Merge pull request #55 from UKHomeOffice/ACPENG-2390

ACPENG-2390 - Added deletion protection support to main, variables and readme
UKHomeOffice · Mar 3, 2025 · de892c9 · de892c9
2 parents 4588a7b + de6cd23
commit de892c9
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -131,6 +131,7 @@ For an RDS instance with `storage_type` using `gp3`, be aware that `iops` cannot
 | <a name="input_subnet_role"></a> [subnet\_role](#input\_subnet\_role) | A role used to filter out which subnets the RDS should reside, defaults to Role=compute | `string` | `"compute"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID to create the resources within | `any` | n/a | yes |
+| <a name="deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Enables deletion protection for the RDS instance. When set to true, the instance cannot be deleted unless this setting is disabled. | `bool` | false | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -122,6 +122,7 @@ resource "aws_db_instance" "db_including_name" {
   performance_insights_enabled          = var.performance_insights_enabled
   performance_insights_retention_period = var.performance_insights_retention_period
   ca_cert_identifier                    = var.ca_cert_identifier
+  deletion_protection                   = var.deletion_protection
   tags = merge(
     var.tags,
     {
@@ -246,6 +247,7 @@ resource "aws_rds_cluster" "aurora_cluster" {
   snapshot_identifier             = var.snapshot_identifier
   storage_encrypted               = var.storage_encrypted
   vpc_security_group_ids          = [aws_security_group.db.id]
+  deletion_protection             = var.deletion_protection
   tags = merge(
     var.tags,
     {
@@ -261,17 +263,17 @@ resource "aws_rds_cluster" "aurora_cluster" {
 resource "aws_rds_cluster_instance" "aurora_cluster_instance" {
   count = var.engine_type == "aurora" || var.engine_type == "aurora-mysql" || var.engine_type == "aurora-postgresql" ? var.number_of_aurora_instances : 0
 
-  auto_minor_version_upgrade      = var.auto_minor_version_upgrade
-  apply_immediately               = var.apply_immediately
-  cluster_identifier              = aws_rds_cluster.aurora_cluster[0].id
-  db_subnet_group_name            = local.db_subnet_group_name
-  db_parameter_group_name         = aws_db_parameter_group.db.id
-  engine                          = var.engine_type
-  identifier                      = "${var.name}${count.index > 0 ? "-${count.index}" : ""}"
-  instance_class                  = var.instance_class
-  publicly_accessible             = var.publicly_accessible
-  preferred_maintenance_window    = var.maintenance_window
-  ca_cert_identifier              = var.ca_cert_identifier
+  auto_minor_version_upgrade   = var.auto_minor_version_upgrade
+  apply_immediately            = var.apply_immediately
+  cluster_identifier           = aws_rds_cluster.aurora_cluster[0].id
+  db_subnet_group_name         = local.db_subnet_group_name
+  db_parameter_group_name      = aws_db_parameter_group.db.id
+  engine                       = var.engine_type
+  identifier                   = "${var.name}${count.index > 0 ? "-${count.index}" : ""}"
+  instance_class               = var.instance_class
+  publicly_accessible          = var.publicly_accessible
+  preferred_maintenance_window = var.maintenance_window
+  ca_cert_identifier           = var.ca_cert_identifier
   tags = merge(
     var.tags,
     {

diff --git a/variables.tf b/variables.tf
@@ -279,3 +279,9 @@ variable "enabled_cloudwatch_logs_exports" {
   type        = list(string)
   default     = []
 }
+
+variable "deletion_protection" {
+  description = "Enables deletion protection for the RDS instance. When set to true, the instance cannot be deleted unless this setting is disabled."
+  type        = bool
+  default     = false
+}