diff --git a/main.tf b/main.tf index 10f39b2d..53e0a293 100644 --- a/main.tf +++ b/main.tf @@ -1,113 +1,114 @@ locals { - db_subnet_group_name = "${coalesce(var.db_subnet_group_name, module.db_subnet_group.this_db_subnet_group_id)}" - enable_create_db_subnet_group = "${var.db_subnet_group_name == "" ? var.create_db_subnet_group : 0}" + db_subnet_group_name = var.db_subnet_group_name != "" ? var.db_subnet_group_name : module.db_subnet_group.this_db_subnet_group_id + enable_create_db_subnet_group = (var.db_subnet_group_name == "" ? var.create_db_subnet_group : false) - parameter_group_name = "${coalesce(var.parameter_group_name, var.identifier)}" - parameter_group_name_id = "${coalesce(var.parameter_group_name, module.db_parameter_group.this_db_parameter_group_id)}" + parameter_group_name = var.parameter_group_name != "" ? var.parameter_group_name : var.identifier + parameter_group_name_id = var.parameter_group_name != "" ? var.parameter_group_name : module.db_parameter_group.this_db_parameter_group_id - option_group_name = "${coalesce(var.option_group_name, module.db_option_group.this_db_option_group_id)}" - enable_create_db_option_group = "${var.option_group_name == "" && var.engine != "postgres" ? var.create_db_option_group : 0}" + option_group_name = var.option_group_name != "" ? var.option_group_name : module.db_option_group.this_db_option_group_id + enable_create_db_option_group = (var.option_group_name == "" && var.engine != "postgres" ? var.create_db_option_group : false) } module "db_subnet_group" { source = "./modules/db_subnet_group" - create = "${local.enable_create_db_subnet_group}" - identifier = "${var.identifier}" + create = local.enable_create_db_subnet_group + identifier = var.identifier name_prefix = "${var.identifier}-" - subnet_ids = ["${var.subnet_ids}"] + subnet_ids = var.subnet_ids - tags = "${var.tags}" + tags = var.tags } module "db_parameter_group" { source = "./modules/db_parameter_group" - create = "${var.create_db_parameter_group}" - identifier = "${var.identifier}" - name = "${var.parameter_group_name}" - description = "${var.parameter_group_description}" + create = var.create_db_parameter_group + identifier = var.identifier + name = var.parameter_group_name + description = var.parameter_group_description name_prefix = "${var.identifier}-" - use_name_prefix = "${var.use_parameter_group_name_prefix}" - family = "${var.family}" + use_name_prefix = var.use_parameter_group_name_prefix + family = var.family - parameters = ["${var.parameters}"] + parameters = var.parameters - tags = "${var.tags}" + tags = var.tags } module "db_option_group" { source = "./modules/db_option_group" - create = "${local.enable_create_db_option_group}" - identifier = "${var.identifier}" + create = local.enable_create_db_option_group + identifier = var.identifier name_prefix = "${var.identifier}-" - option_group_description = "${var.option_group_description}" - engine_name = "${var.engine}" - major_engine_version = "${var.major_engine_version}" + option_group_description = var.option_group_description + engine_name = var.engine + major_engine_version = var.major_engine_version - options = ["${var.options}"] + options = var.options - tags = "${var.tags}" + tags = var.tags } module "db_instance" { source = "./modules/db_instance" - create = "${var.create_db_instance}" - identifier = "${var.identifier}" - engine = "${var.engine}" - engine_version = "${var.engine_version}" - instance_class = "${var.instance_class}" - allocated_storage = "${var.allocated_storage}" - storage_type = "${var.storage_type}" - storage_encrypted = "${var.storage_encrypted}" - kms_key_id = "${var.kms_key_id}" - license_model = "${var.license_model}" - - name = "${var.name}" - username = "${var.username}" - password = "${var.password}" - port = "${var.port}" - iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" - - replicate_source_db = "${var.replicate_source_db}" - - snapshot_identifier = "${var.snapshot_identifier}" - - vpc_security_group_ids = ["${var.vpc_security_group_ids}"] - db_subnet_group_name = "${local.db_subnet_group_name}" - parameter_group_name = "${local.parameter_group_name_id}" - option_group_name = "${local.option_group_name}" - - availability_zone = "${var.availability_zone}" - multi_az = "${var.multi_az}" - iops = "${var.iops}" - publicly_accessible = "${var.publicly_accessible}" - - allow_major_version_upgrade = "${var.allow_major_version_upgrade}" - auto_minor_version_upgrade = "${var.auto_minor_version_upgrade}" - apply_immediately = "${var.apply_immediately}" - maintenance_window = "${var.maintenance_window}" - skip_final_snapshot = "${var.skip_final_snapshot}" - copy_tags_to_snapshot = "${var.copy_tags_to_snapshot}" - final_snapshot_identifier = "${var.final_snapshot_identifier}" - - backup_retention_period = "${var.backup_retention_period}" - backup_window = "${var.backup_window}" - - monitoring_interval = "${var.monitoring_interval}" - monitoring_role_arn = "${var.monitoring_role_arn}" - monitoring_role_name = "${var.monitoring_role_name}" - create_monitoring_role = "${var.create_monitoring_role}" - - timezone = "${var.timezone}" - character_set_name = "${var.character_set_name}" - enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}" - - timeouts = "${var.timeouts}" - - deletion_protection = "${var.deletion_protection}" - - tags = "${var.tags}" + create = var.create_db_instance + identifier = var.identifier + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + allocated_storage = var.allocated_storage + storage_type = var.storage_type + storage_encrypted = var.storage_encrypted + kms_key_id = var.kms_key_id + license_model = var.license_model + + name = var.name + username = var.username + password = var.password + port = var.port + iam_database_authentication_enabled = var.iam_database_authentication_enabled + + replicate_source_db = var.replicate_source_db + + snapshot_identifier = var.snapshot_identifier + + vpc_security_group_ids = var.vpc_security_group_ids + db_subnet_group_name = local.db_subnet_group_name + parameter_group_name = local.parameter_group_name_id + option_group_name = local.option_group_name + + availability_zone = var.availability_zone + multi_az = var.multi_az + iops = var.iops + publicly_accessible = var.publicly_accessible + + allow_major_version_upgrade = var.allow_major_version_upgrade + auto_minor_version_upgrade = var.auto_minor_version_upgrade + apply_immediately = var.apply_immediately + maintenance_window = var.maintenance_window + skip_final_snapshot = var.skip_final_snapshot + copy_tags_to_snapshot = var.copy_tags_to_snapshot + final_snapshot_identifier = var.final_snapshot_identifier + + backup_retention_period = var.backup_retention_period + backup_window = var.backup_window + + monitoring_interval = var.monitoring_interval + monitoring_role_arn = var.monitoring_role_arn + monitoring_role_name = var.monitoring_role_name + create_monitoring_role = var.create_monitoring_role + + timezone = var.timezone + character_set_name = var.character_set_name + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + + timeouts = var.timeouts + + deletion_protection = var.deletion_protection + + tags = var.tags } + diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf index 12332607..79fef98c 100644 --- a/modules/db_instance/main.tf +++ b/modules/db_instance/main.tf @@ -1,134 +1,163 @@ locals { - is_mssql = "${element(split("-",var.engine), 0) == "sqlserver"}" + is_mssql = element(split("-", var.engine), 0) == "sqlserver" } resource "aws_iam_role" "enhanced_monitoring" { - count = "${var.create_monitoring_role ? 1 : 0}" - - name = "${var.monitoring_role_name}" - assume_role_policy = "${file("${path.module}/policy/enhancedmonitoring.json")}" - tags = "${merge(map("Name", format("%s", var.monitoring_role_name)), var.tags)}" + count = var.create_monitoring_role ? 1 : 0 + + name = var.monitoring_role_name + assume_role_policy = file("${path.module}/policy/enhancedmonitoring.json") + tags = merge( + { + "Name" = format("%s", var.monitoring_role_name) + }, + var.tags, + ) } resource "aws_iam_role_policy_attachment" "enhanced_monitoring" { - count = "${var.create_monitoring_role ? 1 : 0}" + count = var.create_monitoring_role ? 1 : 0 - role = "${aws_iam_role.enhanced_monitoring.name}" + role = aws_iam_role.enhanced_monitoring[0].name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" } resource "aws_db_instance" "this" { - count = "${var.create && !local.is_mssql ? 1 : 0}" - - identifier = "${var.identifier}" - - engine = "${var.engine}" - engine_version = "${var.engine_version}" - instance_class = "${var.instance_class}" - allocated_storage = "${var.allocated_storage}" - storage_type = "${var.storage_type}" - storage_encrypted = "${var.storage_encrypted}" - kms_key_id = "${var.kms_key_id}" - license_model = "${var.license_model}" - - name = "${var.name}" - username = "${var.username}" - password = "${var.password}" - port = "${var.port}" - iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" - - replicate_source_db = "${var.replicate_source_db}" - - snapshot_identifier = "${var.snapshot_identifier}" - - vpc_security_group_ids = ["${var.vpc_security_group_ids}"] - db_subnet_group_name = "${var.db_subnet_group_name}" - parameter_group_name = "${var.parameter_group_name}" - option_group_name = "${var.option_group_name}" - - availability_zone = "${var.availability_zone}" - multi_az = "${var.multi_az}" - iops = "${var.iops}" - publicly_accessible = "${var.publicly_accessible}" - monitoring_interval = "${var.monitoring_interval}" - monitoring_role_arn = "${coalesce(var.monitoring_role_arn, join("", aws_iam_role.enhanced_monitoring.