diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a97fa56
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+
+*.swp
diff --git a/README.md b/README.md
index 29066e5..f79722f 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ Terraform module that deploys Lambda functions that take care of triggering and
 ## Design
 A Lambda function takes care of triggering the RDS Start Export Task for the given database name. The snapshots will be exported to the given S3 bucket.
 
-Another Lambga function is only interested in RDS Export Task events that match a given database name. Whenever a match is detected, a message will be published in the given SNS topic which you can use to trigger other components. E.g. a Lambda function that sends notifications to Slack.
+Another Lambda function is only interested in RDS Export Task events that match a given database name. Whenever a match is detected, a message will be published in the given SNS topic which you can use to trigger other components. E.g. a Lambda function that sends notifications to Slack.
 
 A single CloudWatch Event Rule takes care of listening for RDS Snapshots Events in order to call the aforementioned Lambda functions.
 
@@ -15,9 +15,11 @@ A single CloudWatch Event Rule takes care of listening for RDS Snapshots Events
 </div>
 
 ## Important considerations
+* Please note, that only customer managed keys (CMK) are allowed.
+* Either `customer_kms_key_arn` provided key is used for exported snapshots encryption or new CMK created with `create_customer_kms_key` enabled
+* Since the module (optionally) creates its own KMS CMK, keep that in mind regarding KMS pricing; not only regarding the pricing of a single key, but also things like key rotations/versions and KMS API requests.
 * The module requires you to provide the S3 bucket that will be used for storing the exported snapshots. The good thing about this is that you are able to configure the bucket in any way you need. E.g. replication, lifecycle, locking, and so on.
-* The module creates a KMS Key (CMK) which is used for encrypting the exported snapshots on S3. The reason for the module not yet supporting passing your own CMK is that the key needs to grant a number of permissions to a role that is also created by this module. If providing your own key was supported, an specific execution order would be required: create the module by passing the key, get the Lambda role from the module's output and update the key permissions to grant it specific actions. So the orchestration becomes complicated.
-* Since the module creates its own KMS CMK, keep that in mind regarding KMS pricing; not only regarding the pricing of a single key but also things like key rotations/versions and KMS API requests.
+* The module can create an export monitor SNS notification topic, also existing SNS topics are supported via `notifications_topic_arn` variable.
 
