diff --git a/locals.tf b/locals.tf index 519e98c..7b2fed9 100644 --- a/locals.tf +++ b/locals.tf @@ -1,4 +1,9 @@ locals { - instance_name = "${var.instance_name == "" ? var.name : var.instance_name}" - tags = "${merge(var.tags, map("Name", "${var.name}"))}" + instance_name = var.instance_name == "" ? var.name : var.instance_name + tags = merge( + var.tags, + { + "Name" = var.name + }, + ) } diff --git a/main.tf b/main.tf index a178faa..abc8a54 100644 --- a/main.tf +++ b/main.tf @@ -1,61 +1,66 @@ resource "aws_db_subnet_group" "rds" { - name = "${var.name}" - subnet_ids = ["${var.subnet_ids}"] - tags = "${local.tags}" + name = var.name + subnet_ids = var.subnet_ids + tags = local.tags } resource "aws_db_parameter_group" "rds" { - family = "postgres10" - name = "${var.name}-postgres10" - parameter = [ - "${var.parameters}" - ] - tags = "${local.tags}" + family = "postgres10" + name = "${var.name}-postgres10" + dynamic "parameter" { + for_each = var.parameters + content { + apply_method = lookup(parameter.value, "apply_method", null) + name = parameter.value.name + value = parameter.value.value + } + } + tags = local.tags } resource "aws_kms_key" "rds" { - description = "${var.name}" + description = var.name enable_key_rotation = true is_enabled = true - tags = "${local.tags}" + tags = local.tags } resource "aws_kms_alias" "rds" { name = "alias/${var.name}" - target_key_id = "${aws_kms_key.rds.id}" + target_key_id = aws_kms_key.rds.id } resource "random_string" "master_password" { - length = 64 - lower = true - number = true - special = true - override_special = "!#$%&*()-_=+[]{}<>:?" - upper = true + length = 64 + lower = true + number = true + special = true + override_special = "!#$%&*()-_=+[]{}<>:?" + upper = true } resource "aws_security_group" "rds" { - name = "${var.name}" - tags = "${local.tags}" - vpc_id = "${var.vpc_id}" + name = var.name + tags = local.tags + vpc_id = var.vpc_id } resource "aws_security_group_rule" "self_ingress" { from_port = 0 protocol = "-1" - security_group_id = "${aws_security_group.rds.id}" + security_group_id = aws_security_group.rds.id self = true to_port = 0 type = "ingress" } resource "aws_security_group_rule" "all_egress" { - cidr_blocks = [ - "0.0.0.0/0" + cidr_blocks = [ + "0.0.0.0/0", ] from_port = 0 protocol = "-1" - security_group_id = "${aws_security_group.rds.id}" + security_group_id = aws_security_group.rds.id to_port = 0 type = "egress" } @@ -63,11 +68,11 @@ resource "aws_security_group_rule" "all_egress" { data "aws_iam_policy_document" "monitoring_assume_role" { statement { actions = [ - "sts:AssumeRole" + "sts:AssumeRole", ] principals { identifiers = [ - "monitoring.rds.amazonaws.com" + "monitoring.rds.amazonaws.com", ] type = "Service" } @@ -75,43 +80,42 @@ data "aws_iam_policy_document" "monitoring_assume_role" { } resource "aws_iam_role" "monitoring" { - assume_role_policy = "${data.aws_iam_policy_document.monitoring_assume_role.json}" - name = "${var.name}-monitoring" + assume_role_policy = data.aws_iam_policy_document.monitoring_assume_role.json + name = "${var.name}-monitoring" } resource "aws_iam_role_policy_attachment" "monitoring" { - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - role = "${aws_iam_role.monitoring.name}" + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" + role = aws_iam_role.monitoring.name } - resource "aws_db_instance" "rds" { - allocated_storage = 100 - auto_minor_version_upgrade = true - backup_retention_period = 7 - backup_window = "05:00-05:30" - copy_tags_to_snapshot = true - db_subnet_group_name = "${aws_db_subnet_group.rds.name}" - engine = "postgres" - engine_version = "${var.engine_version}" - final_snapshot_identifier = "${local.instance_name}-final" - identifier = "${local.instance_name}" - instance_class = "${var.instance_class}" - kms_key_id = "${aws_kms_key.rds.arn}" + allocated_storage = 100 + auto_minor_version_upgrade = true + backup_retention_period = 7 + backup_window = "05:00-05:30" + copy_tags_to_snapshot = true + db_subnet_group_name = aws_db_subnet_group.rds.name + engine = "postgres" + engine_version = var.engine_version + final_snapshot_identifier = "${local.instance_name}-final" + identifier = local.instance_name + instance_class = var.instance_class + kms_key_id = aws_kms_key.rds.arn lifecycle { prevent_destroy = true } - monitoring_interval = 60 - monitoring_role_arn = "${aws_iam_role.monitoring.arn}" - multi_az = true - name = "${var.database_name}" - parameter_group_name = "${aws_db_parameter_group.rds.name}" - password = "${random_string.master_password.result}" - storage_encrypted = true - storage_type = "gp2" - tags = "${local.tags}" - username = "${var.username}" - vpc_security_group_ids = [ - "${aws_security_group.rds.id}" + monitoring_interval = 60 + monitoring_role_arn = aws_iam_role.monitoring.arn + multi_az = true + name = var.database_name + parameter_group_name = aws_db_parameter_group.rds.name + password = random_string.master_password.result + storage_encrypted = true + storage_type = "gp2" + tags = local.tags + username = var.username + vpc_security_group_ids = [ + aws_security_group.rds.id, ] } diff --git a/outputs.tf b/outputs.tf index 729b7fc..0ec885d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,20 +1,20 @@ output "endpoint" { description = "The connection endpoint in address:port format." - value = "${aws_db_instance.rds.endpoint}" + value = aws_db_instance.rds.endpoint } output "master_password" { description = "The random master password assigned to the database." sensitive = true - value = "${random_string.master_password.result}" + value = random_string.master_password.result } output "security_group_id" { description = "The ID of the database security group." - value = "${aws_security_group.rds.id}" + value = aws_security_group.rds.id } output "db_id" { description = "The ID of the database." - value = "${aws_db_instance.rds.id}" + value = aws_db_instance.rds.id } diff --git a/variables.tf b/variables.tf index d532ea2..940f6f4 100644 --- a/variables.tf +++ b/variables.tf @@ -1,53 +1,53 @@ variable "database_name" { description = "The name of the database to create when the DB instance is created." - type = "string" + type = string } variable "engine_version" { default = "10.1" description = "The version of PostgreSQL used when the DB instance is created." - type = "string" + type = string } variable "instance_class" { description = "The instance type of the RDS instance." - type = "string" + type = string } variable "instance_name" { default = "" description = "The name of the instance to be created, if different than name." - type = "string" + type = string } variable "name" { description = "The name of resources created, used either directly or as a prefix." - type = "string" + type = string } variable "parameters" { default = [] description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-parameters after initial creation of the group." - type = "list" + type = list(map(string)) } variable "subnet_ids" { description = "A list of VPC subnet IDs for the aws_db_subnet_group." - type = "list" + type = list(string) } variable "tags" { default = {} description = "A mapping of tags to assign to the resources." - type = "map" + type = map(string) } variable "username" { description = "Username for the master DB user." - type = "string" + type = string } variable "vpc_id" { description = "The VPC ID of the DB's aws_security_group." - type = "string" + type = string } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..d9b6f79 --- /dev/null +++ b/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12" +}