*.arn))}" - - allow_major_version_upgrade = "${var.allow_major_version_upgrade}" - auto_minor_version_upgrade = "${var.auto_minor_version_upgrade}" - apply_immediately = "${var.apply_immediately}" - maintenance_window = "${var.maintenance_window}" - skip_final_snapshot = "${var.skip_final_snapshot}" - copy_tags_to_snapshot = "${var.copy_tags_to_snapshot}" - final_snapshot_identifier = "${var.final_snapshot_identifier}" - - backup_retention_period = "${var.backup_retention_period}" - backup_window = "${var.backup_window}" - - character_set_name = "${var.character_set_name}" - - enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}" - - timeouts = "${var.timeouts}" - - deletion_protection = "${var.deletion_protection}" - - tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}" + count = var.create && false == local.is_mssql ? 1 : 0 + + identifier = var.identifier + + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + allocated_storage = var.allocated_storage + storage_type = var.storage_type + storage_encrypted = var.storage_encrypted + kms_key_id = var.kms_key_id + license_model = var.license_model + + name = var.name + username = var.username + password = var.password + port = var.port + iam_database_authentication_enabled = var.iam_database_authentication_enabled + + replicate_source_db = var.replicate_source_db + + snapshot_identifier = var.snapshot_identifier + + vpc_security_group_ids = var.vpc_security_group_ids + db_subnet_group_name = var.db_subnet_group_name + parameter_group_name = var.parameter_group_name + option_group_name = var.option_group_name + + availability_zone = var.availability_zone + multi_az = var.multi_az + iops = var.iops + publicly_accessible = var.publicly_accessible + monitoring_interval = var.monitoring_interval + monitoring_role_arn = var.monitoring_role_arn != "" ? var.monitoring_role_arn : join("", aws_iam_role.enhanced_monitoring.*.arn) != "" ? join("", aws_iam_role.enhanced_monitoring.*.arn) : "" + + allow_major_version_upgrade = var.allow_major_version_upgrade + auto_minor_version_upgrade = var.auto_minor_version_upgrade + apply_immediately = var.apply_immediately + maintenance_window = var.maintenance_window + skip_final_snapshot = var.skip_final_snapshot + copy_tags_to_snapshot = var.copy_tags_to_snapshot + final_snapshot_identifier = var.final_snapshot_identifier + + backup_retention_period = var.backup_retention_period + backup_window = var.backup_window + + character_set_name = var.character_set_name + + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + + deletion_protection = var.deletion_protection + + tags = merge( + var.tags, + { + "Name" = format("%s", var.identifier) + }, + ) } resource "aws_db_instance" "this_mssql" { - count = "${var.create && local.is_mssql ? 1 : 0}" - - identifier = "${var.identifier}" - - engine = "${var.engine}" - engine_version = "${var.engine_version}" - instance_class = "${var.instance_class}" - allocated_storage = "${var.allocated_storage}" - storage_type = "${var.storage_type}" - storage_encrypted = "${var.storage_encrypted}" - kms_key_id = "${var.kms_key_id}" - license_model = "${var.license_model}" - - name = "${var.name}" - username = "${var.username}" - password = "${var.password}" - port = "${var.port}" - iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" - - replicate_source_db = "${var.replicate_source_db}" - - snapshot_identifier = "${var.snapshot_identifier}" - - vpc_security_group_ids = ["${var.vpc_security_group_ids}"] - db_subnet_group_name = "${var.db_subnet_group_name}" - parameter_group_name = "${var.parameter_group_name}" - option_group_name = "${var.option_group_name}" - - availability_zone = "${var.availability_zone}" - multi_az = "${var.multi_az}" - iops = "${var.iops}" - publicly_accessible = "${var.publicly_accessible}" - monitoring_interval = "${var.monitoring_interval}" - monitoring_role_arn = "${coalesce(var.monitoring_role_arn, join("", aws_iam_role.enhanced_monitoring.