 ## Requirements
 
@@ -50,22 +52,27 @@ No requirements.
 | [aws_lambda_permission.snsCanTriggerMonitorExportTask](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_lambda_permission.snsCanTriggerStartExportTask](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
 | [aws_sns_topic.rdsSnapshotsEvents](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic.exportMonitorNotifications](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
 | [aws_sns_topic_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
 | [aws_sns_topic_subscription.lambdaRdsSnapshotToS3Exporter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
 | [aws_sns_topic_subscription.lambdaRdsSnapshotToS3Monitor](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_database_name"></a> [database\_name](#input\_database\_name) | The name of the database whose snapshots we want to export to S3. | `string` | `null` | no |
+| <a name="input_create_customer_kms_key"></a> [create\_customer\_kms\_key](#input\_create\_customer\_kms\_key) | Create customer managed KMS key which is used for encrypting the exported snapshots on S3. If set to `false`, then `customer_kms_key_arn` is used. | `bool` | `false` | no |
+| <a name="input_create_notifications_topic"></a> [create\_notifications\_topic](#input\_create\_notifications\_topic) | Create new SNS notifications topic which will be used for publishing notifications messages. | `bool` | `true` | no |
+| <a name="input_customer_kms_key_arn"></a> [customer\_kms\_key\_arn](#input\_customer\_kms\_key\_arn) | The ARN of customer managed key used for RDS export encryption. Mandatory if `create_customer_kms_key` is set to `false`. Ex: `"arn:aws:kms:<region>:<accountID>:key/<key-id>"` | `string` | `null` | no |
+| <a name="input_database_names"></a> [database\_names](#input\_database\_names) | The names of the databases whose snapshots we want to export to S3. Comma-separated values), ex: `"db-cluster1, db-cluster2"` | `string` | `null` | yes |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | The log level of the Lambda function. | `string` | `"INFO"` | no |
-| <a name="input_notifications_topic_arn"></a> [notifications\_topic\_arn](#input\_notifications\_topic\_arn) | The ARN of an SNS Topic which will be used for publishing notifications messages. | `string` | `null` | no |
+| <a name="input_notifications_topic_arn"></a> [notifications\_topic\_arn](#input\_notifications\_topic\_arn) | The ARN of an SNS Topic which will be used for publishing notifications messages. Required if `create_notifications_topic` is set to `false`. | `string` | `null` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix that will be used for naming resources. | `string` | `null` | no |
-| <a name="input_rds_event_id"></a> [rds\_event\_id](#input\_rds\_event\_id) | RDS (CloudWatch) Event ID that will trigger the calling of RDS Start Export Task API:<br>- Automated snapshots of Aurora RDS: RDS-EVENT-0169<br>- Automated snapshots of non-Aurora RDS: RDS-EVENT-0091<br>Only automated backups of either RDS Aurora and RDS non-Aurora are supported.<br>Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.snapshot | `string` | n/a | yes |
-| <a name="input_snapshots_bucket_arn"></a> [snapshots\_bucket\_arn](#input\_snapshots\_bucket\_arn) | The ARN of the bucket where the RDS snapshots will be exported to. | `string` | `null` | no |
-| <a name="input_snapshots_bucket_name"></a> [snapshots\_bucket\_name](#input\_snapshots\_bucket\_name) | The name of the bucket where the RDS snapshots will be exported to. | `string` | `null` | no |
+| <a name="input_rds_event_ids"></a> [rds\_event\_id](#input\_rds\_event\_ids) | RDS (CloudWatch) Event IDs that will trigger the calling of RDS Start Export Task API:<br>- Automated snapshots of Aurora RDS: RDS-EVENT-0169<br>- Automated snapshots of non-Aurora RDS: RDS-EVENT-0091<br>Only automated backups of either RDS Aurora and RDS non-Aurora are supported.<br>Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.snapshot<br>Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html#USER_Events.Messages.cluster-snapshot. | `string` | `"RDS-EVENT-0091, RDS-EVENT-0169"` | no |
+| <a name="input_snapshots_bucket_name"></a> [snapshots\_bucket\_name](#input\_snapshots\_bucket\_name) | The name of the bucket where the RDS snapshots will be exported to. | `string` | `null` | yes |
+| <a name="input_snapshots_bucket_prefix"></a> [snapshots\_bucket\_prefix](#input\_snapshots\_bucket\_prefix) | The Amazon S3 bucket prefix to use as the file name and path of the exported snapshot. For example, use the prefix `"exports/2019/"`. | `string` | `null` | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(string)` | `{}` | no |
 
 ## Outputs
@@ -74,7 +81,8 @@ No requirements.
 |------|-------------|
 | <a name="output_monitor_export_task_lambda_function_arn"></a> [monitor\_export\_task\_lambda\_function\_arn](#output\_monitor\_export\_task\_lambda\_function\_arn) | Start Export Task Monitor Lambda Function ARN |
 | <a name="output_monitor_export_task_lambda_role_arn"></a> [monitor\_export\_task\_lambda\_role\_arn](#output\_monitor\_export\_task\_lambda\_role\_arn) | Start Export Task Monitor Lambda Role ARN |
+| <a name="output_snapshots_events_export_monitor_sns_topics_arn"></a> [snapshots\_events\_export\_monitor\_sns\_topics\_arn](#output\_snapshots\_events_export\_monitor\_sns\_topics\_arn) | RDS Snapshots Export Monitor Events SNS Topics ARN |
 | <a name="output_snapshots_events_sns_topics_arn"></a> [snapshots\_events\_sns\_topics\_arn](#output\_snapshots\_events\_sns\_topics\_arn) | RDS Snapshots Events SNS Topics ARN |
 | <a name="output_snapshots_export_encryption_key_arn"></a> [snapshots\_export\_encryption\_key\_arn](#output\_snapshots\_export\_encryption\_key\_arn) | Snapshots Export Encryption Key ARN |
 | <a name="output_start_export_task_lambda_function_arn"></a> [start\_export\_task\_lambda\_function\_arn](#output\_start\_export\_task\_lambda\_function\_arn) | Start Export Task Lambda Function ARN |
-| <a name="output_start_export_task_lambda_role_arn"></a> [start\_export\_task\_lambda\_role\_arn](#output\_start\_export\_task\_lambda\_role\_arn) | Start Export Task Lambda Role ARN |
\ No newline at end of file
+| <a name="output_start_export_task_lambda_role_arn"></a> [start\_export\_task\_lambda\_role\_arn](#output\_start\_export\_task\_lambda\_role\_arn) | Start Export Task Lambda Role ARN |
diff --git a/cloudwatch.tf b/cloudwatch.tf
index e66317e..50ed82d 100644
--- a/cloudwatch.tf
+++ b/cloudwatch.tf
@@ -2,7 +2,7 @@
 # Create an event rule to listen for RDS DB Cluster Snapshot Events
 #
 resource "aws_cloudwatch_event_rule" "rdsSnapshotCreation" {
-  name        = "${var.prefix}-rds-snapshot-creation"
+  name        = "${local.prefix}rds-snapshot-creation"
   description = "RDS Snapshot Creation"
 
