VIPAAR · rob-hargraves · Aug 10, 2021 · Aug 10, 2021 · Aug 24, 2021
diff --git a/locals.tf b/locals.tf
@@ -1,4 +1,9 @@
 locals {
-  instance_name = "${var.instance_name == "" ? var.name : var.instance_name}"
-  tags          = "${merge(var.tags, map("Name", "${var.name}"))}"
+  instance_name = var.instance_name == "" ? var.name : var.instance_name
+  tags = merge(
+    var.tags,
+    {
+      "Name" = var.name
+    },
+  )
 }
diff --git a/main.tf b/main.tf
@@ -1,117 +1,121 @@
 resource "aws_db_subnet_group" "rds" {
-  name        = "${var.name}"
-  subnet_ids  = ["${var.subnet_ids}"]
-  tags        = "${local.tags}"
+  name       = var.name
+  subnet_ids = var.subnet_ids
+  tags       = local.tags
 }
 
 resource "aws_db_parameter_group" "rds" {
-  family  = "postgres10"
-  name    = "${var.name}-postgres10"
-  parameter = [
-    "${var.parameters}"
-  ]
-  tags    = "${local.tags}"
+  family = "postgres10"
+  name   = "${var.name}-postgres10"
+  dynamic "parameter" {
+    for_each = var.parameters
+    content {
+      apply_method = lookup(parameter.value, "apply_method", null)
+      name         = parameter.value.name
+      value        = parameter.value.value
+    }
+  }
+  tags = local.tags
 }
 
 resource "aws_kms_key" "rds" {
-  description         = "${var.name}"
+  description         = var.name
   enable_key_rotation = true
   is_enabled          = true
-  tags                = "${local.tags}"
+  tags                = local.tags
 }
 
 resource "aws_kms_alias" "rds" {
   name          = "alias/${var.name}"
-  target_key_id = "${aws_kms_key.rds.id}"
+  target_key_id = aws_kms_key.rds.id
 }
 
 resource "random_string" "master_password" {
-  length            = 64
-  lower             = true
-  number            = true
-  special           = true
-  override_special  = "!#$%&*()-_=+[]{}<>:?"
-  upper             = true
+  length           = 64
+  lower            = true
+  number           = true
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+  upper            = true
 }
 
 resource "aws_security_group" "rds" {
-  name    = "${var.name}"
-  tags    = "${local.tags}"
-  vpc_id  = "${var.vpc_id}"
+  name   = var.name
+  tags   = local.tags
+  vpc_id = var.vpc_id
 }
 
 resource "aws_security_group_rule" "self_ingress" {
   from_port         = 0
   protocol          = "-1"
-  security_group_id = "${aws_security_group.rds.id}"
+  security_group_id = aws_security_group.rds.id
   self              = true
   to_port           = 0
   type              = "ingress"
 }
 
 resource "aws_security_group_rule" "all_egress" {
-  cidr_blocks       = [
-    "0.0.0.0/0"
+  cidr_blocks = [
+    "0.0.0.0/0",
   ]
   from_port         = 0
   protocol          = "-1"
-  security_group_id = "${aws_security_group.rds.id}"
+  security_group_id = aws_security_group.rds.id
   to_port           = 0
   type              = "egress"
 }
 
 data "aws_iam_policy_document" "monitoring_assume_role" {
   statement {
     actions = [
-      "sts:AssumeRole"
+      "sts:AssumeRole",
     ]
     principals {
       identifiers = [
-        "monitoring.rds.amazonaws.com"
+        "monitoring.rds.amazonaws.com",
       ]
       type = "Service"
     }
   }
 }
 
 resource "aws_iam_role" "monitoring" {
-  assume_role_policy  = "${data.aws_iam_policy_document.monitoring_assume_role.json}"
-  name                = "${var.name}-monitoring"
+  assume_role_policy = data.aws_iam_policy_document.monitoring_assume_role.json
+  name               = "${var.name}-monitoring"
 }
 
 resource "aws_iam_role_policy_attachment" "monitoring" {
-  policy_arn  = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
-  role        = "${aws_iam_role.monitoring.name}"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+  role       = aws_iam_role.monitoring.name
 }
 
