Feature/upgrades (#10)

* Add point in time recovery support

* Add full set of examples

* re-add data sources

Author: marcincuber

.pre-commit-config.yaml

@@ -18,7 +18,7 @@ repos:
     args: ['--allow-missing-credentials']
   - id: trailing-whitespace
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.44.0
+  rev: v1.45.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs

.tflint.hcl

@@ -1,5 +1,5 @@
 # terraform-aws-rds-aurora
-Terraform module which creates AWS RDS Aurora resources. This module was created to work with Secrets Manager.
+Terraform module which creates AWS RDS Aurora resources. It supports MySQL, Postgres, Serverless and Global clusters.
 
 ## Terraform versions
 
@@ -68,6 +68,8 @@ Module is to be used with Terraform > 0.12.
 
 * [Aurora MySQL](https://github.com/umotif-public/terraform-aws-rds-aurora/tree/master/examples/aurora-mysql)
 * [Global Aurora MySQL](https://github.com/umotif-public/terraform-aws-rds-aurora/tree/master/examples/global-aurora-mysql)
+* [Aurora Serverless](https://github.com/umotif-public/terraform-aws-rds-aurora/tree/master/examples/serverless)
+* [Aurora Postgres](https://github.com/umotif-public/terraform-aws-rds-aurora/tree/master/examples/aurora-postgres)
 
 ## Authors
 
@@ -89,14 +91,14 @@ In order to activate global cluster, set `enable_global_cluster = true` when usi
 | Name | Version |
 |------|---------|
 | terraform | >= 0.12.6 |
-| aws | >= 3.8 |
+| aws | >= 3.15 |
 | random | >= 2.3 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.8 |
+| aws | >= 3.15 |
 | random | >= 2.3 |
 
 ## Inputs
@@ -125,7 +127,7 @@ In order to activate global cluster, set `enable_global_cluster = true` when usi
 | deletion\_protection | If the DB instance should have deletion protection enabled | `bool` | `false` | no |
 | enable\_global\_cluster | Set this variable to `true` if DB Cluster is going to be part of a Global Cluster. | `bool` | `false` | no |
 | enable\_http\_endpoint | Whether or not to enable the Data API for a serverless Aurora database engine. | `bool` | `false` | no |
-| enabled\_cloudwatch\_logs\_exports | List of object which define log types to export to cloudwatch. See in examples. | `list` | `[]` | no |
+| enabled\_cloudwatch\_logs\_exports | List of object which define log types to export to AWS Cloudwatch. See in examples. | `list` | `[]` | no |
 | engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | `string` | `"aurora"` | no |
 | engine\_mode | The database engine mode. Valid values: global, parallelquery, provisioned, serverless. | `string` | `"provisioned"` | no |
 | engine\_parameter\_family | The database engine paramater group family | `string` | `"aurora-mysql5.7"` | no |
@@ -160,6 +162,7 @@ In order to activate global cluster, set `enable_global_cluster = true` when usi
 | replica\_scale\_min | Minimum number of replicas to allow scaling for | `number` | `2` | no |
 | replica\_scale\_out\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | `number` | `300` | no |
 | replication\_source\_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. | `string` | `""` | no |
+| restore\_to\_point\_in\_time | Restore to point in time configuration. See docs for arguments https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#restore_to_point_in_time-argument-reference | `map(string)` | `{}` | no |
 | scaling\_configuration | Map of nested attributes with scaling properties. Only valid when engine\_mode is set to `serverless` | `map(string)` | `{}` | no |
 | security\_group\_description | The description of the security group. If value is set to empty string it will contain cluster name in the description. | `string` | `""` | no |
 | skip\_final\_snapshot | Should a final snapshot be created on cluster destroy | `bool` | `false` | no |

README.md

@@ -10,7 +10,7 @@ data "aws_region" "current" {}
 #####
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 2.63"
+  version = "~> 2.64"
 
   name = "simple-rds-aurora-vpc"
 

examples/aurora-mysql/main.tf

@@ -0,0 +1,60 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+#####
+# VPC and subnets
+#####
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2.64"
+
+  name = "simple-vpc-aurora-postgres"
+
+  cidr = "10.0.0.0/16"
+
+  azs            = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = false
+
+  tags = {
+    Environment = "test"
+  }
+}
+
+module "aurora-postgresql" {
+  source = "../.."
+
+  name_prefix = "example-aurora-postgresql"
+
+  engine                  = "aurora-postgresql"
+  engine_version          = "11.8"
+  engine_parameter_family = "aurora-postgresql11"
+
+  apply_immediately           = true
+  allow_major_version_upgrade = true
+  skip_final_snapshot         = true
+
+  iam_database_authentication_enabled = true
+
+  enabled_cloudwatch_logs_exports = [
+    {
+      name = "postgresql"
+    }
+  ]
+
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.public_subnets
+
+  replica_count = 1
+  instance_type = "db.t3.medium"
+
+  allowed_cidr_blocks = ["10.10.0.0/24", "10.20.0.0/24", "10.30.0.0/24"]
+
+  tags = {
+    Environment = "test"
+    Engine      = "aurora-postgresql"
+  }
+}

examples/aurora-postgres/main.tf

@@ -32,7 +32,7 @@ module "vpc_ireland" {
   }
 
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 2.63"
+  version = "~> 2.64"
 
   name = "simple-vpc"
 