*.arn))}" - - allow_major_version_upgrade = "${var.allow_major_version_upgrade}" - auto_minor_version_upgrade = "${var.auto_minor_version_upgrade}" - apply_immediately = "${var.apply_immediately}" - maintenance_window = "${var.maintenance_window}" - skip_final_snapshot = "${var.skip_final_snapshot}" - copy_tags_to_snapshot = "${var.copy_tags_to_snapshot}" - final_snapshot_identifier = "${var.final_snapshot_identifier}" - - backup_retention_period = "${var.backup_retention_period}" - backup_window = "${var.backup_window}" - - timezone = "${var.timezone}" - - enabled_cloudwatch_logs_exports = "${var.enabled_cloudwatch_logs_exports}" - - timeouts = "${var.timeouts}" - - deletion_protection = "${var.deletion_protection}" - - tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}" + count = var.create && local.is_mssql ? 1 : 0 + + identifier = var.identifier + + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + allocated_storage = var.allocated_storage + storage_type = var.storage_type + storage_encrypted = var.storage_encrypted + kms_key_id = var.kms_key_id + license_model = var.license_model + + name = var.name + username = var.username + password = var.password + port = var.port + iam_database_authentication_enabled = var.iam_database_authentication_enabled + + replicate_source_db = var.replicate_source_db + + snapshot_identifier = var.snapshot_identifier + + vpc_security_group_ids = var.vpc_security_group_ids + db_subnet_group_name = var.db_subnet_group_name + parameter_group_name = var.parameter_group_name + option_group_name = var.option_group_name + + availability_zone = var.availability_zone + multi_az = var.multi_az + iops = var.iops + publicly_accessible = var.publicly_accessible + monitoring_interval = var.monitoring_interval + monitoring_role_arn = coalesce( + var.monitoring_role_arn, + join("", aws_iam_role.enhanced_monitoring.*.arn), + ) + + allow_major_version_upgrade = var.allow_major_version_upgrade + auto_minor_version_upgrade = var.auto_minor_version_upgrade + apply_immediately = var.apply_immediately + maintenance_window = var.maintenance_window + skip_final_snapshot = var.skip_final_snapshot + copy_tags_to_snapshot = var.copy_tags_to_snapshot + final_snapshot_identifier = var.final_snapshot_identifier + + backup_retention_period = var.backup_retention_period + backup_window = var.backup_window + + timezone = var.timezone + + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + + dynamic "timeouts" { + for_each = var.timeouts + content { + # TF-UPGRADE-TODO: The automatic upgrade tool can't predict + # which keys might be set in maps assigned here, so it has + # produced a comprehensive set here. Consider simplifying + # this after confirming which keys can be set in practice. + + create = lookup(timeouts.value, "create", null) + delete = lookup(timeouts.value, "delete", null) + update = lookup(timeouts.value, "update", null) + } + } + + deletion_protection = var.deletion_protection + + tags = merge( + var.tags, + { + "Name" = format("%s", var.identifier) + }, + ) } + diff --git a/modules/db_instance/outputs.tf b/modules/db_instance/outputs.tf index 40adcdee..10144089 100644 --- a/modules/db_instance/outputs.tf +++ b/modules/db_instance/outputs.tf @@ -1,68 +1,162 @@ locals { - this_db_instance_address = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.address, aws_db_instance.this.*.address), list("")), 0)}" - this_db_instance_arn = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.arn, aws_db_instance.this.*.arn), list("")), 0)}" - this_db_instance_availability_zone = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.availability_zone, aws_db_instance.this.*.availability_zone), list("")), 0)}" - this_db_instance_endpoint = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.endpoint, aws_db_instance.this.*.endpoint), list("")), 0)}" - this_db_instance_hosted_zone_id = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.hosted_zone_id, aws_db_instance.this.*.hosted_zone_id), list("")), 0)}" - this_db_instance_id = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.id, aws_db_instance.this.*.id), list("")), 0)}" - this_db_instance_resource_id = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.resource_id, aws_db_instance.this.*.resource_id), list("")), 0)}" - this_db_instance_status = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.status, aws_db_instance.this.*.status), list("")), 0)}" - this_db_instance_name = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.name, aws_db_instance.this.