.defaults.cloudwatch_log_group_kms_key_id, null)
cloudwatch_log_group_retention_in_days = try(each.value.cloudwatch_log_group_retention_in_days, var.defaults.cloudwatch_log_group_retention_in_days, 7)
cloudwatch_log_group_skip_destroy = try(each.value.cloudwatch_log_group_skip_destroy, var.defaults.cloudwatch_log_group_skip_destroy, null)
cloudwatch_log_group_tags = try(each.value.cloudwatch_log_group_tags, var.defaults.cloudwatch_log_group_tags, {})
+ cluster_activity_stream = try(each.value.cluster_activity_stream, var.defaults.cluster_activity_stream, null)
cluster_ca_cert_identifier = try(each.value.cluster_ca_cert_identifier, var.defaults.cluster_ca_cert_identifier, null)
+ cluster_db_instance_parameter_group_name = try(each.value.cluster_db_instance_parameter_group_name, var.defaults.cluster_db_instance_parameter_group_name, null)
+ cluster_instance_class = try(each.value.cluster_instance_class, var.defaults.cluster_instance_class, null)
cluster_members = try(each.value.cluster_members, var.defaults.cluster_members, null)
cluster_monitoring_interval = try(each.value.cluster_monitoring_interval, var.defaults.cluster_monitoring_interval, 0)
+ cluster_parameter_group = try(each.value.cluster_parameter_group, var.defaults.cluster_parameter_group, null)
+ cluster_parameter_group_name = try(each.value.cluster_parameter_group_name, var.defaults.cluster_parameter_group_name, null)
cluster_performance_insights_enabled = try(each.value.cluster_performance_insights_enabled, var.defaults.cluster_performance_insights_enabled, null)
cluster_performance_insights_kms_key_id = try(each.value.cluster_performance_insights_kms_key_id, var.defaults.cluster_performance_insights_kms_key_id, null)
cluster_performance_insights_retention_period = try(each.value.cluster_performance_insights_retention_period, var.defaults.cluster_performance_insights_retention_period, null)
cluster_scalability_type = try(each.value.cluster_scalability_type, var.defaults.cluster_scalability_type, null)
cluster_tags = try(each.value.cluster_tags, var.defaults.cluster_tags, {})
- cluster_timeouts = try(each.value.cluster_timeouts, var.defaults.cluster_timeouts, {})
+ cluster_timeouts = try(each.value.cluster_timeouts, var.defaults.cluster_timeouts, null)
cluster_use_name_prefix = try(each.value.cluster_use_name_prefix, var.defaults.cluster_use_name_prefix, false)
- compute_redundancy = try(each.value.compute_redundancy, var.defaults.compute_redundancy, null)
- copy_tags_to_snapshot = try(each.value.copy_tags_to_snapshot, var.defaults.copy_tags_to_snapshot, null)
+ copy_tags_to_snapshot = try(each.value.copy_tags_to_snapshot, var.defaults.copy_tags_to_snapshot, true)
create = try(each.value.create, var.defaults.create, true)
create_cloudwatch_log_group = try(each.value.create_cloudwatch_log_group, var.defaults.create_cloudwatch_log_group, false)
- create_db_cluster_activity_stream = try(each.value.create_db_cluster_activity_stream, var.defaults.create_db_cluster_activity_stream, false)
- create_db_cluster_parameter_group = try(each.value.create_db_cluster_parameter_group, var.defaults.create_db_cluster_parameter_group, false)
- create_db_parameter_group = try(each.value.create_db_parameter_group, var.defaults.create_db_parameter_group, false)
create_db_subnet_group = try(each.value.create_db_subnet_group, var.defaults.create_db_subnet_group, false)
create_monitoring_role = try(each.value.create_monitoring_role, var.defaults.create_monitoring_role, true)
create_security_group = try(each.value.create_security_group, var.defaults.create_security_group, true)
- create_shard_group = try(each.value.create_shard_group, var.defaults.create_shard_group, false)
database_insights_mode = try(each.value.database_insights_mode, var.defaults.database_insights_mode, null)
database_name = try(each.value.database_name, var.defaults.database_name, null)
- db_cluster_activity_stream_kms_key_id = try(each.value.db_cluster_activity_stream_kms_key_id, var.defaults.db_cluster_activity_stream_kms_key_id, null)
- db_cluster_activity_stream_mode = try(each.value.db_cluster_activity_stream_mode, var.defaults.db_cluster_activity_stream_mode, null)
- db_cluster_db_instance_parameter_group_name = try(each.value.db_cluster_db_instance_parameter_group_name, var.defaults.db_cluster_db_instance_parameter_group_name, null)
- db_cluster_instance_class = try(each.value.db_cluster_instance_class, var.defaults.db_cluster_instance_class, null)
- db_cluster_parameter_group_description = try(each.value.db_cluster_parameter_group_description, var.defaults.db_cluster_parameter_group_description, null)
- db_cluster_parameter_group_family = try(each.value.db_cluster_parameter_group_family, var.defaults.db_cluster_parameter_group_family, "")
- db_cluster_parameter_group_name = try(each.value.db_cluster_parameter_group_name, var.defaults.db_cluster_parameter_group_name, null)
