Skip to content

fix!: aurora postgres compatibility and sql server variable defaults#311

Merged
nidahn merged 2 commits into
mainfrom
fix/aurora-postgres-compatibility
Apr 2, 2026
Merged

fix!: aurora postgres compatibility and sql server variable defaults#311
nidahn merged 2 commits into
mainfrom
fix/aurora-postgres-compatibility

Conversation

@nidahn
Copy link
Copy Markdown
Contributor

@nidahn nidahn commented Apr 2, 2026

Fix several issues that caused the module to be unusable for Aurora PostgreSQL when SQL Server features are not needed.

Changes:

  • Remove rds_custom guard from master_password local — random password generation now works for Aurora Postgres
  • Remove rds_custom guard from aws_db_parameter_group.this count — parameter group creation now works for Aurora Postgres
  • Switch aws_security_group_rule.cidr_ingress (count + cidr_blocks list) to aws_vpc_security_group_ingress_rule with for_each — each CIDR is now an independent rule, future CIDR additions no longer force replacement of existing rules
  • Add default = null to SQL Server-only variables (ad_domain_ou, ad_domain_fqdn, ad_domain_dns_ips, ad_domain_auth_secret_arn, db_group_name, option_name) — these no longer prompt for values when using Aurora Postgres
  • Add default = [] to option_group and parameter_group variables

BREAKING CHANGE: aws_security_group_rule.cidr_ingress replaced with aws_vpc_security_group_ingress_rule using for_each. Existing deployments must perform state migration when upgrading:

  1. terragrunt state rm 'aws_security_group_rule.cidr_ingress[0]'
  2. terragrunt import 'aws_vpc_security_group_ingress_rule.cidr_ingress[""]' for each CIDR

@nidahn
fix!: aurora postgres compatibility and sql server variable defaults
2e5d025 
BREAKING CHANGE: aws_security_group_rule.cidr_ingress replaced with
aws_vpc_security_group_ingress_rule using for_each. Existing deployments
must perform state migration when upgrading:
  1. terragrunt state rm 'aws_security_group_rule.cidr_ingress[0]'
  2. terragrunt import 'aws_vpc_security_group_ingress_rule.cidr_ingress["<cidr>"]' <sgr-id> for each CIDR
@nidahn nidahn requested a review from omerurhan April 2, 2026 13:21
omerurhan
omerurhan approved these changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@omerurhan omerurhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nidahn nidahn merged commit aca6e07 into main Apr 2, 2026
3 checks passed
@kloia-tfmodules-releaser kloia-tfmodules-releaser Bot mentioned this pull request Apr 2, 2026
Merged
nidahn pushed a commit that referenced this pull request Apr 2, 2026
@kloia-tfmodules-releaser
chore(main): release aws-rds-aurora 0.6.0 (#312)
52a357b 
🤖 I have created a release *beep* *boop*
---


##
[0.6.0](aws-rds-aurora-v0.5.0...aws-rds-aurora-v0.6.0)
(2026-04-02)


### ⚠ BREAKING CHANGES

* aws_security_group_rule.cidr_ingress replaced with
aws_vpc_security_group_ingress_rule using for_each. Existing deployments
must perform state migration when upgrading: 1. terragrunt state rm
'aws_security_group_rule.cidr_ingress[0]' 2. terragrunt import
'aws_vpc_security_group_ingress_rule.cidr_ingress["<cidr>"]' <sgr-id>
for each CIDR

### Bug Fixes

* aurora postgres compatibility and sql server variable defaults
([#311](#311))
([aca6e07](aca6e07))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: kloia-tfmodules-releaser[bot] <169448830+kloia-tfmodules-releaser[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@omerurhan omerurhan omerurhan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nidahn @omerurhan