*.name), list("")), 0)}" - this_db_instance_username = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.username, aws_db_instance.this.*.username), list("")), 0)}" - this_db_instance_port = "${element(concat(coalescelist(aws_db_instance.this_mssql.*.port, aws_db_instance.this.*.port), list("")), 0)}" + this_db_instance_address = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.address, + aws_db_instance.this.*.address, + ), + [""], + ), + 0, + ) + this_db_instance_arn = element( + concat( + coalescelist(aws_db_instance.this_mssql.*.arn, aws_db_instance.this.*.arn), + [""], + ), + 0, + ) + this_db_instance_availability_zone = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.availability_zone, + aws_db_instance.this.*.availability_zone, + ), + [""], + ), + 0, + ) + this_db_instance_endpoint = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.endpoint, + aws_db_instance.this.*.endpoint, + ), + [""], + ), + 0, + ) + this_db_instance_hosted_zone_id = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.hosted_zone_id, + aws_db_instance.this.*.hosted_zone_id, + ), + [""], + ), + 0, + ) + this_db_instance_id = element( + concat( + coalescelist(aws_db_instance.this_mssql.*.id, aws_db_instance.this.*.id), + [""], + ), + 0, + ) + this_db_instance_resource_id = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.resource_id, + aws_db_instance.this.*.resource_id, + ), + [""], + ), + 0, + ) + this_db_instance_status = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.status, + aws_db_instance.this.*.status, + ), + [""], + ), + 0, + ) + this_db_instance_name = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.name, + aws_db_instance.this.*.name, + ), + [""], + ), + 0, + ) + this_db_instance_username = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.username, + aws_db_instance.this.*.username, + ), + [""], + ), + 0, + ) + this_db_instance_port = element( + concat( + coalescelist( + aws_db_instance.this_mssql.*.port, + aws_db_instance.this.*.port, + ), + [""], + ), + 0, + ) } output "this_db_instance_address" { description = "The address of the RDS instance" - value = "${local.this_db_instance_address}" + value = local.this_db_instance_address } output "this_db_instance_arn" { description = "The ARN of the RDS instance" - value = "${local.this_db_instance_arn}" + value = local.this_db_instance_arn } output "this_db_instance_availability_zone" { description = "The availability zone of the RDS instance" - value = "${local.this_db_instance_availability_zone}" + value = local.this_db_instance_availability_zone } output "this_db_instance_endpoint" { description = "The connection endpoint" - value = "${local.this_db_instance_endpoint}" + value = local.this_db_instance_endpoint } output "this_db_instance_hosted_zone_id" { description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = "${local.this_db_instance_hosted_zone_id}" + value = local.this_db_instance_hosted_zone_id } output "this_db_instance_id" { description = "The RDS instance ID" - value = "${local.this_db_instance_id}" + value = local.this_db_instance_id } output "this_db_instance_resource_id" { description = "The RDS Resource ID of this instance" - value = "${local.this_db_instance_resource_id}" + value = local.this_db_instance_resource_id } output "this_db_instance_status" { description = "The RDS instance status" - value = "${local.this_db_instance_status}" + value = local.this_db_instance_status } output "this_db_instance_name" { description = "The database name" - value = "${local.this_db_instance_name}" + value = local.this_db_instance_name } output "this_db_instance_username" { description = "The master username for the database" - value = "${local.this_db_instance_username}" + value = local.this_db_instance_username } output "this_db_instance_port" { description = "The database port" - value = "${local.this_db_instance_port}" + value = local.this_db_instance_port } + diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf index 1f821df8..6656a3e9 100644 --- a/modules/db_instance/variables.tf +++ b/modules/db_instance/variables.tf @@ -200,7 +200,7 @@ variable "enabled_cloudwatch_logs_exports" { variable "timeouts" { description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" - type = "map" + type = "map(string)" default = { create = "40m" @@ -213,3 +213,4 @@ variable "deletion_protection" { description = "The database can't be deleted when this value is set to true." default = false } + diff --git a/modules/db_instance/versions.tf b/modules/db_instance/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/db_instance/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/db_option_group/main.tf b/modules/db_option_group/main.tf index 803e5cfd..fa3455c9 100644 --- a/modules/db_option_group/main.tf +++ b/modules/db_option_group/main.tf @@ -1,16 +1,39 @@ resource "aws_db_option_group" "this" { - count = "${var.create ? 