- db_cluster_parameter_group_parameters = try(each.value.db_cluster_parameter_group_parameters, var.defaults.db_cluster_parameter_group_parameters, [])
- db_cluster_parameter_group_use_name_prefix = try(each.value.db_cluster_parameter_group_use_name_prefix, var.defaults.db_cluster_parameter_group_use_name_prefix, true)
- db_parameter_group_description = try(each.value.db_parameter_group_description, var.defaults.db_parameter_group_description, null)
- db_parameter_group_family = try(each.value.db_parameter_group_family, var.defaults.db_parameter_group_family, "")
- db_parameter_group_name = try(each.value.db_parameter_group_name, var.defaults.db_parameter_group_name, null)
- db_parameter_group_parameters = try(each.value.db_parameter_group_parameters, var.defaults.db_parameter_group_parameters, [])
- db_parameter_group_use_name_prefix = try(each.value.db_parameter_group_use_name_prefix, var.defaults.db_parameter_group_use_name_prefix, true)
- db_shard_group_identifier = try(each.value.db_shard_group_identifier, var.defaults.db_shard_group_identifier, null)
+ db_parameter_group = try(each.value.db_parameter_group, var.defaults.db_parameter_group, null)
db_subnet_group_name = try(each.value.db_subnet_group_name, var.defaults.db_subnet_group_name, "")
delete_automated_backups = try(each.value.delete_automated_backups, var.defaults.delete_automated_backups, null)
deletion_protection = try(each.value.deletion_protection, var.defaults.deletion_protection, null)
@@ -75,22 +59,17 @@ module "wrapper" {
engine = try(each.value.engine, var.defaults.engine, null)
engine_lifecycle_support = try(each.value.engine_lifecycle_support, var.defaults.engine_lifecycle_support, null)
engine_mode = try(each.value.engine_mode, var.defaults.engine_mode, "provisioned")
- engine_native_audit_fields_included = try(each.value.engine_native_audit_fields_included, var.defaults.engine_native_audit_fields_included, false)
engine_version = try(each.value.engine_version, var.defaults.engine_version, null)
final_snapshot_identifier = try(each.value.final_snapshot_identifier, var.defaults.final_snapshot_identifier, null)
global_cluster_identifier = try(each.value.global_cluster_identifier, var.defaults.global_cluster_identifier, null)
iam_database_authentication_enabled = try(each.value.iam_database_authentication_enabled, var.defaults.iam_database_authentication_enabled, null)
iam_role_description = try(each.value.iam_role_description, var.defaults.iam_role_description, null)
- iam_role_force_detach_policies = try(each.value.iam_role_force_detach_policies, var.defaults.iam_role_force_detach_policies, null)
- iam_role_managed_policy_arns = try(each.value.iam_role_managed_policy_arns, var.defaults.iam_role_managed_policy_arns, null)
iam_role_max_session_duration = try(each.value.iam_role_max_session_duration, var.defaults.iam_role_max_session_duration, null)
iam_role_name = try(each.value.iam_role_name, var.defaults.iam_role_name, null)
iam_role_path = try(each.value.iam_role_path, var.defaults.iam_role_path, null)
iam_role_permissions_boundary = try(each.value.iam_role_permissions_boundary, var.defaults.iam_role_permissions_boundary, null)
iam_role_use_name_prefix = try(each.value.iam_role_use_name_prefix, var.defaults.iam_role_use_name_prefix, false)
- iam_roles = try(each.value.iam_roles, var.defaults.iam_roles, {})
- instance_class = try(each.value.instance_class, var.defaults.instance_class, "")
- instance_timeouts = try(each.value.instance_timeouts, var.defaults.instance_timeouts, {})
+ instance_timeouts = try(each.value.instance_timeouts, var.defaults.instance_timeouts, null)
instances = try(each.value.instances, var.defaults.instances, {})
instances_use_identifier_prefix = try(each.value.instances_use_identifier_prefix, var.defaults.instances_use_identifier_prefix, false)
iops = try(each.value.iops, var.defaults.iops, null)
@@ -98,40 +77,36 @@ module "wrapper" {
kms_key_id = try(each.value.kms_key_id, var.defaults.kms_key_id, null)
manage_master_user_password = try(each.value.manage_master_user_password, var.defaults.manage_master_user_password, true)
manage_master_user_password_rotation = try(each.value.manage_master_user_password_rotation, var.defaults.manage_master_user_password_rotation, false)
- master_password = try(each.value.master_password, var.defaults.master_password, null)
+ master_password_wo = try(each.value.master_password_wo, var.defaults.master_password_wo, null)
+ master_password_wo_version = try(each.value.master_password_wo_version, var.defaults.master_password_wo_version, null)
master_user_password_rotate_immediately = try(each.value.master_user_password_rotate_immediately, var.defaults.master_user_password_rotate_immediately, null)
master_user_password_rotation_automatically_after_days = try(each.value.master_user_password_rotation_automatically_after_days, var.defaults.master_user_password_rotation_automatically_after_days, null)