   event_pattern = <<PATTERN
@@ -15,6 +15,8 @@ resource "aws_cloudwatch_event_rule" "rdsSnapshotCreation" {
   ]
 }
 PATTERN
+
+  tags = merge({ Name = "${local.prefix}rds-snapshot-creation" }, var.tags)
 }
 
 #
diff --git a/data.tf b/data.tf
index b873704..495acd3 100644
--- a/data.tf
+++ b/data.tf
@@ -2,3 +2,5 @@
 # Current account data
 #
 data "aws_caller_identity" "current" {}
+
+data "aws_region" "current" {}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index f40dd8b..2dc10fd 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,8 +1,8 @@
 locals {
   bucket_name = "example-rds-exported-snapshots"
   tags = {
-    Name        = "example"
-    Terraform   = "true"
+    Name      = "example"
+    Terraform = "true"
   }
 }
 
@@ -13,27 +13,41 @@ module "rds_export_to_s3" {
   source = "../../"
 
   # Set a prefix for naming resources
-  prefix = "aurora-mysql"
+  #prefix = "binbashar"
 
   # Which RDS snapshots should be exported?
-  database_name = "example-aurora-mysql-database"
-
-  # Which RDS snapshots events should be included (RDS Aurora or RDS non-Aurora)?
-  rds_event_id = "RDS-EVENT-0169"
+  database_names = "test1-aurora-mysql-cluster, test2-aurora-mysql-cluster"
 
   # Which bucket will store the exported snapshots?
   snapshots_bucket_name = module.bucket.s3_bucket_id
-  snapshots_bucket_arn = module.bucket.s3_bucket_arn
+  #snapshots_bucket_name = "export-bucket-name"
+
+  # To group objects in a bucket, S3 uses a prefix before object names. The forward slash (/) in the prefix represents a folder.
+  snapshots_bucket_prefix = "rds_snapshots/"
+
+  # Which RDS snapshots events should be included (RDS Aurora or/and RDS non-Aurora)?
+  #rds_event_ids = "RDS-EVENT-0091, RDS-EVENT-0169"
+
+  # Create customer managed key or use default AWS S3 managed key. If set to 'false', then 'customer_kms_key_arn' is used.
+  create_customer_kms_key = false
 
-  # Which topic should receive notifications about exported snapshots events?
-  notifications_topic_arn = "arn:aws:sns:us-east-1:000000000000:sns-topic-slack-notifications"
+  # Provide CMK if 'create_customer_kms_key = false'
+  customer_kms_key_arn = "arn:aws:kms:eu-west-2:123456789:alias/kms-rds"
+
+  # SNS topic for export monitor notifications
+  create_notifications_topic = true
+
+  # Which topic should receive notifications about exported snapshots events? Only required if 'create_notifications_topic = false'
+  #notifications_topic_arn = "arn:aws:sns:us-east-1:000000000000:sns-topic-slack-notifications"
 
