Skip to content

Commit b3e0aec

Browse files
buribburib
authored
feat: Add support for permissions boundary on enhanced monitoring role (#483)
1 parent ae8cf4a commit b3e0aec

File tree

3 files changed

+19
-11
lines changed

3 files changed

+19
-11
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -290,6 +290,7 @@ Users have the ability to:
290290
| <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero | `string` | `null` | no |
291291
| <a name="input_monitoring_role_description"></a> [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no |
292292
| <a name="input_monitoring_role_name"></a> [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled | `string` | `"rds-monitoring-role"` | no |
293+
| <a name="input_monitoring_role_permissions_boundary"></a> [monitoring\_role\_permissions\_boundary](#input\_monitoring\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the monitoring IAM role | `string` | `null` | no |
293294
| <a name="input_monitoring_role_use_name_prefix"></a> [monitoring\_role\_use\_name\_prefix](#input\_monitoring\_role\_use\_name\_prefix) | Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix | `bool` | `false` | no |
294295
| <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
295296
| <a name="input_network_type"></a> [network\_type](#input\_network\_type) | The type of network stack to use | `string` | `null` | no |

main.tf

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -119,17 +119,18 @@ module "db_instance" {
119119
performance_insights_retention_period = var.performance_insights_retention_period
120120
performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null
121121

122-
replicate_source_db = var.replicate_source_db
123-
replica_mode = var.replica_mode
124-
backup_retention_period = var.backup_retention_period
125-
backup_window = var.backup_window
126-
max_allocated_storage = var.max_allocated_storage
127-
monitoring_interval = var.monitoring_interval
128-
monitoring_role_arn = var.monitoring_role_arn
129-
monitoring_role_name = var.monitoring_role_name
130-
monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix
131-
monitoring_role_description = var.monitoring_role_description
132-
create_monitoring_role = var.create_monitoring_role
122+
replicate_source_db = var.replicate_source_db
123+
replica_mode = var.replica_mode
124+
backup_retention_period = var.backup_retention_period
125+
backup_window = var.backup_window
126+
max_allocated_storage = var.max_allocated_storage
127+
monitoring_interval = var.monitoring_interval
128+
monitoring_role_arn = var.monitoring_role_arn
129+
monitoring_role_name = var.monitoring_role_name
130+
monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix
131+
monitoring_role_description = var.monitoring_role_description
132+
create_monitoring_role = var.create_monitoring_role
133+
monitoring_role_permissions_boundary = var.monitoring_role_permissions_boundary
133134

134135
character_set_name = var.character_set_name
135136
timezone = var.timezone

variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,12 @@ variable "create_monitoring_role" {
217217
default = false
218218
}
219219

220+
variable "monitoring_role_permissions_boundary" {
221+
description = "ARN of the policy that is used to set the permissions boundary for the monitoring IAM role"
222+
type = string
223+
default = null
224+
}
225+
220226
variable "allow_major_version_upgrade" {
221227
description = "Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible"
222228
type = bool

0 commit comments

Comments
 (0)