From 22f7df4f1ca66ee4f480da9a610ba031be43f79b Mon Sep 17 00:00:00 2001 From: Rob Hargraves Date: Tue, 10 Aug 2021 14:41:45 -0500 Subject: [PATCH 1/3] 0.12upgrade command --- locals.tf | 9 +++- main.tf | 121 +++++++++++++++++++++++++++------------------------ outputs.tf | 8 ++-- variables.tf | 20 ++++----- versions.tf | 3 ++ 5 files changed, 89 insertions(+), 72 deletions(-) create mode 100644 versions.tf diff --git a/locals.tf b/locals.tf index 519e98c..7b2fed9 100644 --- a/locals.tf +++ b/locals.tf @@ -1,4 +1,9 @@ locals { - instance_name = "${var.instance_name == "" ? var.name : var.instance_name}" - tags = "${merge(var.tags, map("Name", "${var.name}"))}" + instance_name = var.instance_name == "" ? var.name : var.instance_name + tags = merge( + var.tags, + { + "Name" = var.name + }, + ) } diff --git a/main.tf b/main.tf index a178faa..1479c72 100644 --- a/main.tf +++ b/main.tf @@ -1,61 +1,71 @@ resource "aws_db_subnet_group" "rds" { - name = "${var.name}" - subnet_ids = ["${var.subnet_ids}"] - tags = "${local.tags}" + name = var.name + subnet_ids = var.subnet_ids + tags = local.tags } resource "aws_db_parameter_group" "rds" { - family = "postgres10" - name = "${var.name}-postgres10" - parameter = [ - "${var.parameters}" - ] - tags = "${local.tags}" + family = "postgres10" + name = "${var.name}-postgres10" + dynamic "parameter" { + for_each = [var.parameters] + content { + # TF-UPGRADE-TODO: The automatic upgrade tool can't predict + # which keys might be set in maps assigned here, so it has + # produced a comprehensive set here. Consider simplifying + # this after confirming which keys can be set in practice. + + apply_method = lookup(parameter.value, "apply_method", null) + name = parameter.value.name + value = parameter.value.value + } + } + tags = local.tags } resource "aws_kms_key" "rds" { - description = "${var.name}" + description = var.name enable_key_rotation = true is_enabled = true - tags = "${local.tags}" + tags = local.tags } resource "aws_kms_alias" "rds" { name = "alias/${var.name}" - target_key_id = "${aws_kms_key.rds.id}" + target_key_id = aws_kms_key.rds.id } resource "random_string" "master_password" { - length = 64 - lower = true - number = true - special = true - override_special = "!#$%&*()-_=+[]{}<>:?" - upper = true + length = 64 + lower = true + number = true + special = true + override_special = "!#$%&*()-_=+[]{}<>:?" + upper = true } resource "aws_security_group" "rds" { - name = "${var.name}" - tags = "${local.tags}" - vpc_id = "${var.vpc_id}" + name = var.name + tags = local.tags + vpc_id = var.vpc_id } resource "aws_security_group_rule" "self_ingress" { from_port = 0 protocol = "-1" - security_group_id = "${aws_security_group.rds.id}" + security_group_id = aws_security_group.rds.id self = true to_port = 0 type = "ingress" } resource "aws_security_group_rule" "all_egress" { - cidr_blocks = [ - "0.0.0.0/0" + cidr_blocks = [ + "0.0.0.0/0", ] from_port = 0 protocol = "-1" - security_group_id = "${aws_security_group.rds.id}" + security_group_id = aws_security_group.rds.id to_port = 0 type = "egress" } @@ -63,11 +73,11 @@ resource "aws_security_group_rule" "all_egress" { data "aws_iam_policy_document" "monitoring_assume_role" { statement { actions = [ - "sts:AssumeRole" + "sts:AssumeRole", ] principals { identifiers = [ - "monitoring.rds.amazonaws.com" + "monitoring.rds.amazonaws.com", ] type = "Service" } @@ -75,43 +85,42 @@ data "aws_iam_policy_document" "monitoring_assume_role" { } resource "aws_iam_role" "monitoring" { - assume_role_policy = "${data.aws_iam_policy_document.monitoring_assume_role.json}" - name = "${var.name}-monitoring" + assume_role_policy = data.aws_iam_policy_document.monitoring_assume_role.json + name = "${var.name}-monitoring" } resource "aws_iam_role_policy_attachment" "monitoring" { - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - role = "${aws_iam_role.monitoring.name}" + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" + role = aws_iam_role.monitoring.name } - resource "aws_db_instance" "rds" { - allocated_storage = 100 - auto_minor_version_upgrade = true - backup_retention_period = 7 - backup_window = "05:00-05:30" - copy_tags_to_snapshot = true - db_subnet_group_name = "${aws_db_subnet_group.rds.name}" - engine = "postgres" - engine_version = "${var.engine_version}" - final_snapshot_identifier = "${local.instance_name}-final" - identifier = "${local.instance_name}" - instance_class = "${var.instance_class}" - kms_key_id = "${aws_kms_key.rds.arn}" + allocated_storage = 100 + auto_minor_version_upgrade = true + backup_retention_period = 7 + backup_window = "05:00-05:30" + copy_tags_to_snapshot = true + db_subnet_group_name = aws_db_subnet_group.rds.name + engine = "postgres" + engine_version = var.engine_version + final_snapshot_identifier = "${local.instance_name}-final" + identifier = local.instance_name + instance_class = var.instance_class + kms_key_id = aws_kms_key.rds.arn lifecycle { prevent_destroy = true } - monitoring_interval = 60 - monitoring_role_arn = "${aws_iam_role.monitoring.arn}" - multi_az = true - name = "${var.database_name}" - parameter_group_name = "${aws_db_parameter_group.rds.name}" - password = "${random_string.master_password.result}" - storage_encrypted = true - storage_type = "gp2" - tags = "${local.tags}" - username = "${var.username}" - vpc_security_group_ids = [ - "${aws_security_group.rds.id}" + monitoring_interval = 60 + monitoring_role_arn = aws_iam_role.monitoring.arn + multi_az = true + name = var.database_name + parameter_group_name = aws_db_parameter_group.rds.name + password = random_string.master_password.result + storage_encrypted = true + storage_type = "gp2" + tags = local.tags + username = var.username + vpc_security_group_ids = [ + aws_security_group.rds.id, ] } diff --git a/outputs.tf b/outputs.tf index 729b7fc..0ec885d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,20 +1,20 @@ output "endpoint" { description = "The connection endpoint in address:port format." - value = "${aws_db_instance.rds.endpoint}" + value = aws_db_instance.rds.endpoint } output "master_password" { description = "The random master password assigned to the database." sensitive = true - value = "${random_string.master_password.result}" + value = random_string.master_password.result } output "security_group_id" { description = "The ID of the database security group." - value = "${aws_security_group.rds.id}" + value = aws_security_group.rds.id } output "db_id" { description = "The ID of the database." - value = "${aws_db_instance.rds.id}" + value = aws_db_instance.rds.id } diff --git a/variables.tf b/variables.tf index d532ea2..62853ae 100644 --- a/variables.tf +++ b/variables.tf @@ -1,53 +1,53 @@ variable "database_name" { description = "The name of the database to create when the DB instance is created." - type = "string" + type = string } variable "engine_version" { default = "10.1" description = "The version of PostgreSQL used when the DB instance is created." - type = "string" + type = string } variable "instance_class" { description = "The instance type of the RDS instance." - type = "string" + type = string } variable "instance_name" { default = "" description = "The name of the instance to be created, if different than name." - type = "string" + type = string } variable "name" { description = "The name of resources created, used either directly or as a prefix." - type = "string" + type = string } variable "parameters" { default = [] description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-parameters after initial creation of the group." - type = "list" + type = list(string) } variable "subnet_ids" { description = "A list of VPC subnet IDs for the aws_db_subnet_group." - type = "list" + type = list(string) } variable "tags" { default = {} description = "A mapping of tags to assign to the resources." - type = "map" + type = map(string) } variable "username" { description = "Username for the master DB user." - type = "string" + type = string } variable "vpc_id" { description = "The VPC ID of the DB's aws_security_group." - type = "string" + type = string } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..d9b6f79 --- /dev/null +++ b/versions.tf @@ -0,0 +1,3 @@ +terraform { + required_version = ">= 0.12" +} From 458ff419b8ee7d385a91dd580998b5bc76afddca Mon Sep 17 00:00:00 2001 From: Rob Hargraves Date: Tue, 10 Aug 2021 15:51:00 -0500 Subject: [PATCH 2/3] Fixed the paramater dynamic block and input variable --- main.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 1479c72..1198330 100644 --- a/main.tf +++ b/main.tf @@ -8,7 +8,7 @@ resource "aws_db_parameter_group" "rds" { family = "postgres10" name = "${var.name}-postgres10" dynamic "parameter" { - for_each = [var.parameters] + for_each = var.parameters content { # TF-UPGRADE-TODO: The automatic upgrade tool can't predict # which keys might be set in maps assigned here, so it has diff --git a/variables.tf b/variables.tf index 62853ae..940f6f4 100644 --- a/variables.tf +++ b/variables.tf @@ -28,7 +28,7 @@ variable "name" { variable "parameters" { default = [] description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-parameters after initial creation of the group." - type = list(string) + type = list(map(string)) } variable "subnet_ids" { From c8e351395ae54654af1a94416f35bf1462d95f17 Mon Sep 17 00:00:00 2001 From: Rob Hargraves Date: Tue, 24 Aug 2021 17:11:27 -0500 Subject: [PATCH 3/3] Resolved TF-UPGRADE-TODO - we expose all arguments as-is, so nothing to do. --- main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/main.tf b/main.tf index 1198330..abc8a54 100644 --- a/main.tf +++ b/main.tf @@ -10,11 +10,6 @@ resource "aws_db_parameter_group" "rds" { dynamic "parameter" { for_each = var.parameters content { - # TF-UPGRADE-TODO: The automatic upgrade tool can't predict - # which keys might be set in maps assigned here, so it has - # produced a comprehensive set here. Consider simplifying - # this after confirming which keys can be set in practice. - apply_method = lookup(parameter.value, "apply_method", null) name = parameter.value.name value = parameter.value.value