   # Set the logging level
   # log_level = "DEBUG"
 
   tags = local.tags
+  #tags = { Deployment = "binbachar-export" }
 }
 
+
 # -----------------------------------------------------------------------------
 # This bucket will be used for storing the exported RDS snapshots.
 # -----------------------------------------------------------------------------
diff --git a/functions/export-to-s3/index.py b/functions/export-to-s3/index.py
index 92253c1..1e05e71 100644
--- a/functions/export-to-s3/index.py
+++ b/functions/export-to-s3/index.py
@@ -29,25 +29,31 @@ def handler(event, context):
     eventId = message["detail"]["EventID"]
     sourceId = message["detail"]["SourceIdentifier"]
     sourceArn = message["detail"]["SourceArn"]
-    matchSnapshotRegEx = "^rds:" + os.environ["DB_NAME"] + "-\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$"
-
-    if eventId.endswith(os.environ["RDS_EVENT_ID"]) and re.match(matchSnapshotRegEx, sourceId):
-        exportTaskId = ((sourceId[4:] + '-').replace("--", "-") + messageId)[:60]
-        response = boto3.client("rds").start_export_task(
-            ExportTaskIdentifier=exportTaskId,
-            SourceArn=sourceArn,
-            S3BucketName=os.environ["SNAPSHOT_BUCKET_NAME"],
-            IamRoleArn=os.environ["SNAPSHOT_TASK_ROLE"],
-            KmsKeyId=os.environ["SNAPSHOT_TASK_KEY"],
-        )
-        response["SnapshotTime"] = str(response["SnapshotTime"])
-
-        logger.info("Snapshot export task started")
-        logger.info(json.dumps(response))
+    rdsEventID = os.environ["RDS_EVENT_ID"].replace(' ', '').split(',')
+    dbName = os.environ['DB_NAME'].replace(' ', '').split(',')
+
+    if eventId in rdsEventID:
+        for db in dbName:
+            matchSnapshotRegEx = "^rds:" + db + "-\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$"
+            if re.match(matchSnapshotRegEx, sourceId):
+                exportTaskId = ((sourceId[4:] + '-').replace("--", "-") + messageId)[:60]
+                response = boto3.client("rds").start_export_task(
+                    ExportTaskIdentifier=exportTaskId,
+                    SourceArn=sourceArn,
+                    S3BucketName=os.environ["SNAPSHOT_BUCKET_NAME"],
+                    S3Prefix=os.environ["SNAPSHOT_BUCKET_PREFIX"],
+                    IamRoleArn=os.environ["SNAPSHOT_TASK_ROLE"],
+                    KmsKeyId=os.environ["SNAPSHOT_TASK_KEY"],
+                )
+                response["SnapshotTime"] = str(response["SnapshotTime"])
+
+                logger.info(f"Snapshot export task started on {db}")
+                logger.info(json.dumps(response))
+            else:
+                logger.info(f"Ignoring event notification for {sourceId} - {eventId}")
+                logger.info(f"notifications for {dbName} only")
 
     else:
-        logger.info(f"Ignoring event notification for {sourceId}")
-        logger.info(
-            f"Function is configured to accept {os.environ['RDS_EVENT_ID']} "
-            f"notifications for {os.environ['DB_NAME']} only"
-        )
+        logger.info(f"Ignoring event notification for {sourceId} - {eventId}")
+        logger.info(f"Function is configured to accept {rdsEventID} only")
+
diff --git a/functions/monitor-export-to-s3/index.py b/functions/monitor-export-to-s3/index.py
index fd1656f..4428e11 100644
--- a/functions/monitor-export-to-s3/index.py
+++ b/functions/monitor-export-to-s3/index.py
@@ -29,6 +29,7 @@ def handler(event, context):
     sourceType = message["detail"]["SourceType"]
     sourceId = message["detail"]["SourceIdentifier"]
     sourceArn = message["detail"]["SourceArn"]
+    dbName = os.environ['DB_NAME'].replace(' ', '').split(',')
 
     # Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.snapshot
     # Ref: https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html#USER_Events.Messages.cluster-snapshot
@@ -42,25 +43,29 @@ def handler(event, context):
         "RDS-EVENT-0163": "DB cluster snapshot export task canceled",
         "RDS-EVENT-0164": "DB cluster snapshot export task completed"
     }
-    matchSnapshotRegEx = "^rds:" + os.environ["DB_NAME"] + "-\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$"
 