examples/global-aurora-mysql/main.tf

@@ -0,0 +1,54 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+#####
+# VPC and subnets
+#####
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 2.64"
+
+  name = "simple-vpc-aurora-serverless"
+
+  cidr = "10.0.0.0/16"
+
+  azs            = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
+  public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+  enable_nat_gateway = false
+
+  tags = {
+    Environment = "test"
+  }
+}
+
+module "aurora-serverless" {
+  source = "../../"
+
+  name_prefix = "example-aurora-serverless"
+
+  engine                  = "aurora"
+  engine_mode             = "serverless"
+  engine_parameter_family = "aurora5.6"
+
+  replica_count = 0
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.public_subnets
+
+  instance_type       = "db.t3.medium"
+  apply_immediately   = true
+  skip_final_snapshot = true
+  storage_encrypted   = true
+
+  iam_database_authentication_enabled = false # can't be set to true yet
+
+  scaling_configuration = {
+    auto_pause               = true
+    max_capacity             = 256
+    min_capacity             = 2
+    seconds_until_auto_pause = 300
+    timeout_action           = "ForceApplyCapacityChange"
+  }
+}

examples/serverless/main.tf

@@ -105,7 +105,7 @@ resource "aws_rds_cluster" "main" {
   source_region        = var.source_region
   engine               = var.engine
   engine_mode          = var.engine_mode
-  engine_version       = var.engine_version
+  engine_version       = var.engine_mode == "serverless" ? null : var.engine_version
   enable_http_endpoint = var.enable_http_endpoint
 
   kms_key_id = var.kms_key_id
@@ -140,6 +140,17 @@ resource "aws_rds_cluster" "main" {
 
   enabled_cloudwatch_logs_exports = [for log in var.enabled_cloudwatch_logs_exports : log.name]
 
+  dynamic "restore_to_point_in_time" {
+    for_each = length(keys(var.restore_to_point_in_time)) == 0 ? [] : [var.restore_to_point_in_time]
+
+    content {
+      source_cluster_identifier  = lookup(restore_to_point_in_time.value, "source_cluster_identifier", null)
+      restore_type               = lookup(restore_to_point_in_time.value, "restore_type", null)
+      use_latest_restorable_time = lookup(restore_to_point_in_time.value, "use_latest_restorable_time", null)
+      restore_to_time            = lookup(restore_to_point_in_time.value, "restore_to_time", null)
+    }
+  }
+
   dynamic "scaling_configuration" {
     for_each = length(keys(var.scaling_configuration)) == 0 ? [] : [var.scaling_configuration]
 
@@ -158,7 +169,7 @@ resource "aws_rds_cluster" "main" {
   )
 
   lifecycle {
-    ignore_changes = [master_username, master_password]
+    ignore_changes = [master_username, master_password, snapshot_identifier]
   }
 
   depends_on = [aws_cloudwatch_log_group.audit_log_group]
@@ -177,7 +188,7 @@ resource "aws_rds_cluster" "global" {
   source_region        = var.source_region
   engine               = var.engine
   engine_mode          = var.engine_mode
-  engine_version       = var.engine_version
+  engine_version       = var.engine_mode == "serverless" ? null : var.engine_version
   enable_http_endpoint = var.enable_http_endpoint
 
   kms_key_id = var.kms_key_id
@@ -212,6 +223,17 @@ resource "aws_rds_cluster" "global" {
 
   enabled_cloudwatch_logs_exports = [for log in var.enabled_cloudwatch_logs_exports : log.name]
 
+  dynamic "restore_to_point_in_time" {
+    for_each = length(keys(var.restore_to_point_in_time)) == 0 ? [] : [var.restore_to_point_in_time]
+
+    content {
+      source_cluster_identifier  = lookup(restore_to_point_in_time.value, "source_cluster_identifier", null)
+      restore_type               = lookup(restore_to_point_in_time.value, "restore_type", null)
+      use_latest_restorable_time = lookup(restore_to_point_in_time.value, "use_latest_restorable_time", null)
+      restore_to_time            = lookup(restore_to_point_in_time.value, "restore_to_time", null)
+    }
+  }
+
   dynamic "scaling_configuration" {
     for_each = length(keys(var.scaling_configuration)) == 0 ? [] : [var.scaling_configuration]
 
@@ -230,7 +252,7 @@ resource "aws_rds_cluster" "global" {
   )
 
   lifecycle {
-    ignore_changes = [master_username, master_password, replication_source_identifier]
+    ignore_changes = [master_username, master_password, replication_source_identifier, snapshot_identifier]
   }
 
   depends_on = [aws_cloudwatch_log_group.audit_log_group]

main.tf

@@ -258,7 +258,7 @@ variable "iam_database_authentication_enabled" {
 }
 
 variable "enabled_cloudwatch_logs_exports" {
-  description = "List of object which define log types to export to cloudwatch. See in examples."
+  description = "List of object which define log types to export to AWS Cloudwatch. See in examples."
   type        = list
   default     = []
 }
@@ -404,3 +404,8 @@ variable "enable_global_cluster" {
   default     = false
 }
 
+variable "restore_to_point_in_time" {
+  description = "Restore to point in time configuration. See docs for arguments https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#restore_to_point_in_time-argument-reference"
+  type        = map(string)
+  default     = {}
+}

variables.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12.6"
 
   required_providers {
-    aws    = ">= 3.8"
+    aws    = ">= 3.15"
     random = ">= 2.3"
   }
 }