master_user_password_rotation_duration = try(each.value.master_user_password_rotation_duration, var.defaults.master_user_password_rotation_duration, null)
master_user_password_rotation_schedule_expression = try(each.value.master_user_password_rotation_schedule_expression, var.defaults.master_user_password_rotation_schedule_expression, null)
master_user_secret_kms_key_id = try(each.value.master_user_secret_kms_key_id, var.defaults.master_user_secret_kms_key_id, null)
master_username = try(each.value.master_username, var.defaults.master_username, null)
- max_acu = try(each.value.max_acu, var.defaults.max_acu, null)
- min_acu = try(each.value.min_acu, var.defaults.min_acu, null)
- monitoring_interval = try(each.value.monitoring_interval, var.defaults.monitoring_interval, 0)
monitoring_role_arn = try(each.value.monitoring_role_arn, var.defaults.monitoring_role_arn, "")
name = try(each.value.name, var.defaults.name, "")
network_type = try(each.value.network_type, var.defaults.network_type, null)
- performance_insights_enabled = try(each.value.performance_insights_enabled, var.defaults.performance_insights_enabled, null)
- performance_insights_kms_key_id = try(each.value.performance_insights_kms_key_id, var.defaults.performance_insights_kms_key_id, null)
- performance_insights_retention_period = try(each.value.performance_insights_retention_period, var.defaults.performance_insights_retention_period, null)
port = try(each.value.port, var.defaults.port, null)
predefined_metric_type = try(each.value.predefined_metric_type, var.defaults.predefined_metric_type, "RDSReaderAverageCPUUtilization")
- preferred_backup_window = try(each.value.preferred_backup_window, var.defaults.preferred_backup_window, "02:00-03:00")
- preferred_maintenance_window = try(each.value.preferred_maintenance_window, var.defaults.preferred_maintenance_window, "sun:05:00-sun:06:00")
- publicly_accessible = try(each.value.publicly_accessible, var.defaults.publicly_accessible, null)
+ preferred_backup_window = try(each.value.preferred_backup_window, var.defaults.preferred_backup_window, null)
+ preferred_maintenance_window = try(each.value.preferred_maintenance_window, var.defaults.preferred_maintenance_window, null)
putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true)
+ region = try(each.value.region, var.defaults.region, null)
replication_source_identifier = try(each.value.replication_source_identifier, var.defaults.replication_source_identifier, null)
- restore_to_point_in_time = try(each.value.restore_to_point_in_time, var.defaults.restore_to_point_in_time, {})
- s3_import = try(each.value.s3_import, var.defaults.s3_import, {})
- scaling_configuration = try(each.value.scaling_configuration, var.defaults.scaling_configuration, {})
+ restore_to_point_in_time = try(each.value.restore_to_point_in_time, var.defaults.restore_to_point_in_time, null)
+ role_associations = try(each.value.role_associations, var.defaults.role_associations, {})
+ s3_import = try(each.value.s3_import, var.defaults.s3_import, null)
+ scaling_configuration = try(each.value.scaling_configuration, var.defaults.scaling_configuration, null)
security_group_description = try(each.value.security_group_description, var.defaults.security_group_description, null)
+ security_group_egress_rules = try(each.value.security_group_egress_rules, var.defaults.security_group_egress_rules, {})
+ security_group_ingress_rules = try(each.value.security_group_ingress_rules, var.defaults.security_group_ingress_rules, {})
security_group_name = try(each.value.security_group_name, var.defaults.security_group_name, "")
- security_group_rules = try(each.value.security_group_rules, var.defaults.security_group_rules, {})
security_group_tags = try(each.value.security_group_tags, var.defaults.security_group_tags, {})
security_group_use_name_prefix = try(each.value.security_group_use_name_prefix, var.defaults.security_group_use_name_prefix, true)
- serverlessv2_scaling_configuration = try(each.value.serverlessv2_scaling_configuration, var.defaults.serverlessv2_scaling_configuration, {})
- shard_group_tags = try(each.value.shard_group_tags, var.defaults.shard_group_tags, {})
- shard_group_timeouts = try(each.value.shard_group_timeouts, var.defaults.shard_group_timeouts, {})
+ serverlessv2_scaling_configuration = try(each.value.serverlessv2_scaling_configuration, var.defaults.serverlessv2_scaling_configuration, null)
+ shard_group = try(each.value.shard_group, var.defaults.shard_group, null)
skip_final_snapshot = try(each.value.skip_final_snapshot, var.defaults.skip_final_snapshot, false)
snapshot_identifier = try(each.value.snapshot_identifier, var.defaults.snapshot_identifier, null)
source_region = try(each.value.source_region, var.defaults.source_region, null)
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index c00acf7..23d5557 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.11"
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.89"
+ version = ">= 6.18"
}
}
}