Merge pull request terraform-aws-modules#8 from HarriLLC/example-para…

…meter-group

[HARRI-136673] Add example for parameter-group

README.md

@@ -243,12 +243,14 @@ No modules.
 |------|------|
 | [aws_appautoscaling_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
 | [aws_appautoscaling_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource |
+| [aws_db_parameter_group.instance_pg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
 | [aws_db_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
 | [aws_iam_role.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_rds_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster) | resource |
 | [aws_rds_cluster_endpoint.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_endpoint) | resource |
 | [aws_rds_cluster_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource |
+| [aws_rds_cluster_parameter_group.cluster_pg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
 | [aws_rds_cluster_role_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_role_association) | resource |
 | [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
@@ -271,6 +273,7 @@ No modules.
 | <a name="input_autoscaling_enabled"></a> [autoscaling\_enabled](#input\_autoscaling\_enabled) | Determines whether autoscaling of the cluster read replicas is enabled | `bool` | `false` | no |
 | <a name="input_autoscaling_max_capacity"></a> [autoscaling\_max\_capacity](#input\_autoscaling\_max\_capacity) | Maximum number of read replicas permitted when autoscaling is enabled | `number` | `2` | no |
 | <a name="input_autoscaling_min_capacity"></a> [autoscaling\_min\_capacity](#input\_autoscaling\_min\_capacity) | Minimum number of read replicas permitted when autoscaling is enabled | `number` | `0` | no |
+| <a name="input_autoscaling_policy_name"></a> [autoscaling\_policy\_name](#input\_autoscaling\_policy\_name) | Autoscaling policy name | `string` | `"target-metric"` | no |
 | <a name="input_autoscaling_scale_in_cooldown"></a> [autoscaling\_scale\_in\_cooldown](#input\_autoscaling\_scale\_in\_cooldown) | Cooldown in seconds before allowing further scaling operations after a scale in | `number` | `300` | no |
 | <a name="input_autoscaling_scale_out_cooldown"></a> [autoscaling\_scale\_out\_cooldown](#input\_autoscaling\_scale\_out\_cooldown) | Cooldown in seconds before allowing further scaling operations after a scale out | `number` | `300` | no |
 | <a name="input_autoscaling_target_connections"></a> [autoscaling\_target\_connections](#input\_autoscaling\_target\_connections) | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max\_connections | `number` | `700` | no |
@@ -322,6 +325,7 @@ No modules.
 | <a name="input_monitoring_interval"></a> [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disble. Default is `0` | `number` | `0` | no |
 | <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | `string` | `""` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name used across resources created | `string` | `""` | no |
+| <a name="input_parameter_group_settings"></a> [parameter\_group\_settings](#input\_parameter\_group\_settings) | Map holding all parameter group related settings. | <pre>object({<br>    pg_family               = optional(string)<br>    pg_description_cluster  = optional(string)<br>    parameters_cluster      = optional(map(map(string)))<br>    pg_description_instance = optional(string)<br>    parameters_instance     = optional(map(map(string)))<br>  })</pre> | `null` | no |
 | <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights is enabled or not | `bool` | `null` | no |
 | <a name="input_performance_insights_kms_key_id"></a> [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data | `string` | `null` | no |
 | <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | `number` | `null` | no |

examples/parameter_group/README.md

@@ -0,0 +1,73 @@
+# MySQL Example
+
+Configuration in this directory creates a MySQL Aurora cluster with parameter group.
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.63 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_random"></a> [random](#provider\_random) | >= 2.2 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aurora"></a> [aurora](#module\_aurora) | ../../ | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_additional_cluster_endpoints"></a> [additional\_cluster\_endpoints](#output\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
+| <a name="output_cluster_arn"></a> [cluster\_arn](#output\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
+| <a name="output_cluster_database_name"></a> [cluster\_database\_name](#output\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
+| <a name="output_cluster_endpoint"></a> [cluster\_endpoint](#output\_cluster\_endpoint) | Writer endpoint for the cluster |
+| <a name="output_cluster_engine_version_actual"></a> [cluster\_engine\_version\_actual](#output\_cluster\_engine\_version\_actual) | The running version of the cluster database |
+| <a name="output_cluster_hosted_zone_id"></a> [cluster\_hosted\_zone\_id](#output\_cluster\_hosted\_zone\_id) | The Route53 Hosted Zone ID of the endpoint |
+| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | The RDS Cluster Identifier |
+| <a name="output_cluster_instances"></a> [cluster\_instances](#output\_cluster\_instances) | A map of cluster instances and their attributes |
+| <a name="output_cluster_master_password"></a> [cluster\_master\_password](#output\_cluster\_master\_password) | The database master password |
+| <a name="output_cluster_master_username"></a> [cluster\_master\_username](#output\_cluster\_master\_username) | The database master username |
+| <a name="output_cluster_members"></a> [cluster\_members](#output\_cluster\_members) | List of RDS Instances that are a part of this cluster |
+| <a name="output_cluster_port"></a> [cluster\_port](#output\_cluster\_port) | The database port |
+| <a name="output_cluster_reader_endpoint"></a> [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | A read-only endpoint for the cluster, automatically load-balanced across replicas |
+| <a name="output_cluster_resource_id"></a> [cluster\_resource\_id](#output\_cluster\_resource\_id) | The RDS Cluster Resource ID |
+| <a name="output_cluster_role_associations"></a> [cluster\_role\_associations](#output\_cluster\_role\_associations) | A map of IAM roles associated with the cluster and their attributes |
+| <a name="output_db_subnet_group_name"></a> [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name |
+| <a name="output_enhanced_monitoring_iam_role_arn"></a> [enhanced\_monitoring\_iam\_role\_arn](#output\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
+| <a name="output_enhanced_monitoring_iam_role_name"></a> [enhanced\_monitoring\_iam\_role\_name](#output\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role |
+| <a name="output_enhanced_monitoring_iam_role_unique_id"></a> [enhanced\_monitoring\_iam\_role\_unique\_id](#output\_enhanced\_monitoring\_iam\_role\_unique\_id) | Stable and unique string identifying the enhanced monitoring role |
+| <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | The security group ID of the cluster |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/parameter_group/main.tf

