diff --git a/README.md b/README.md
index 45047f34..d5da3a50 100644
--- a/README.md
+++ b/README.md
@@ -246,11 +246,13 @@ No resources.
| [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation | `string` | `null` | no |
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
+| [cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days](#input\_cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days) | The number of days to retain CloudWatch logs for RDSOSMetrics log group | `number` | `30` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | Additional tags for the CloudWatch log group(s) | `map(string)` | `{}` | no |
| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no |
| [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no |
+| [create\_cloudwatch\_log\_group\_rdsosmetrics](#input\_create\_cloudwatch\_log\_group\_rdsosmetrics) | Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring\_interval > 0 | `bool` | `false` | no |
| [create\_db\_instance](#input\_create\_db\_instance) | Whether to create a database instance | `bool` | `true` | no |
| [create\_db\_option\_group](#input\_create\_db\_option\_group) | Create a database option group | `bool` | `true` | no |
| [create\_db\_parameter\_group](#input\_create\_db\_parameter\_group) | Whether to create a database parameter group | `bool` | `true` | no |
diff --git a/examples/enhanced-monitoring/main.tf b/examples/enhanced-monitoring/main.tf
index 3cdfb51d..b67e14d6 100644
--- a/examples/enhanced-monitoring/main.tf
+++ b/examples/enhanced-monitoring/main.tf
@@ -57,6 +57,8 @@ module "db" {
monitoring_interval = 30
monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn
+ create_cloudwatch_log_group_rdsosmetrics = true
+
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
diff --git a/main.tf b/main.tf
index 44249211..51e53049 100644
--- a/main.tf
+++ b/main.tf
@@ -139,6 +139,9 @@ module "db_instance" {
create_monitoring_role = var.create_monitoring_role
monitoring_role_permissions_boundary = var.monitoring_role_permissions_boundary
+ create_cloudwatch_log_group_rdsosmetrics = var.create_cloudwatch_log_group_rdsosmetrics
+ cloudwatch_log_group_rdsosmetrics_retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days
+
character_set_name = var.character_set_name
nchar_character_set_name = var.nchar_character_set_name
timezone = var.timezone
diff --git a/modules/db_instance/README.md b/modules/db_instance/README.md
index b48683d3..b7b208cf 100644
--- a/modules/db_instance/README.md
+++ b/modules/db_instance/README.md
@@ -49,12 +49,14 @@ No modules.
| [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no |
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
+| [cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days](#input\_cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days) | The number of days to retain CloudWatch logs for RDSOSMetrics log group | `number` | `30` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
| [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | Additional tags for the CloudWatch log group(s) | `map(string)` | `{}` | no |
| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no |
| [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no |
| [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no |
+| [create\_cloudwatch\_log\_group\_rdsosmetrics](#input\_create\_cloudwatch\_log\_group\_rdsosmetrics) | Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring\_interval > 0 | `bool` | `false` | no |
| [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | `bool` | `false` | no |
| [custom\_iam\_instance\_profile](#input\_custom\_iam\_instance\_profile) | RDS custom iam instance profile | `string` | `null` | no |
| [db\_instance\_tags](#input\_db\_instance\_tags) | A map of additional tags for the DB instance | `map(string)` | `{}` | no |
diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf
index 2fbe7138..efef8e4e 100644
--- a/modules/db_instance/main.tf
+++ b/modules/db_instance/main.tf
@@ -137,7 +137,10 @@ resource "aws_db_instance" "this" {
tags = merge(var.tags, var.db_instance_tags)
- depends_on = [aws_cloudwatch_log_group.this]
+ depends_on = [
+ aws_cloudwatch_log_group.this,
+ aws_cloudwatch_log_group.rdsosmetrics,
+ ]
timeouts {
create = lookup(var.timeouts, "create", null)
@@ -223,3 +226,12 @@ resource "aws_secretsmanager_secret_rotation" "this" {
schedule_expression = var.master_user_password_rotation_schedule_expression
}
}
+
+resource "aws_cloudwatch_log_group" "rdsosmetrics" {
+ count = var.create_cloudwatch_log_group_rdsosmetrics ? 1 : 0
+
+ name = "RDSOSMetrics"
+ retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days
+
+ tags = var.tags
+}
diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf
index 4c854c1c..592d999e 100644
--- a/modules/db_instance/variables.tf
+++ b/modules/db_instance/variables.tf
@@ -444,6 +444,18 @@ variable "upgrade_storage_config" {
default = null
}
+variable "create_cloudwatch_log_group_rdsosmetrics" {
+ description = "Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring_interval > 0"
+ type = bool
+ default = false
+}
+
+variable "cloudwatch_log_group_rdsosmetrics_retention_in_days" {
+ description = "The number of days to retain CloudWatch logs for RDSOSMetrics log group"
+ type = number
+ default = 30
+}
+
################################################################################
# CloudWatch Log Group
################################################################################
diff --git a/variables.tf b/variables.tf
index 4f202732..dccc0386 100644
--- a/variables.tf
+++ b/variables.tf
@@ -571,6 +571,18 @@ variable "upgrade_storage_config" {
default = null
}
+variable "create_cloudwatch_log_group_rdsosmetrics" {
+ description = "Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring_interval > 0"
+ type = bool
+ default = false
+}
+
+variable "cloudwatch_log_group_rdsosmetrics_retention_in_days" {
+ description = "The number of days to retain CloudWatch logs for RDSOSMetrics log group"
+ type = number
+ default = 30
+}
+
################################################################################
# CloudWatch Log Group
################################################################################