-    if eventId in supportedEvents.keys() and re.match(matchSnapshotRegEx, sourceId):
-        messageTitle = supportedEvents[eventId]
-        messageBody = {
-            "SourceType": sourceType,
-            "SourceIdentifier": sourceId,
-            "SourceArn": sourceArn
-        }
-        response = boto3.client('sns').publish(
-            TargetArn=os.environ["SNS_NOTIFICATIONS_TOPIC_ARN"],
-            Subject=messageTitle,
-            Message=json.dumps({'default': json.dumps(messageBody)}),
-            MessageStructure='json'
-        )
+    if eventId in supportedEvents.keys():
+        for db in dbName:
+            matchSnapshotRegEx = "^rds:" + db + "-\d{4}-\d{2}-\d{2}-\d{2}-\d{2}$"
+            if re.match(matchSnapshotRegEx, sourceId):
+                messageTitle = supportedEvents[eventId]
+                messageBody = {
+                    "SourceType": sourceType,
+                    "SourceIdentifier": sourceId,
+                    "SourceArn": sourceArn
+                }
+                response = boto3.client('sns').publish(
+                    TargetArn=os.environ["SNS_NOTIFICATIONS_TOPIC_ARN"],
+                    Subject=messageTitle,
+                    Message=json.dumps({'default': json.dumps(messageBody)}),
+                    MessageStructure='json'
+                )
+            else:
+                logger.info(f"Ignoring event notification for {sourceId} - {eventId}")
+                logger.info(f"notifications for {dbName} only")
 
     else:
-        logger.info(f"Ignoring event notification for {sourceId}")
-        logger.info(
-            f"Function is configured to accept {supportedEvents} "
-            f"notifications for {os.environ['DB_NAME']} only"
-        )
+        logger.info(f"Ignoring event notification for {sourceId} - {eventId}")
+        logger.info(f"Function is configured to accept {supportedEvents} only")
+
+
diff --git a/identities.tf b/identities.tf
index f2e8dab..437a159 100644
--- a/identities.tf
+++ b/identities.tf
@@ -2,7 +2,8 @@
 # This role is used by RDS Start Export Task
 #
 resource "aws_iam_role" "rdsSnapshotExportTask" {
-  name               = "${var.prefix}-snapshot-export-task"
+  name               = "${local.prefix}snapshot-export-task"
+  tags               = merge({ Name = "${local.prefix}snapshot-export-task" }, var.tags)
   assume_role_policy = <<POLICY
 {
     "Version": "2012-10-17",
@@ -23,7 +24,7 @@ POLICY
 # Allow RDS Start Export Task to write the snapshot on the S3 bucket
 #
 resource "aws_iam_role_policy" "rdsSnapshotExportToS3" {
-  name   = "${var.prefix}-rds-snapshot-export-to-s3"
+  name   = "${local.prefix}rds-snapshot-export-to-s3"
   role   = aws_iam_role.rdsSnapshotExportTask.id
   policy = <<POLICY
 {
@@ -40,8 +41,8 @@ resource "aws_iam_role_policy" "rdsSnapshotExportToS3" {
                 "s3:GetBucketLocation"
             ],
             "Resource": [
-                "${var.snapshots_bucket_arn}",
-                "${var.snapshots_bucket_arn}/*"
+                "${local.snapshots_bucket_arn}",
+                "${local.snapshots_bucket_arn}/*"
             ]
         }
     ]
@@ -53,7 +54,8 @@ POLICY
 # Lambda Permissions: Start Export Task
 #
 resource "aws_iam_policy" "rdsStartExportTaskLambda" {
-  name   = "${var.prefix}-rds-snapshot-exporter-lambda"
+  name   = "${local.prefix}rds-snapshot-exporter-lambda"
+  tags   = merge({ Name = "${local.prefix}rds-snapshot-exporter-lambda" }, var.tags)
   policy = <<POLICY
 {
     "Version": "2012-10-17",
@@ -67,9 +69,34 @@ resource "aws_iam_policy" "rdsStartExportTaskLambda" {
             "Action": "iam:PassRole",
             "Resource": ["${aws_iam_role.rdsSnapshotExportTask.arn}"],
             "Effect": "Allow"
+        },
+        {
+            "Effect" : "Allow",
+            "Action" : [
+                "kms:Encrypt",
+                "kms:Decrypt",
+                "kms:ReEncrypt*",
+                "kms:GenerateDataKey*",
+                "kms:DescribeKey"
+            ],
+            "Resource" : [
+                "${var.create_customer_kms_key ? aws_kms_key.snapshotExportEncryptionKey[0].arn : var.customer_kms_key_arn}"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kms:CreateGrant",
+                "kms:ListGrants",
+                "kms:RevokeGrant"
+            ],
+            "Resource": "${var.create_customer_kms_key ? aws_kms_key.snapshotExportEncryptionKey[0].arn : var.customer_kms_key_arn}",
+            "Condition": {
+                "Bool": { "kms:GrantIsForAWSResource": "true" }
+            }
         }
     ]
-}
+}  
 POLICY
 }
 
