Update database replica configuration

network.tf

@@ -4,10 +4,11 @@ resource "aws_security_group" "firewall_rule" {
   vpc_id      = var.postgresql_vpc_id
 
   ingress {
-    from_port   = var.postgresql_port
-    to_port     = var.postgresql_port
-    protocol    = "tcp"
-    cidr_blocks = var.postgresql_firewall_rule_ingress_cidr_blocks
+    from_port       = var.postgresql_port
+    to_port         = var.postgresql_port
+    protocol        = "tcp"
+    security_groups = var.postgresql_firewall_rule_ingress_security_groups
+    cidr_blocks     = var.postgresql_firewall_rule_ingress_cidr_blocks
   }
 
   egress {
@@ -31,6 +32,7 @@ resource "aws_security_group" "firewall_rule" {
     EndDate         = var.postgresql_end_date
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 
@@ -45,6 +47,7 @@ resource "aws_db_subnet_group" "main" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 
@@ -55,5 +58,5 @@ resource "aws_route53_record" "main" {
   type            = "CNAME"
   allow_overwrite = var.allow_dns_record_overwrite
   ttl             = "300"
-  records         = [length(var.postgresql_source_snapshot_identifier) == 0 ? (length(var.postgresql_replicate_source_db) == 0 ? aws_db_instance.blank-database[0].address : aws_db_instance.replica-database[0].address) : aws_db_instance.from-snapshot[0].address]
+  records         = [length(var.postgresql_source_snapshot_identifier) == 0 ? (var.postgresql_replicate_source_db == null ? aws_db_instance.blank-database[0].address : aws_db_instance.replica-database[0].address) : aws_db_instance.from-snapshot[0].address]
 }

storage.tf

@@ -23,7 +23,7 @@ resource "aws_db_instance" "blank-database" {
   final_snapshot_identifier       = var.postgresql_name
   backup_retention_period         = var.postgresql_backup_retention_period
   backup_window                   = var.postgresql_backup_window
-  replicate_source_db             = length(var.postgresql_source_snapshot_identifier) == 0 && length(var.postgresql_replicate_source_db) != 0 ? var.postgresql_replicate_source_db : null
+  replicate_source_db             = length(var.postgresql_source_snapshot_identifier) == 0 && var.postgresql_replicate_source_db != null ? var.postgresql_replicate_source_db : null
   publicly_accessible             = var.postgresql_publicly_accessible
   performance_insights_enabled    = var.postgresql_performance_insights_enabled
   enabled_cloudwatch_logs_exports = ["postgresql"]
@@ -35,6 +35,7 @@ resource "aws_db_instance" "blank-database" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 
@@ -66,6 +67,7 @@ resource "aws_db_instance" "from-snapshot" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 
   lifecycle {
@@ -86,19 +88,14 @@ resource "aws_db_instance" "replica-database" {
   identifier                      = var.postgresql_name
   allocated_storage               = var.postgresql_allocated_storage
   storage_type                    = var.postgresql_storage_type
-  engine                          = "postgres"
-  engine_version                  = var.postgresql_version
   instance_class                  = var.postgresql_instance_class
-  db_name                         = var.postgresql_db_name
-  username                        = var.postgresql_username
   parameter_group_name            = aws_db_parameter_group.main.name
   db_subnet_group_name            = aws_db_subnet_group.main.name
   deletion_protection             = var.postgresql_deletion_protection
   multi_az                        = var.postgresql_multi_az
   port                            = var.postgresql_port
   copy_tags_to_snapshot           = var.postgresql_copy_tags_to_snapshot
   storage_encrypted               = var.postgresql_storage_encrypted
-  kms_key_id                      = aws_kms_key.main.arn
   vpc_security_group_ids          = [aws_security_group.firewall_rule.id]
   replicate_source_db             = var.is_promoted_to_standalone ? "" : var.postgresql_replicate_source_db
   publicly_accessible             = var.postgresql_publicly_accessible
@@ -115,6 +112,7 @@ resource "aws_db_instance" "replica-database" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 
@@ -175,6 +173,7 @@ resource "aws_db_parameter_group" "main" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 
@@ -187,6 +186,7 @@ resource "aws_kms_key" "main" {
     ProjectList     = var.postgresql_project
     DeploymentType  = var.postgresql_deployment_type
     EndDate         = var.postgresql_end_date
+    Group           = "${var.postgresql_project}-${var.postgresql_env}"
   }
 }
 

variables.tf

@@ -370,3 +370,9 @@ variable "allow_dns_record_overwrite" {
   default     = false
   description = "Allow creation of this record in Terraform to overwrite an existing record, if any."
 }
+
+variable "postgresql_firewall_rule_ingress_security_groups" {
+  type        = list(string)
+  default     = []
+  description = "Security groups to allow to access the PostgreSQL instance"
+}