diff --git a/modules/aws_ecs/main.tf b/modules/aws_ecs/main.tf
index 9750935..9b50ee1 100644
--- a/modules/aws_ecs/main.tf
+++ b/modules/aws_ecs/main.tf
@@ -42,6 +42,7 @@ resource "aws_db_instance" "this" {
   storage_throughput           = var.rds_storage_throughput
   iops                         = var.rds_iops
   multi_az                     = var.rds_multi_az
+  allow_major_version_upgrade  = var.allow_rds_major_version_upgrade
 
   skip_final_snapshot = true
   apply_immediately   = true
@@ -454,12 +455,12 @@ resource "aws_ecs_task_definition" "retool_code_executor" {
     local.common_containers,
     [
       {
-        name       = "retool-code-executor"
-        essential  = true
-        image      = local.ecs_code_executor_image
-        cpu        = var.launch_type == "EC2" ? var.ecs_task_resource_map["code_executor"]["cpu"] : null
-        memory     = var.launch_type == "EC2" ? var.ecs_task_resource_map["code_executor"]["memory"] : null
-        user       = var.launch_type == "EC2" ? null : "1001:1001"
+        name      = "retool-code-executor"
+        essential = true
+        image     = local.ecs_code_executor_image
+        cpu       = var.launch_type == "EC2" ? var.ecs_task_resource_map["code_executor"]["cpu"] : null
+        memory    = var.launch_type == "EC2" ? var.ecs_task_resource_map["code_executor"]["memory"] : null
+        user      = var.launch_type == "EC2" ? null : "1001:1001"
         # required to use nsjail sandboxing, which is required for custom libraries for JS and Python
         # Learn more here: https://docs.retool.com/self-hosted/concepts/architecture#code-executor
         # If not using nsjail sandboxing, update this to be false and use user = "1001:1001"
@@ -486,7 +487,7 @@ resource "aws_ecs_task_definition" "retool_code_executor" {
           local.base_environment_variables,
           [
             {
-              name = "NODE_OPTIONS",
+              name  = "NODE_OPTIONS",
               value = "--max_old_space_size=1024"
             }
           ],
@@ -635,7 +636,7 @@ resource "aws_service_discovery_service" "retool_code_executor_service" {
 
 resource "aws_service_discovery_service" "retool_telemetry_service" {
   count = var.telemetry_enabled ? 1 : 0
-  name = "telemetry"
+  name  = "telemetry"
 
   dns_config {
     namespace_id = aws_service_discovery_private_dns_namespace.retool_namespace[0].id
@@ -701,4 +702,5 @@ module "temporal" {
   aws_ecs_capacity_provider_name               = var.launch_type == "EC2" ? aws_ecs_capacity_provider.this[0].name : null
   task_propagate_tags                          = var.task_propagate_tags
   service_discovery_namespace                  = local.service_discovery_namespace
+  allow_rds_major_version_upgrade              = var.allow_rds_major_version_upgrade
 }
diff --git a/modules/aws_ecs/temporal/main.tf b/modules/aws_ecs/temporal/main.tf
index 9d9ef7d..4cfe13a 100644
--- a/modules/aws_ecs/temporal/main.tf
+++ b/modules/aws_ecs/temporal/main.tf
@@ -2,11 +2,12 @@ module "temporal_aurora_rds" {
   source  = "terraform-aws-modules/rds-aurora/aws"
   version = "8.5.0"
 
-  name              = "${var.deployment_name}-temporal-rds-instance"
-  engine            = "aurora-postgresql"
-  engine_mode       = "provisioned"
-  engine_version    = var.temporal_aurora_engine_version
-  storage_encrypted = true
+  name                        = "${var.deployment_name}-temporal-rds-instance"
+  engine                      = "aurora-postgresql"
+  engine_mode                 = "provisioned"
+  engine_version              = var.temporal_aurora_engine_version
+  allow_major_version_upgrade = var.allow_rds_major_version_upgrade
+  storage_encrypted           = true
 
   vpc_id = var.vpc_id
 
diff --git a/modules/aws_ecs/temporal/variables.tf b/modules/aws_ecs/temporal/variables.tf
index 4f0390e..a5c8213 100644
--- a/modules/aws_ecs/temporal/variables.tf
+++ b/modules/aws_ecs/temporal/variables.tf
@@ -210,3 +210,9 @@ variable "service_discovery_namespace" {
   type        = string
   description = "Service discovery namespace DNS name for Retool ECS cluster."
 }
+
+variable "allow_rds_major_version_upgrade" {
+  type        = bool
+  default     = false
+  description = "Whether to allow major version upgrades for RDS. Defaults to false, set to true when upgrading Retool."
+}
diff --git a/modules/aws_ecs/variables.tf b/modules/aws_ecs/variables.tf
index b6e127a..2e1f5b0 100644
--- a/modules/aws_ecs/variables.tf
+++ b/modules/aws_ecs/variables.tf
@@ -596,3 +596,9 @@ variable "alb_egress_rules" {
   ]
   description = "Egress rules for load balancer"
 }
+
+variable "allow_rds_major_version_upgrade" {
+  type        = bool
+  default     = false
+  description = "Whether to allow major version upgrades for RDS. Defaults to false, set to true when upgrading Retool."
+}