@@ -77,14 +104,15 @@ POLICY
 # Lambda Permissions: Export Task Monitor
 #
 resource "aws_iam_policy" "rdsMonitorExportTaskLambda" {
-  name   = "${var.prefix}-rds-snapshot-exporter-monitor-lambda"
+  name   = "${local.prefix}rds-snapshot-exporter-monitor-lambda"
+  tags   = merge({ Name = "${local.prefix}rds-snapshot-exporter-monitor-lambda" }, var.tags)
   policy = <<POLICY
 {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Action": "sns:Publish",
-            "Resource": ["${var.notifications_topic_arn}"],
+            "Resource": ["${var.create_notifications_topic ? aws_sns_topic.exportMonitorNotifications[0].arn : var.notifications_topic_arn}"],
             "Effect": "Allow"
         }
     ]
diff --git a/kms.tf b/kms.tf
index c1464a3..44b9116 100644
--- a/kms.tf
+++ b/kms.tf
@@ -2,9 +2,10 @@
 # This key will be used for encrypting snapshots exported to S3
 #
 resource "aws_kms_key" "snapshotExportEncryptionKey" {
+  count       = var.create_customer_kms_key ? 1 : 0
   description = "Snapshot Export Encryption Key"
-
-  policy = <<POLICY
+  tags        = merge({ Name = "Snapshot Export Encryption Key" }, var.tags)
+  policy      = <<POLICY
 {
     "Version": "2012-10-17",
     "Statement": [
@@ -57,6 +58,7 @@ POLICY
 # Key alias
 #
 resource "aws_kms_alias" "snapshotExportEncryptionKey" {
-  name          = "alias/${var.prefix}-rds-export-to-s3"
-  target_key_id = aws_kms_key.snapshotExportEncryptionKey.key_id
+  count         = var.create_customer_kms_key ? 1 : 0
+  name          = "alias/${local.prefix}rds-export-to-s3"
+  target_key_id = aws_kms_key.snapshotExportEncryptionKey[0].key_id
 }
diff --git a/lambda.tf b/lambda.tf
index 056fa45..ad7b027 100644
--- a/lambda.tf
+++ b/lambda.tf
@@ -5,27 +5,30 @@
 module "start_export_task_lambda" {
   source = "github.com/terraform-aws-modules/terraform-aws-lambda?ref=v2.7.0"
 
-  function_name = "${var.prefix}-rds-export-to-s3"
+  function_name = "${local.prefix}rds-export-to-s3"
   description   = "RDS Export To S3"
   handler       = "index.handler"
   runtime       = "python3.8"
   publish       = true
 
+  cloudwatch_logs_retention_in_days = 90
+
   source_path = "${path.module}/functions/export-to-s3"
 
   environment_variables = {
-    RDS_EVENT_ID: var.rds_event_id,
-    DB_NAME: var.database_name,
-    SNAPSHOT_BUCKET_NAME: var.snapshots_bucket_name,
-    SNAPSHOT_TASK_ROLE: aws_iam_role.rdsSnapshotExportTask.arn,
-    SNAPSHOT_TASK_KEY: aws_kms_key.snapshotExportEncryptionKey.arn,
-    LOG_LEVEL: var.log_level,
+    RDS_EVENT_ID : var.rds_event_ids,
+    DB_NAME : var.database_names,
+    SNAPSHOT_BUCKET_NAME : var.snapshots_bucket_name,
+    SNAPSHOT_BUCKET_PREFIX : var.snapshots_bucket_prefix,
+    SNAPSHOT_TASK_ROLE : aws_iam_role.rdsSnapshotExportTask.arn,
+    SNAPSHOT_TASK_KEY : var.create_customer_kms_key ? aws_kms_key.snapshotExportEncryptionKey[0].arn : var.customer_kms_key_arn
+    LOG_LEVEL : var.log_level,
   }
 
   attach_policy = true
   policy        = aws_iam_policy.rdsStartExportTaskLambda.arn
 
-  tags = var.tags
+  tags = merge({ Name = "${local.prefix}rds-export-to-s3" }, var.tags)
 }
 
 #
@@ -34,22 +37,24 @@ module "start_export_task_lambda" {
 module "monitor_export_task_lambda" {
   source = "github.com/terraform-aws-modules/terraform-aws-lambda?ref=v2.7.0"
 
-  function_name = "${var.prefix}-rds-export-to-s3-monitor"
+  function_name = "${local.prefix}rds-export-to-s3-monitor"
   description   = "RDS Export To S3 Monitor"
   handler       = "index.handler"
   runtime       = "python3.8"
   publish       = true
 
+  cloudwatch_logs_retention_in_days = 90
+
   source_path = "${path.module}/functions/monitor-export-to-s3"
 
   environment_variables = {
-    DB_NAME: var.database_name,
-    SNS_NOTIFICATIONS_TOPIC_ARN: var.notifications_topic_arn,
-    LOG_LEVEL: var.log_level,
+    DB_NAME : var.database_names,
+    SNS_NOTIFICATIONS_TOPIC_ARN : var.create_notifications_topic ? aws_sns_topic.exportMonitorNotifications[0].arn : var.notifications_topic_arn,
+    LOG_LEVEL : var.log_level,
   }
 
   attach_policy = true
   policy        = aws_iam_policy.rdsMonitorExportTaskLambda.arn
 
-  tags = var.tags
+  tags = merge({ Name = "${local.prefix}rds-export-to-s3-monitor" }, var.tags)
 }
diff --git a/outputs.tf b/outputs.tf
index d6da4af..54fca1b 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -20,10 +20,15 @@ output "monitor_export_task_lambda_role_arn" {
 
 output "snapshots_export_encryption_key_arn" {
   description = "Snapshots Export Encryption Key ARN"
-  value       = aws_kms_key.snapshotExportEncryptionKey.arn
+  value       = var.create_customer_kms_key ? aws_kms_key.snapshotExportEncryptionKey[0].arn : var.customer_kms_key_arn
 }
 
 output "snapshots_events_sns_topics_arn" {
   description = "RDS Snapshots Events SNS Topics ARN"
   value       = aws_sns_topic.rdsSnapshotsEvents.arn
 }
+
+output "snapshots_events_export_monitor_sns_topics_arn" {
+  description = "RDS Snapshots Export Monitor Events SNS Topics ARN"
+  value       = var.create_notifications_topic ? aws_sns_topic.exportMonitorNotifications[0].arn : var.notifications_topic_arn
+}
diff --git a/topic.tf b/topic.tf
index 3809df8..122bda3 100644
--- a/topic.tf
+++ b/topic.tf
@@ -2,7 +2,15 @@
 # Create an SNS Topic for receiving RDS Snapshot Events
 #
 resource "aws_sns_topic" "rdsSnapshotsEvents" {
-  name = "${var.prefix}-rds-snapshots-creation"
+  name = "${local.prefix}rds-snapshots-creation"
+  tags = merge({ Name = "${local.prefix}rds-snapshots-creation" }, var.tags)
+}
+
+
+resource "aws_sns_topic" "exportMonitorNotifications" {
+  count = var.create_notifications_topic ? 1 : 0
+  name  = "${local.prefix}rds-exports-monitor-notifications"
+  tags  = merge({ Name = "${local.prefix}rds-exports-monitor-notifications" }, var.tags)
 }
 
