feat: Add support for existing IAM role for enhanced monitoring

[atrepca]

Description

Add support for using an existing IAM role to send RDS enhanced monitoring metrics to CloudWatch Logs.

Background:

If the module is used for provisioning multiple clusters in the same account, it will create one monitoring role for each, which isn't really necessary as they're identical - attaching the same AWS managed policy - AmazonRDSEnhancedMonitoringRole.

Also, when enabling via the console, from the docs:

The first time that you enable Enhanced Monitoring in the console, you can select the Default option for the Monitoring Role property to have RDS create the required IAM role. RDS then automatically creates a role named rds-monitoring-role for you, and uses it for the specified DB instance or Read Replica.

Testing:

Added the below to an existing cluster:

data "aws_iam_role" "default_aws_rds_monitoring_role" {
  name = "rds-monitoring-role"
}

module "ods2" {
  source                 = "terraform-aws-modules/rds-aurora/aws"
  (...)
  create_monitoring_role = false
  monitoring_interval    = 60
  monitoring_role_arn    = data.aws_iam_role.default_aws_rds_monitoring_role.arn
}

Generated these changes:

      ~ monitoring_interval = 0 -> 60
      + monitoring_role_arn = "arn:aws:iam::<REMOVED>:role/rds-monitoring-role"

[atrepca]

@antonbabenko I rebased this using the latest master. Does this PR make sense?

Thanks,

[jecnua]

Sorry to comment on this PR but we need this in place for also another reason as explained in #93 . Running enhanced monitoring in AWS CHINA with this module is impossible because the role policy is hardcoded with a specific partition and the role is not injectable. This PR would be a good workaround while we wait for a partition implementation.

[atrepca]

Rebased this again, would you be able to give this an eye @antonbabenko? 🙏 and 🙇.

[DWSR]

We need this as well because we have restrictions on IAM roles in our org that this module doesn't satisfy. Being able to supply our own IAM role for things would be great.

[atrepca]

Rebased again, and updated commit title to pass semantic check.

[bryantbiggs]

@antonbabenko 👍

[antonbabenko]

Great!

v2.24.0 has been just released.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.