@@ -0,0 +1,118 @@
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  name   = "example-${replace(basename(path.cwd), "_", "-")}"
+  region = "us-east-1"
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+resource "random_password" "master" {
+  length = 10
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 3.0"
+
+  name = local.name
+  cidr = "10.99.0.0/18"
+
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  azs              = ["${local.region}a", "${local.region}b", "${local.region}c"]
+  public_subnets   = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
+  private_subnets  = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
+  database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
+
+  tags = local.tags
+}
+
+################################################################################
+# RDS Aurora Module
+################################################################################
+
+module "aurora" {
+  source = "../../"
+  name   = local.name
+  instances = {
+    1 = {
+      identifier     = "mysql-static-1"
+      instance_class = "db.r5.xlarge"
+    }
+    2 = {
+      identifier     = "mysql-static-2"
+      instance_class = "db.r5.xlarge"
+    }
+  }
+  instances_use_identifier_prefix = false
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7"
+  instance_class                  = "db.r5.xlarge"
+  create_random_password          = false
+  master_password                 = random_password.master.result
+  db_parameter_group_name         = "db-pg-aurora2"
+  db_cluster_parameter_group_name = "db-aurora2-cluster-pg"
+  parameter_group_settings = {
+    pg_family = "aurora-mysql5.7"
+    parameters_cluster = {
+      "aurora_disable_hash_join"                              = { "1" = "immediate" }
+      "aurora_load_from_s3_role"                              = { "arn:aws:iam::095326208734:role/rds-aurora-logs-to-s3" = "immediate" }
+      "aurora_select_into_s3_role"                            = { "arn:aws:iam::095326208734:role/rds-aurora-logs-to-s3" = "immediate" }
+      "aws_default_lambda_role"                               = { "arn:aws:iam::095326208734:role/dev-rds-lambda" = "immediate" }
+      "aws_default_s3_role"                                   = { "arn:aws:iam::095326208734:role/rds-aurora-logs-to-s3" = "immediate" }
+      "binlog_checksum"                                       = { "NONE" = "immediate" }
+      "connect_timeout"                                       = { "120" = "immediate" }
+      "innodb_lock_wait_timeout"                              = { "300" = "immediate" }
+      "log_output"                                            = { "FILE" = "immediate" }
+      "max_allowed_packet"                                    = { "67108864" = "immediate" }
+      "server_audit_events"                                   = { "QUERY" = "immediate" }
+      "server_audit_excl_users"                               = { "rdsadmin" = "immediate" }
+      "server_audit_logging"                                  = { "1" = "immediate" }
+      "server_audit_logs_upload"                              = { "1" = "immediate" }
+      "aurora_parallel_query"                                 = { "OFF" = "pending-reboot" }
+      "binlog_format"                                         = { "ROW" = "pending-reboot" }
+      "log_bin_trust_function_creators"                       = { "1" = "immediate" }
+      "require_secure_transport"                              = { "ON" = "immediate" }
+      "tls_version"                                           = { "TLSv1.2" = "pending-reboot" }
+      "server_audit_events"                                   = { "CONNECT,QUERY" = "immediate" }
+      "performance_schema"                                    = { "1" = "pending-reboot" }
+      "performance_schema_consumer_events_statements_current" = { "1" = "pending-reboot" }
+      "performance_schema_consumer_events_statements_history" = { "1" = "pending-reboot" }
+    }
+    parameters_instance = {
+      "connect_timeout"                 = { "60" = "immediate" }
+      "general_log"                     = { "0" = "immediate" }
+      "innodb_lock_wait_timeout"        = { "300" = "immediate" }
+      "log_output"                      = { "FILE" = "immediate" }
+      "long_query_time"                 = { "5" = "immediate" }
+      "max_connections"                 = { "2000" = "immediate" }
+      "slow_query_log"                  = { "1" = "immediate" }
+      "log_bin_trust_function_creators" = { "1" = "immediate" }
+    }
+    pg_description_cluster  = "dev-rds-1-aurora2-cluster Aurora2 5.7 DB Cluster Parameter Group"
+    pg_description_instance = "dev-rds-1-aurora2 Aurora2 5.7 DB Parameter Group"
+  }
+  autoscaling_enabled             = "true"
+  autoscaling_policy_name         = "${local.name}-autoscaling"
+  autoscaling_target_cpu          = 75
+  autoscaling_max_capacity        = 15
+  autoscaling_min_capacity        = 0
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+  vpc_id                          = module.vpc.vpc_id
+  create_security_group           = true
+  db_subnet_group_name            = module.vpc.database_subnet_group_name
+  skip_final_snapshot             = true
+  copy_tags_to_snapshot           = true
+  create_db_subnet_group          = false
+  tags                            = local.tags
+}