 #
@@ -31,15 +39,15 @@ POLICY
 # Subscribe Lambdas to the Topics
 #
 resource "aws_sns_topic_subscription" "lambdaRdsSnapshotToS3Exporter" {
-  topic_arn     = aws_sns_topic.rdsSnapshotsEvents.arn
-  protocol      = "lambda"
-  endpoint      = module.start_export_task_lambda.lambda_function_arn
+  topic_arn = aws_sns_topic.rdsSnapshotsEvents.arn
+  protocol  = "lambda"
+  endpoint  = module.start_export_task_lambda.lambda_function_arn
 }
 
 resource "aws_sns_topic_subscription" "lambdaRdsSnapshotToS3Monitor" {
-  topic_arn     = aws_sns_topic.rdsSnapshotsEvents.arn
-  protocol      = "lambda"
-  endpoint      = module.monitor_export_task_lambda.lambda_function_arn
+  topic_arn = aws_sns_topic.rdsSnapshotsEvents.arn
+  protocol  = "lambda"
+  endpoint  = module.monitor_export_task_lambda.lambda_function_arn
 }
 
 #
diff --git a/variables.tf b/variables.tf
index b399572..783387e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,40 +1,66 @@
+#regex snapshots bucket name
+locals {
+  snapshots_bucket_arn = "arn:aws:s3:::${var.snapshots_bucket_name}"
+  prefix               = var.prefix != null ? "${var.prefix}-" : ""
+}
+
 variable "prefix" {
   description = "Prefix that will be used for naming resources."
   type        = string
   default     = null
 }
 
-variable "database_name" {
-  description = "The name of the database whose snapshots we want to export to S3."
+variable "database_names" {
+  description = "The names of the databases whose snapshots we want to export to S3. Comma-separated values), ex: 'db-cluster1, db-cluster2'"
   type        = string
   default     = null
 }
 
-variable "snapshots_bucket_arn" {
-  description = "The ARN of the bucket where the RDS snapshots will be exported to."
+variable "snapshots_bucket_name" {
+  description = "The name of the bucket where the RDS snapshots will be exported to."
   type        = string
   default     = null
 }
 
-variable "snapshots_bucket_name" {
-  description = "The name of the bucket where the RDS snapshots will be exported to."
+variable "snapshots_bucket_prefix" {
+  description = "The Amazon S3 bucket prefix to use as the file name and path of the exported snapshot. For example, use the prefix exports/2019/"
   type        = string
   default     = null
 }
 
-variable "rds_event_id" {
+variable "rds_event_ids" {
   description = <<DOC
 RDS (CloudWatch) Event ID that will trigger the calling of RDS Start Export Task API:
 - Automated snapshots of Aurora RDS: RDS-EVENT-0169
 - Automated snapshots of non-Aurora RDS: RDS-EVENT-0091
 Only automated backups of either RDS Aurora and RDS non-Aurora are supported.
 Ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.snapshot
+Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html#USER_Events.Messages.cluster-snapshot
 DOC
   type        = string
+  default     = "RDS-EVENT-0091, RDS-EVENT-0169"
+}
+
+variable "create_customer_kms_key" {
+  description = "Create customer managed KMS key which is used for encrypting the exported snapshots on S3. If set to 'false', then 'customer_kms_key_arn' is used."
+  type        = bool
+  default     = false
+}
+
+variable "customer_kms_key_arn" {
+  description = "The ARN of customer managed key used for RDS export encryption. Mandatory if 'create_customer_kms_key' is set to false. arn:aws:kms:<region>:<accountID>:key/<key-id>"
+  type        = string
+  default     = null
+}
+
+variable "create_notifications_topic" {
+  description = "Create new SNS notifications topic which will be used for publishing notifications messages."
+  type        = bool
+  default     = true
 }
 
 variable "notifications_topic_arn" {
-  description = "The ARN of an SNS Topic which will be used for publishing notifications messages."
+  description = "The ARN of an SNS Topic which will be used for publishing notifications messages. Required if 'create_notifications_topic' is set to 'false'."
   type        = string
   default     = null
 }