1 : 0}" + count = var.create ? 1 : 0 - name_prefix = "${var.name_prefix}" - option_group_description = "${var.option_group_description == "" ? format("Option group for %s", var.identifier) : var.option_group_description}" - engine_name = "${var.engine_name}" - major_engine_version = "${var.major_engine_version}" + name_prefix = var.name_prefix + option_group_description = var.option_group_description == "" ? format("Option group for %s", var.identifier) : var.option_group_description + engine_name = var.engine_name + major_engine_version = var.major_engine_version - option = ["${var.options}"] + dynamic "option" { + for_each = var.options + content { + db_security_group_memberships = lookup(option.value, "db_security_group_memberships", null) + option_name = option.value.option_name + port = lookup(option.value, "port", null) + version = lookup(option.value, "version", null) + vpc_security_group_memberships = lookup(option.value, "vpc_security_group_memberships", null) - tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}" + dynamic "option_settings" { + for_each = lookup(option.value, "option_settings", []) + content { + name = option_settings.value.name + value = option_settings.value.value + } + } + } + } + + tags = merge( + var.tags, + { + "Name" = format("%s", var.identifier) + }, + ) lifecycle { create_before_destroy = true } } + diff --git a/modules/db_option_group/outputs.tf b/modules/db_option_group/outputs.tf index 1284e18b..2a0a4613 100644 --- a/modules/db_option_group/outputs.tf +++ b/modules/db_option_group/outputs.tf @@ -1,9 +1,10 @@ output "this_db_option_group_id" { description = "The db option group id" - value = "${element(split(",", join(",", aws_db_option_group.this.*.id)), 0)}" + value = element(split(",", join(",", aws_db_option_group.this.*.id)), 0) } output "this_db_option_group_arn" { description = "The ARN of the db option group" - value = "${element(split(",", join(",", aws_db_option_group.this.*.arn)), 0)}" + value = element(split(",", join(",", aws_db_option_group.this.*.arn)), 0) } + diff --git a/modules/db_option_group/variables.tf b/modules/db_option_group/variables.tf index 9bae7251..69c3e1e6 100644 --- a/modules/db_option_group/variables.tf +++ b/modules/db_option_group/variables.tf @@ -25,13 +25,14 @@ variable "major_engine_version" { } variable "options" { - type = "list" + type = "list(string)" description = "A list of Options to apply" default = [] } variable "tags" { - type = "map" + type = "map(string)" description = "A mapping of tags to assign to the resource" default = {} } + diff --git a/modules/db_option_group/versions.tf b/modules/db_option_group/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/db_option_group/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/db_parameter_group/main.tf b/modules/db_parameter_group/main.tf index 7972807a..f9b55c2b 100644 --- a/modules/db_parameter_group/main.tf +++ b/modules/db_parameter_group/main.tf @@ -1,17 +1,32 @@ locals { - description = "${coalesce(var.description, "Database parameter group for ${var.identifier}")}" + description = coalesce( + var.description, + "Database parameter group for ${var.identifier}", + ) } resource "aws_db_parameter_group" "this_no_prefix" { - count = "${var.create && ! var.use_name_prefix ? 1 : 0}" - - name = "${var.name}" - description = "${local.description}" - family = "${var.family}" - - parameter = ["${var.parameters}"] + count = var.create && false == var.use_name_prefix ? 1 : 0 + + name = var.name + description = local.description + family = var.family + + dynamic "parameter" { + for_each = var.parameters + content { + apply_method = lookup(parameter.value, "apply_method", null) + name = parameter.value.name + value = parameter.value.value + } + } - tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" + tags = merge( + var.tags, + { + "Name" = format("%s", var.name) + }, + ) lifecycle { create_before_destroy = true @@ -19,17 +34,30 @@ resource "aws_db_parameter_group" "this_no_prefix" { } resource "aws_db_parameter_group" "this" { - count = "${var.create && var.use_name_prefix ? 1 : 0}" - - name_prefix = "${var.name_prefix}" - description = "${local.description}" - family = "${var.family}" - - parameter = ["${var.parameters}"] + count = var.create && var.use_name_prefix ? 