examples/parameter_group/outputs.tf

@@ -0,0 +1,109 @@
+# aws_db_subnet_group
+output "db_subnet_group_name" {
+  description = "The db subnet group name"
+  value       = module.aurora.db_subnet_group_name
+}
+
+# aws_rds_cluster
+output "cluster_arn" {
+  description = "Amazon Resource Name (ARN) of cluster"
+  value       = module.aurora.cluster_arn
+}
+
+output "cluster_id" {
+  description = "The RDS Cluster Identifier"
+  value       = module.aurora.cluster_id
+}
+
+output "cluster_resource_id" {
+  description = "The RDS Cluster Resource ID"
+  value       = module.aurora.cluster_resource_id
+}
+
+output "cluster_members" {
+  description = "List of RDS Instances that are a part of this cluster"
+  value       = module.aurora.cluster_members
+}
+
+output "cluster_endpoint" {
+  description = "Writer endpoint for the cluster"
+  value       = module.aurora.cluster_endpoint
+}
+
+output "cluster_reader_endpoint" {
+  description = "A read-only endpoint for the cluster, automatically load-balanced across replicas"
+  value       = module.aurora.cluster_reader_endpoint
+}
+
+output "cluster_engine_version_actual" {
+  description = "The running version of the cluster database"
+  value       = module.aurora.cluster_engine_version_actual
+}
+
+# database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output
+output "cluster_database_name" {
+  description = "Name for an automatically created database on cluster creation"
+  value       = module.aurora.cluster_database_name
+}
+
+output "cluster_port" {
+  description = "The database port"
+  value       = module.aurora.cluster_port
+}
+
+output "cluster_master_password" {
+  description = "The database master password"
+  value       = module.aurora.cluster_master_password
+  sensitive   = true
+}
+
+output "cluster_master_username" {
+  description = "The database master username"
+  value       = module.aurora.cluster_master_username
+  sensitive   = true
+}
+
+output "cluster_hosted_zone_id" {
+  description = "The Route53 Hosted Zone ID of the endpoint"
+  value       = module.aurora.cluster_hosted_zone_id
+}
+
+# aws_rds_cluster_instances
+output "cluster_instances" {
+  description = "A map of cluster instances and their attributes"
+  value       = module.aurora.cluster_instances
+}
+
+# aws_rds_cluster_endpoint
+output "additional_cluster_endpoints" {
+  description = "A map of additional cluster endpoints and their attributes"
+  value       = module.aurora.additional_cluster_endpoints
+}
+
+# aws_rds_cluster_role_association
+output "cluster_role_associations" {
+  description = "A map of IAM roles associated with the cluster and their attributes"
+  value       = module.aurora.cluster_role_associations
+}
+
+# Enhanced monitoring role
+output "enhanced_monitoring_iam_role_name" {
+  description = "The name of the enhanced monitoring role"
+  value       = module.aurora.enhanced_monitoring_iam_role_name
+}
+
+output "enhanced_monitoring_iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role"
+  value       = module.aurora.enhanced_monitoring_iam_role_arn
+}
+
+output "enhanced_monitoring_iam_role_unique_id" {
+  description = "Stable and unique string identifying the enhanced monitoring role"
+  value       = module.aurora.enhanced_monitoring_iam_role_unique_id
+}
+
+# aws_security_group
+output "security_group_id" {
+  description = "The security group ID of the cluster"
+  value       = module.aurora.security_group_id
+}

examples/parameter_group/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.63"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.2"
+    }
+  }
+}

main.tf

@@ -365,7 +365,7 @@ resource "aws_rds_cluster_parameter_group" "cluster_pg" {
   family      = var.parameter_group_settings["pg_family"]
 
   dynamic "parameter" {
-    for_each = coalesce(var.parameter_group_settings["parameters_cluster"],{})
+    for_each = coalesce(var.parameter_group_settings["parameters_cluster"], {})
     content {
       name         = parameter.key
       value        = keys(parameter.value)[0]
@@ -382,7 +382,7 @@ resource "aws_db_parameter_group" "instance_pg" {
   family      = var.parameter_group_settings["pg_family"]
 
   dynamic "parameter" {
-    for_each = coalesce(var.parameter_group_settings["parameters_instance"],{})
+    for_each = coalesce(var.parameter_group_settings["parameters_instance"], {})
     content {
       name         = parameter.key
       value        = keys(parameter.value)[0]