Add iam_database_authentication_enabled

* Fix issue with monitoring arn being referenced if not created
claranet · May 14, 2018 · 0012060 · 0012060
1 parent 2989a8d
commit 0012060
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 37 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+*.swp
diff --git a/main.tf b/main.tf
@@ -36,26 +36,27 @@
   * }
   * 
   * module "aurora_db_56" {
-  *   source                          = "../.."
-  *   name                            = "test-aurora-db-56"
-  *   envname                         = "test56"
-  *   envtype                         = "test"
-  *   subnets                         = ["${module.vpc.private_subnets}"]
-  *   azs                             = ["${module.vpc.availability_zones}"]
-  *   replica_count                   = "1"
-  *   security_groups                 = ["${aws_security_group.allow_all.id}"]
-  *   instance_type                   = "db.t2.medium"
-  *   username                        = "root"
-  *   password                        = "changeme"
-  *   backup_retention_period         = "5"
-  *   final_snapshot_identifier       = "final-db-snapshot-prod"
-  *   storage_encrypted               = "true"
-  *   apply_immediately               = "true"
-  *   monitoring_interval             = "10"
-  *   cw_alarms                       = true
-  *   cw_sns_topic                    = "${aws_sns_topic.db_alarms_56.id}"
-  *   db_parameter_group_name         = "${aws_db_parameter_group.aurora_db_56_parameter_group.id}"
-  *   db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_56_parameter_group.id}"
+  *   source                              = "../.."
+  *   name                                = "test-aurora-db-56"
+  *   envname                             = "test56"
+  *   envtype                             = "test"
+  *   subnets                             = ["${module.vpc.private_subnets}"]
+  *   azs                                 = ["${module.vpc.availability_zones}"]
+  *   replica_count                       = "1"
+  *   security_groups                     = ["${aws_security_group.allow_all.id}"]
+  *   instance_type                       = "db.t2.medium"
+  *   username                            = "root"
+  *   password                            = "changeme"
+  *   backup_retention_period             = "5"
+  *   iam_database_authentication_enabled = "true"
+  *   final_snapshot_identifier           = "final-db-snapshot-prod"
+  *   storage_encrypted                   = "true"
+  *   apply_immediately                   = "true"
+  *   monitoring_interval                 = "10"
+  *   cw_alarms                           = true
+  *   cw_sns_topic                        = "${aws_sns_topic.db_alarms_56.id}"
+  *   db_parameter_group_name             = "${aws_db_parameter_group.aurora_db_56_parameter_group.id}"
+  *   db_cluster_parameter_group_name     = "${aws_rds_cluster_parameter_group.aurora_cluster_56_parameter_group.id}"
   * }
   * 
   * resource "aws_db_parameter_group" "aurora_db_56_parameter_group" {
@@ -184,7 +185,7 @@ resource "aws_rds_cluster_instance" "cluster_instance_0" {
   db_parameter_group_name      = "${var.db_parameter_group_name}"
   preferred_maintenance_window = "${var.preferred_maintenance_window}"
   apply_immediately            = "${var.apply_immediately}"
-  monitoring_role_arn          = "${join("", aws_iam_role.rds-enhanced-monitoring.*.arn)}"
+  monitoring_role_arn          = "${coalesce("",join("", aws_iam_role.rds-enhanced-monitoring.*.arn))}"
   monitoring_interval          = "${var.monitoring_interval}"
   auto_minor_version_upgrade   = "${var.auto_minor_version_upgrade}"
   promotion_tier               = "0"
@@ -209,7 +210,7 @@ resource "aws_rds_cluster_instance" "cluster_instance_n" {
   db_parameter_group_name      = "${var.db_parameter_group_name}"
   preferred_maintenance_window = "${var.preferred_maintenance_window}"
   apply_immediately            = "${var.apply_immediately}"
-  monitoring_role_arn          = "${join("", aws_iam_role.rds-enhanced-monitoring.*.arn)}"
+  monitoring_role_arn          = "${coalesce("",join("", aws_iam_role.rds-enhanced-monitoring.*.arn))}"
   monitoring_interval          = "${var.monitoring_interval}"
   auto_minor_version_upgrade   = "${var.auto_minor_version_upgrade}"
   promotion_tier               = "${count.index + 1}"
@@ -226,21 +227,22 @@ resource "aws_rds_cluster" "default" {
   availability_zones = ["${var.azs}"]
   engine             = "${var.engine}"
 
-  engine_version                  = "${var.engine-version}"
-  master_username                 = "${var.username}"
-  master_password                 = "${var.password}"
-  final_snapshot_identifier       = "${var.final_snapshot_identifier}-${random_id.server.hex}"
-  skip_final_snapshot             = "${var.skip_final_snapshot}"
-  backup_retention_period         = "${var.backup_retention_period}"
-  preferred_backup_window         = "${var.preferred_backup_window}"
-  preferred_maintenance_window    = "${var.preferred_maintenance_window}"
-  port                            = "${var.port}"
-  db_subnet_group_name            = "${aws_db_subnet_group.main.name}"
-  vpc_security_group_ids          = ["${var.security_groups}"]
-  snapshot_identifier             = "${var.snapshot_identifier}"
-  storage_encrypted               = "${var.storage_encrypted}"
-  apply_immediately               = "${var.apply_immediately}"
-  db_cluster_parameter_group_name = "${var.db_cluster_parameter_group_name}"
+  engine_version                      = "${var.engine-version}"
+  master_username                     = "${var.username}"
+  master_password                     = "${var.password}"
+  final_snapshot_identifier           = "${var.final_snapshot_identifier}-${random_id.server.hex}"
+  iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}"
+  skip_final_snapshot                 = "${var.skip_final_snapshot}"
+  backup_retention_period             = "${var.backup_retention_period}"
+  preferred_backup_window             = "${var.preferred_backup_window}"
+  preferred_maintenance_window        = "${var.preferred_maintenance_window}"
+  port                                = "${var.port}"
+  db_subnet_group_name                = "${aws_db_subnet_group.main.name}"
+  vpc_security_group_ids              = ["${var.security_groups}"]
+  snapshot_identifier                 = "${var.snapshot_identifier}"
+  storage_encrypted                   = "${var.storage_encrypted}"
+  apply_immediately                   = "${var.apply_immediately}"
+  db_cluster_parameter_group_name     = "${var.db_cluster_parameter_group_name}"
 }
 
 // Geneate an ID when an environment is initialised

diff --git a/outputs.tf b/outputs.tf
@@ -12,3 +12,15 @@ output "all_instance_endpoints_list" {
 output "reader_endpoint" {
   value = "${aws_rds_cluster.default.reader_endpoint}"
 }
+
+output "id" {
+  value = "${aws_rds_cluster.default.id}"
+}
+
+output "cluster_identifier" {
+  value = "${aws_rds_cluster.default.cluster_identifier}"
+}
+
+output "cluster_resource_id" {
+  value = "${aws_rds_cluster.default.cluster_resource_id}"
+}
diff --git a/variables.tf b/variables.tf
@@ -116,6 +116,12 @@ variable "auto_minor_version_upgrade" {
   description = "Determines whether minor engine upgrades will be performed automatically in the maintenance window"
 }
 
+variable "iam_database_authentication_enabled" {
+  type        = "string"
+  default     = "false"
+  description = "Determines whether IAM authentication is enabled for the cluster"
+}
+
 variable "db_parameter_group_name" {
   type        = "string"
   default     = "default.aurora5.6"