1 : 0 + + name_prefix = var.name_prefix + description = local.description + family = var.family + + dynamic "parameter" { + for_each = var.parameters + content { + apply_method = lookup(parameter.value, "apply_method", null) + name = parameter.value.name + value = parameter.value.value + } + } - tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}" + tags = merge( + var.tags, + { + "Name" = format("%s", var.identifier) + }, + ) lifecycle { create_before_destroy = true } } + diff --git a/modules/db_parameter_group/outputs.tf b/modules/db_parameter_group/outputs.tf index 3fb30296..06041b5a 100644 --- a/modules/db_parameter_group/outputs.tf +++ b/modules/db_parameter_group/outputs.tf @@ -1,9 +1,30 @@ output "this_db_parameter_group_id" { description = "The db parameter group id" - value = "${element(concat(coalescelist(aws_db_parameter_group.this.*.id, aws_db_parameter_group.this_no_prefix.*.id), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_db_parameter_group.this.*.id, + aws_db_parameter_group.this_no_prefix.*.id, + [""], + ), + [""], + ), + 0, + ) } output "this_db_parameter_group_arn" { description = "The ARN of the db parameter group" - value = "${element(concat(coalescelist(aws_db_parameter_group.this.*.arn, aws_db_parameter_group.this_no_prefix.*.arn), list("")), 0)}" + value = element( + concat( + coalescelist( + aws_db_parameter_group.this.*.arn, + aws_db_parameter_group.this_no_prefix.*.arn, + [""], + ), + [""], + ), + 0, + ) } + diff --git a/modules/db_parameter_group/variables.tf b/modules/db_parameter_group/variables.tf index b9ef4a53..32c8c167 100644 --- a/modules/db_parameter_group/variables.tf +++ b/modules/db_parameter_group/variables.tf @@ -27,12 +27,13 @@ variable "family" { } variable "parameters" { + type = "map(string)" description = "A list of DB parameter maps to apply" - default = [] + default = {} } variable "tags" { - type = "map" + type = "map(string)" description = "A mapping of tags to assign to the resource" default = {} } @@ -41,3 +42,4 @@ variable "use_name_prefix" { description = "Whether to use name_prefix or not" default = true } + diff --git a/modules/db_parameter_group/versions.tf b/modules/db_parameter_group/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/db_parameter_group/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/modules/db_subnet_group/main.tf b/modules/db_subnet_group/main.tf index 5c804b1f..1ca278a3 100644 --- a/modules/db_subnet_group/main.tf +++ b/modules/db_subnet_group/main.tf @@ -1,9 +1,15 @@ resource "aws_db_subnet_group" "this" { - count = "${var.create ? 1 : 0}" + count = var.create ? 1 : 0 - name_prefix = "${var.name_prefix}" + name_prefix = var.name_prefix description = "Database subnet group for ${var.identifier}" - subnet_ids = ["${var.subnet_ids}"] + subnet_ids = var.subnet_ids - tags = "${merge(var.tags, map("Name", format("%s", var.identifier)))}" + tags = merge( + var.tags, + { + "Name" = format("%s", var.identifier) + }, + ) } + diff --git a/modules/db_subnet_group/outputs.tf b/modules/db_subnet_group/outputs.tf index 44ed3e82..d3583008 100644 --- a/modules/db_subnet_group/outputs.tf +++ b/modules/db_subnet_group/outputs.tf @@ -1,9 +1,10 @@ output "this_db_subnet_group_id" { description = "The db subnet group name" - value = "${element(concat(aws_db_subnet_group.this.*.id, list("")), 0)}" + value = element(concat(aws_db_subnet_group.this.*.id, [""]), 0) } output "this_db_subnet_group_arn" { description = "The ARN of the db subnet group" - value = "${element(concat(aws_db_subnet_group.this.*.arn, list("")), 0)}" + value = element(concat(aws_db_subnet_group.this.*.arn, [""]), 0) } + diff --git a/modules/db_subnet_group/variables.tf b/modules/db_subnet_group/variables.tf index e26e4b99..8fb676a2 100644 --- a/modules/db_subnet_group/variables.tf +++ b/modules/db_subnet_group/variables.tf @@ -12,13 +12,14 @@ variable "identifier" { } variable "subnet_ids" { - type = "list" + type = list(string) description = "A list of VPC subnet IDs" default = [] } variable "tags" { - type = "map" + type = map(string) description = "A mapping of tags to assign to the resource" default = {} } + diff --git a/modules/db_subnet_group/versions.tf b/modules/db_subnet_group/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/modules/db_subnet_group/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} diff --git a/outputs.tf b/outputs.tf index 151e179d..29e7d25c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,90 +1,91 @@ output "this_db_instance_address" { description = "The address of the RDS instance" - value = "${module.db_instance.this_db_instance_address}" + value = module.db_instance.this_db_instance_address } output "this_db_instance_arn" { description = "The ARN of the RDS instance" - value = "${module.db_instance.this_db_instance_arn}" + value = module.db_instance.this_db_instance_arn } output "this_db_instance_availability_zone" { description = "The availability zone of the RDS instance" - value = "${module.db_instance.this_db_instance_availability_zone}" + value = module.db_instance.this_db_instance_availability_zone } output "this_db_instance_endpoint" { description = "The connection endpoint" - value = "${module.db_instance.this_db_instance_endpoint}" + value = module.db_instance.this_db_instance_endpoint } output "this_db_instance_hosted_zone_id" { description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" - value = "${module.db_instance.this_db_instance_hosted_zone_id}" + value = module.db_instance.this_db_instance_hosted_zone_id } output "this_db_instance_id" { description = "The RDS instance ID" - value = "${module.db_instance.this_db_instance_id}" + value = module.db_instance.this_db_instance_id } output "this_db_instance_resource_id" { description = "The RDS Resource ID of this instance" - value = "${module.db_instance.this_db_instance_resource_id}" + value = module.db_instance.this_db_instance_resource_id } output "this_db_instance_status" { description = "The RDS instance status" - value = "${module.db_instance.this_db_instance_status}" + value = module.db_instance.this_db_instance_status } output "this_db_instance_name" { description = "The database name" - value = "${module.db_instance.this_db_instance_name}" + value = module.db_instance.this_db_instance_name } output "this_db_instance_username" { description = "The master username for the database" - value = "${module.db_instance.this_db_instance_username}" + value = module.db_instance.this_db_instance_username } output "this_db_instance_password" { description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" - value = "${var.password}" + value = var.password } output "this_db_instance_port" { description = "The database port" - value = "${module.db_instance.this_db_instance_port}" + value = module.db_instance.this_db_instance_port } output "this_db_subnet_group_id" { description = "The db subnet group name" - value = "${module.db_subnet_group.this_db_subnet_group_id}" + value = module.db_subnet_group.this_db_subnet_group_id } output "this_db_subnet_group_arn" { description = "The ARN of the db subnet group" - value = "${module.db_subnet_group.this_db_subnet_group_arn}" + value = module.db_subnet_group.this_db_subnet_group_arn } output "this_db_parameter_group_id" { description = "The db parameter group id" - value = "${module.db_parameter_group.this_db_parameter_group_id}" + value = module.db_parameter_group.this_db_parameter_group_id } output "this_db_parameter_group_arn" { description = "The ARN of the db parameter group" - value = "${module.db_parameter_group.this_db_parameter_group_arn}" + value = module.db_parameter_group.this_db_parameter_group_arn } # DB option group output "this_db_option_group_id" { description = "The db option group id" - value = "${module.db_option_group.this_db_option_group_id}" + value = module.db_option_group.this_db_option_group_id } output "this_db_option_group_arn" { description = "The ARN of the db option group" - value = "${module.db_option_group.this_db_option_group_arn}" + value = module.db_option_group.this_db_option_group_arn } + diff --git a/variables.tf b/variables.tf index cdca0860..14dcfbdf 100644 --- a/variables.tf +++ b/variables.tf @@ -185,7 +185,7 @@ variable "tags" { # DB subnet group variable "subnet_ids" { - type = "list" + type = list(string) description = "A list of VPC subnet IDs" default = [] } @@ -213,7 +213,7 @@ variable "major_engine_version" { } variable "options" { - type = "list" + type = list(string) description = "A list of Options to apply." default = [] } @@ -255,7 +255,7 @@ variable "enabled_cloudwatch_logs_exports" { variable "timeouts" { description = "(Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times" - type = "map" + type = map(string) default = { create = "40m" @@ -273,3 +273,4 @@ variable "use_parameter_group_name_prefix" { description = "Whether to use the parameter group name prefix or not" default = true } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +}