Skip to content

Commit

Permalink
feat: Support name_prefix in iam_role.enhanced_monitoring (#418)
Browse files Browse the repository at this point in the history
  • Loading branch information
@magreenbaum
magreenbaum committed Jul 13, 2022
1 parent 3cd2c79 commit 644d255
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 11 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,7 @@ Users have the ability to:
| <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero | `string` | `null` | no |
| <a name="input_monitoring_role_description"></a> [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no |
| <a name="input_monitoring_role_name"></a> [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled | `string` | `"rds-monitoring-role"` | no |
| <a name="input_monitoring_role_use_name_prefix"></a> [monitoring\_role\_use\_name\_prefix](#input\_monitoring\_role\_use\_name\_prefix) | Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix | `bool` | `false` | no |
| <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
| <a name="input_option_group_description"></a> [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `null` | no |
| <a name="input_option_group_name"></a> [option\_group\_name](#input\_option\_group\_name) | Name of the option group | `string` | `null` | no |
Expand Down
1 change: 1 addition & 0 deletions examples/complete-postgres/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ module "db" {
create_monitoring_role = true
monitoring_interval = 60
monitoring_role_name = "example-monitoring-role-name"
monitoring_role_use_name_prefix = true
monitoring_role_description = "Description for monitoring role"

parameters = [
Expand Down
21 changes: 11 additions & 10 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,16 +115,17 @@ module "db_instance" {
performance_insights_retention_period = var.performance_insights_retention_period
performance_insights_kms_key_id = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null

replicate_source_db = var.replicate_source_db
replica_mode = var.replica_mode
backup_retention_period = var.backup_retention_period
backup_window = var.backup_window
max_allocated_storage = var.max_allocated_storage
monitoring_interval = var.monitoring_interval
monitoring_role_arn = var.monitoring_role_arn
monitoring_role_name = var.monitoring_role_name
monitoring_role_description = var.monitoring_role_description
create_monitoring_role = var.create_monitoring_role
replicate_source_db = var.replicate_source_db
replica_mode = var.replica_mode
backup_retention_period = var.backup_retention_period
backup_window = var.backup_window
max_allocated_storage = var.max_allocated_storage
monitoring_interval = var.monitoring_interval
monitoring_role_arn = var.monitoring_role_arn
monitoring_role_name = var.monitoring_role_name
monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix
monitoring_role_description = var.monitoring_role_description
create_monitoring_role = var.create_monitoring_role

character_set_name = var.character_set_name
timezone = var.timezone
Expand Down
1 change: 1 addition & 0 deletions modules/db_instance/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ No modules.
| <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero. | `string` | `null` | no |
| <a name="input_monitoring_role_description"></a> [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no |
| <a name="input_monitoring_role_name"></a> [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled. | `string` | `"rds-monitoring-role"` | no |
| <a name="input_monitoring_role_use_name_prefix"></a> [monitoring\_role\_use\_name\_prefix](#input\_monitoring\_role\_use\_name\_prefix) | Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix | `bool` | `false` | no |
| <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
| <a name="input_option_group_name"></a> [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate. | `string` | `null` | no |
| <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `null` | no |
Expand Down
6 changes: 5 additions & 1 deletion modules/db_instance/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ locals {
identifier = var.use_identifier_prefix ? null : var.identifier
identifier_prefix = var.use_identifier_prefix ? "${var.identifier}-" : null

monitoring_role_name = var.monitoring_role_use_name_prefix ? null : var.monitoring_role_name
monitoring_role_name_prefix = var.monitoring_role_use_name_prefix ? "${var.monitoring_role_name}-" : null

# Replicas will use source metadata
username = var.replicate_source_db != null ? null : var.username
password = var.replicate_source_db != null ? null : var.password
Expand Down Expand Up @@ -162,7 +165,8 @@ data "aws_iam_policy_document" "enhanced_monitoring" {
resource "aws_iam_role" "enhanced_monitoring" {
count = var.create_monitoring_role ? 1 : 0

name = var.monitoring_role_name
name = local.monitoring_role_name
name_prefix = local.monitoring_role_name_prefix
assume_role_policy = data.aws_iam_policy_document.enhanced_monitoring.json
description = var.monitoring_role_description

Expand Down
6 changes: 6 additions & 0 deletions modules/db_instance/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,12 @@ variable "monitoring_role_name" {
default = "rds-monitoring-role"
}

variable "monitoring_role_use_name_prefix" {
description = "Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix"
type = bool
default = false
}

variable "monitoring_role_description" {
description = "Description of the monitoring IAM role"
type = string
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,12 @@ variable "monitoring_role_name" {
default = "rds-monitoring-role"
}

variable "monitoring_role_use_name_prefix" {
description = "Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix"
type = bool
default = false
}

variable "monitoring_role_description" {
description = "Description of the monitoring IAM role"
type = string
Expand Down

0 comments on commit 644d255

Please sign in to comment.