feat: Add options to manage log group RDSOSMetrics

README.md

@@ -246,11 +246,13 @@ No resources.
 | <a name="input_character_set_name"></a> [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
+| <a name="input_cloudwatch_log_group_rdsosmetrics_retention_in_days"></a> [cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days](#input\_cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days) | The number of days to retain CloudWatch logs for RDSOSMetrics log group | `number` | `30` | no |
 | <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
 | <a name="input_cloudwatch_log_group_skip_destroy"></a> [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
 | <a name="input_cloudwatch_log_group_tags"></a> [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | Additional tags for the CloudWatch log group(s) | `map(string)` | `{}` | no |
 | <a name="input_copy_tags_to_snapshot"></a> [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no |
+| <a name="input_create_cloudwatch_log_group_rdsosmetrics"></a> [create\_cloudwatch\_log\_group\_rdsosmetrics](#input\_create\_cloudwatch\_log\_group\_rdsosmetrics) | Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring\_interval > 0 | `bool` | `false` | no |
 | <a name="input_create_db_instance"></a> [create\_db\_instance](#input\_create\_db\_instance) | Whether to create a database instance | `bool` | `true` | no |
 | <a name="input_create_db_option_group"></a> [create\_db\_option\_group](#input\_create\_db\_option\_group) | Create a database option group | `bool` | `true` | no |
 | <a name="input_create_db_parameter_group"></a> [create\_db\_parameter\_group](#input\_create\_db\_parameter\_group) | Whether to create a database parameter group | `bool` | `true` | no |

examples/enhanced-monitoring/main.tf

@@ -57,6 +57,8 @@ module "db" {
   monitoring_interval = 30
   monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn
 
+  create_cloudwatch_log_group_rdsosmetrics = true
+
   performance_insights_enabled          = true
   performance_insights_retention_period = 7
   create_monitoring_role                = true

main.tf

@@ -139,6 +139,9 @@ module "db_instance" {
   create_monitoring_role               = var.create_monitoring_role
   monitoring_role_permissions_boundary = var.monitoring_role_permissions_boundary
 
+  create_cloudwatch_log_group_rdsosmetrics            = var.create_cloudwatch_log_group_rdsosmetrics
+  cloudwatch_log_group_rdsosmetrics_retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days
+
   character_set_name       = var.character_set_name
   nchar_character_set_name = var.nchar_character_set_name
   timezone                 = var.timezone

modules/db_instance/README.md

@@ -49,12 +49,14 @@ No modules.
 | <a name="input_character_set_name"></a> [character\_set\_name](#input\_character\_set\_name) | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_class"></a> [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS | `string` | `null` | no |
 | <a name="input_cloudwatch_log_group_kms_key_id"></a> [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
+| <a name="input_cloudwatch_log_group_rdsosmetrics_retention_in_days"></a> [cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days](#input\_cloudwatch\_log\_group\_rdsosmetrics\_retention\_in\_days) | The number of days to retain CloudWatch logs for RDSOSMetrics log group | `number` | `30` | no |
 | <a name="input_cloudwatch_log_group_retention_in_days"></a> [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
 | <a name="input_cloudwatch_log_group_skip_destroy"></a> [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
 | <a name="input_cloudwatch_log_group_tags"></a> [cloudwatch\_log\_group\_tags](#input\_cloudwatch\_log\_group\_tags) | Additional tags for the CloudWatch log group(s) | `map(string)` | `{}` | no |
 | <a name="input_copy_tags_to_snapshot"></a> [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | On delete, copy all Instance tags to the final snapshot | `bool` | `false` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no |
 | <a name="input_create_cloudwatch_log_group"></a> [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no |
+| <a name="input_create_cloudwatch_log_group_rdsosmetrics"></a> [create\_cloudwatch\_log\_group\_rdsosmetrics](#input\_create\_cloudwatch\_log\_group\_rdsosmetrics) | Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring\_interval > 0 | `bool` | `false` | no |
 | <a name="input_create_monitoring_role"></a> [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | `bool` | `false` | no |
 | <a name="input_custom_iam_instance_profile"></a> [custom\_iam\_instance\_profile](#input\_custom\_iam\_instance\_profile) | RDS custom iam instance profile | `string` | `null` | no |
 | <a name="input_db_instance_tags"></a> [db\_instance\_tags](#input\_db\_instance\_tags) | A map of additional tags for the DB instance | `map(string)` | `{}` | no |

modules/db_instance/main.tf

@@ -137,7 +137,10 @@ resource "aws_db_instance" "this" {
 
   tags = merge(var.tags, var.db_instance_tags)
 
-  depends_on = [aws_cloudwatch_log_group.this]
+  depends_on = [
+    aws_cloudwatch_log_group.this,
+    aws_cloudwatch_log_group.rdsosmetrics,
+  ]
 
   timeouts {
     create = lookup(var.timeouts, "create", null)
@@ -223,3 +226,12 @@ resource "aws_secretsmanager_secret_rotation" "this" {
     schedule_expression      = var.master_user_password_rotation_schedule_expression
   }
 }
+
+resource "aws_cloudwatch_log_group" "rdsosmetrics" {
+  count = var.create_cloudwatch_log_group_rdsosmetrics ? 1 : 0
+
+  name              = "RDSOSMetrics"
+  retention_in_days = var.cloudwatch_log_group_rdsosmetrics_retention_in_days
+
+  tags = var.tags
+}

modules/db_instance/variables.tf

@@ -444,6 +444,18 @@ variable "upgrade_storage_config" {
   default     = null
 }
 
+variable "create_cloudwatch_log_group_rdsosmetrics" {
+  description = "Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring_interval > 0"
+  type        = bool
+  default     = false
+}
+
+variable "cloudwatch_log_group_rdsosmetrics_retention_in_days" {
+  description = "The number of days to retain CloudWatch logs for RDSOSMetrics log group"
+  type        = number
+  default     = 30
+}
+
 ################################################################################
 # CloudWatch Log Group
 ################################################################################

variables.tf

@@ -571,6 +571,18 @@ variable "upgrade_storage_config" {
   default     = null
 }
 
+variable "create_cloudwatch_log_group_rdsosmetrics" {
+  description = "Determines whether a RDSOSMetrics CloudWatch log group is created by and managed by Terraform (otherwise it's created by RDS). This is useful only if monitoring_interval > 0"
+  type        = bool
+  default     = false
+}
+
+variable "cloudwatch_log_group_rdsosmetrics_retention_in_days" {
+  description = "The number of days to retain CloudWatch logs for RDSOSMetrics log group"
+  type        = number
+  default     = 30
+}
+
 ################################################################################
 # CloudWatch Log Group
 ################################################################################