Auto Format

README.md

@@ -220,7 +220,6 @@ Available targets:
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 
 ## Providers
 
@@ -241,6 +240,7 @@ Available targets:
 | Name | Type |
 |------|------|
 | [aws_db_instance.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
+| [aws_db_instance_role_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance_role_association) | resource |
 | [aws_db_option_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | resource |
 | [aws_db_parameter_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
 | [aws_db_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
@@ -313,6 +313,7 @@ Available targets:
 | <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_replicate_source_db"></a> [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no |
+| <a name="input_role_associations"></a> [role\_associations](#input\_role\_associations) | Map of Role Associations for the DB Instance.<br><br>The key is the name of the feature for association, and value is the IAM Role ARN to associate with the feature.<br><br>For example:<pre>hcl<br>{<br>  S3_INTEGRATION = "arn:aws:iam::123456789012:role/rds-s3-import-role"<br>}</pre> | `map(string)` | `{}` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no |
@@ -336,6 +337,7 @@ Available targets:
 | <a name="output_option_group_id"></a> [option\_group\_id](#output\_option\_group\_id) | ID of the Option Group |
 | <a name="output_parameter_group_id"></a> [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the Parameter Group |
 | <a name="output_resource_id"></a> [resource\_id](#output\_resource\_id) | The RDS Resource ID of this instance. |
+| <a name="output_role_associations"></a> [role\_associations](#output\_role\_associations) | Map of RDS Role Associations for the DB instance. |
 | <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | ID of the Security Group |
 | <a name="output_subnet_group_id"></a> [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the created Subnet Group |
 <!-- markdownlint-restore -->

docs/terraform.md

@@ -5,7 +5,6 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 
 ## Providers
 
@@ -26,6 +25,7 @@
 | Name | Type |
 |------|------|
 | [aws_db_instance.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
+| [aws_db_instance_role_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance_role_association) | resource |
 | [aws_db_option_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_option_group) | resource |
 | [aws_db_parameter_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
 | [aws_db_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
@@ -98,6 +98,7 @@
 | <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `bool` | `false` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_replicate_source_db"></a> [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the `identifier` of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a `kms_key_id`. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `string` | `null` | no |
+| <a name="input_role_associations"></a> [role\_associations](#input\_role\_associations) | Map of Role Associations for the DB Instance.<br><br>The key is the name of the feature for association, and value is the IAM Role ARN to associate with the feature.<br><br>For example:<pre>hcl<br>{<br>  S3_INTEGRATION = "arn:aws:iam::123456789012:role/rds-s3-import-role"<br>}</pre> | `map(string)` | `{}` | no |
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `bool` | `true` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2019-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `null` | no |
@@ -121,6 +122,7 @@
 | <a name="output_option_group_id"></a> [option\_group\_id](#output\_option\_group\_id) | ID of the Option Group |
 | <a name="output_parameter_group_id"></a> [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the Parameter Group |
 | <a name="output_resource_id"></a> [resource\_id](#output\_resource\_id) | The RDS Resource ID of this instance. |
+| <a name="output_role_associations"></a> [role\_associations](#output\_role\_associations) | Map of RDS Role Associations for the DB instance. |
 | <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | ID of the Security Group |
 | <a name="output_subnet_group_id"></a> [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the created Subnet Group |
 <!-- markdownlint-restore -->

examples/complete/main.tf

@@ -80,7 +80,7 @@ locals {
   ]
   # Workaround for principal ARN in S3 Bucket policy not being known until apply
   s3_integration_bucket_arn = "arn:${join("", data.aws_partition.current.*.partition)}:s3:::${module.this.id}"
-  s3_integration_role_arn = "arn:${join("", data.aws_partition.current.*.partition)}:iam::${join("", data.aws_caller_identity.current.*.account_id)}:role/${module.this.id}"
+  s3_integration_role_arn   = "arn:${join("", data.aws_partition.current.*.partition)}:iam::${join("", data.aws_caller_identity.current.*.account_id)}:role/${module.this.id}"
 }
 
 data "aws_caller_identity" "current" {
@@ -103,22 +103,22 @@ data "aws_iam_policy_document" "bucket_policy" {
       local.s3_integration_bucket_arn,
       "${local.s3_integration_bucket_arn}/*"
     ]
-    effect    = "Allow"
+    effect = "Allow"
 
     principals {
       identifiers = [local.s3_integration_role_arn]
-      type = "AWS"
+      type        = "AWS"
     }
   }
 }
 
 module "s3_bucket" {
-  source = "cloudposse/s3-bucket/aws"
+  source  = "cloudposse/s3-bucket/aws"
   version = "0.44.1"
 
   enabled = local.s3_integration_enabled
 
-  acl = "private"
+  acl    = "private"
   policy = join("", data.aws_iam_policy_document.bucket_policy.*.json)
 
   context = module.this.context
@@ -136,7 +136,7 @@ data "aws_iam_policy_document" "role_policy" {
       local.s3_integration_bucket_arn,
       "${local.s3_integration_bucket_arn}/*"
     ]
-    effect    = "Allow"
+    effect = "Allow"
   }
 }
 

examples/complete/outputs.tf

@@ -51,6 +51,6 @@ output "vpc_cidr" {
 }
 
 output "role_associations" {
-  value = module.rds_instance.role_associations
+  value       = module.rds_instance.role_associations
   description = "Map of RDS Role Associations for the DB instance."
 }

examples/complete/variables.tf

@@ -112,5 +112,5 @@ variable "apply_immediately" {
 variable "s3_integration_enabled" {
   type        = bool
   description = "Whether to enable or disable the RDS integration test for S3_INTEGRATION."
-  default = false
+  default     = false
 }