-
 resource "aws_db_instance" "rds" {
-  allocated_storage           = 100
-  auto_minor_version_upgrade  = true
-  backup_retention_period     = 7
-  backup_window               = "05:00-05:30"
-  copy_tags_to_snapshot       = true
-  db_subnet_group_name        = "${aws_db_subnet_group.rds.name}"
-  engine                      = "postgres"
-  engine_version              = "${var.engine_version}"
-  final_snapshot_identifier   = "${local.instance_name}-final"
-  identifier                  = "${local.instance_name}"
-  instance_class              = "${var.instance_class}"
-  kms_key_id                  = "${aws_kms_key.rds.arn}"
+  allocated_storage          = 100
+  auto_minor_version_upgrade = true
+  backup_retention_period    = 7
+  backup_window              = "05:00-05:30"
+  copy_tags_to_snapshot      = true
+  db_subnet_group_name       = aws_db_subnet_group.rds.name
+  engine                     = "postgres"
+  engine_version             = var.engine_version
+  final_snapshot_identifier  = "${local.instance_name}-final"
+  identifier                 = local.instance_name
+  instance_class             = var.instance_class
+  kms_key_id                 = aws_kms_key.rds.arn
   lifecycle {
     prevent_destroy = true
   }
-  monitoring_interval         = 60
-  monitoring_role_arn         = "${aws_iam_role.monitoring.arn}"
-  multi_az                    = true
-  name                        = "${var.database_name}"
-  parameter_group_name        = "${aws_db_parameter_group.rds.name}"
-  password                    = "${random_string.master_password.result}"
-  storage_encrypted           = true
-  storage_type                = "gp2"
-  tags                        = "${local.tags}"
-  username                    = "${var.username}"
-  vpc_security_group_ids      = [
-    "${aws_security_group.rds.id}"
+  monitoring_interval  = 60
+  monitoring_role_arn  = aws_iam_role.monitoring.arn
+  multi_az             = true
+  name                 = var.database_name
+  parameter_group_name = aws_db_parameter_group.rds.name
+  password             = random_string.master_password.result
+  storage_encrypted    = true
+  storage_type         = "gp2"
+  tags                 = local.tags
+  username             = var.username
+  vpc_security_group_ids = [
+    aws_security_group.rds.id,
   ]
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,20 +1,20 @@
 output "endpoint" {
   description = "The connection endpoint in address:port format."
-  value       = "${aws_db_instance.rds.endpoint}"
+  value       = aws_db_instance.rds.endpoint
 }
 
 output "master_password" {
   description = "The random master password assigned to the database."
   sensitive   = true
-  value       = "${random_string.master_password.result}"
+  value       = random_string.master_password.result
 }
 
 output "security_group_id" {
   description = "The ID of the database security group."
-  value       = "${aws_security_group.rds.id}"
+  value       = aws_security_group.rds.id
 }
 
 output "db_id" {
   description = "The ID of the database."
-  value       = "${aws_db_instance.rds.id}"
+  value       = aws_db_instance.rds.id
 }
diff --git a/variables.tf b/variables.tf
@@ -1,53 +1,53 @@
 variable "database_name" {
   description = "The name of the database to create when the DB instance is created."
-  type        = "string"
+  type        = string
 }
 
 variable "engine_version" {
   default     = "10.1"
   description = "The version of PostgreSQL used when the DB instance is created."
-  type        = "string"
+  type        = string
 }
 
 variable "instance_class" {
   description = "The instance type of the RDS instance."
-  type        = "string"
+  type        = string
 }
 
 variable "instance_name" {
   default     = ""
   description = "The name of the instance to be created, if different than name."
-  type        = "string"
+  type        = string
 }
 
 variable "name" {
   description = "The name of resources created, used either directly or as a prefix."
-  type        = "string"
+  type        = string
 }
 
 variable "parameters" {
   default     = []
   description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-parameters after initial creation of the group."
-  type        = "list"
+  type        = list(map(string))
 }
 
 variable "subnet_ids" {
   description = "A list of VPC subnet IDs for the aws_db_subnet_group."
-  type        = "list"
+  type        = list(string)
 }
 
 variable "tags" {
   default     = {}
   description = "A mapping of tags to assign to the resources."
-  type        = "map"
+  type        = map(string)
 }
 
 variable "username" {
   description = "Username for the master DB user."
-  type        = "string"
+  type        = string
 }
 
 variable "vpc_id" {
   description = "The VPC ID of the DB's aws_security_group."
-  type        = "string"
+  type        = string
 }
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12"
+}