Merge pull request #16 from terraform-aws-modules/oracle_and_iam

Added iam_database_authentication_enabled and license_model model
terraform-aws-modules · Oct 18, 2017 · 3a040d9 · 3a040d9
2 parents 6e87ec5 + 42f535e
commit 3a040d9
Show file tree

Hide file tree

Showing 10 changed files with 224 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -34,6 +34,8 @@ module "db" {
   password = "YourPwdShouldBeLongAndSecure!"
   port     = "3306"
 
+  iam_database_authentication_enabled = true
+
   vpc_security_group_ids = ["sg-12345678"]
 
   maintenance_window = "Mon:00:00-Mon:03:00"
@@ -42,7 +44,7 @@ module "db" {
   # Enhanced Monitoring - see example for details on how to create the role
   monitoring_interval = "30"
   monitoring_role_arn = "arn:aws:iam::123456789012:role/rds-monitoring-role"
-  
+
   tags = {
     Owner       = "user"
     Environment = "dev"
@@ -75,23 +77,19 @@ Examples
 
 * [Complete RDS example for MySQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/mysql)
 * [Complete RDS example for PostgreSQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/postgres)
+* [Complete RDS example for Oracle](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/oracle)
 * [Enhanced monitoring example](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/enhanced_monitoring)
 
-Limitations
------------
-
-* [module db_parameter_group](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/modules/db_parameter_group) does not implement setting of parameters
-
 Notes
 -----
 
-1. This module does not create RDS security group. Use [terraform-aws-sg](https://github.com/terraform-aws-modules/terraform-aws-sg) module for this.
+1. This module does not create RDS security group. Use [terraform-aws-security-group](https://github.com/terraform-aws-modules/terraform-aws-security-group) module for this.
 
 Authors
 -------
 
-Migrated from `terraform-community-modules/tf_aws_rds`, where it was maintained by [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_rds/graphs/contributors).
 Currently maintained by [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-rds/graphs/contributors).
+Migrated from `terraform-community-modules/tf_aws_rds`, where it was maintained by [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_rds/graphs/contributors).
 Module managed by [Anton Babenko](https://github.com/antonbabenko).
 
 License

diff --git a/examples/complete/mysql/main.tf b/examples/complete/mysql/main.tf
@@ -33,21 +33,27 @@ module "db" {
   storage_encrypted = false
 
   # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
+  name     = "demodb"
+  username = "user"
+  password = "YourPwdShouldBeLongAndSecure!"
+  port     = "3306"
+
+  vpc_security_group_ids = ["${data.aws_security_group.default.id}"]
+
+  maintenance_window = "Mon:00:00-Mon:03:00"
+  backup_window      = "03:00-06:00"
+
+  # disable backups to create DB faster
+  backup_retention_period = 0
 
-  name                    = "demodb"
-  username                = "user"
-  password                = "YourPwdShouldBeLongAndSecure!"
-  port                    = "3306"
-  vpc_security_group_ids  = ["${data.aws_security_group.default.id}"]
-  maintenance_window      = "Mon:00:00-Mon:03:00"
-  backup_window           = "03:00-06:00"
-  backup_retention_period = 0                                         // disable backups to create DB faster
   tags = {
     Owner       = "user"
     Environment = "dev"
   }
+
   # DB subnet group
   subnet_ids = ["${data.aws_subnet_ids.all.ids}"]
+
   # DB parameter group
   family = "mysql5.7"
 

diff --git a/examples/complete/oracle/README.md b/examples/complete/oracle/README.md
@@ -0,0 +1,19 @@
+Complete RDS example for Oracle
+===============================
+
+Configuration in this directory creates set of RDS resources including DB instance, DB subnet group and DB parameter group.
+
+Data sources are used to discover existing VPC resources (VPC, subnet and security group).
+
+Usage
+=====
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
diff --git a/examples/complete/oracle/main.tf b/examples/complete/oracle/main.tf
@@ -0,0 +1,63 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+
+##############################################################
+# Data sources to get VPC, subnets and security group details
+##############################################################
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnet_ids" "all" {
+  vpc_id = "${data.aws_vpc.default.id}"
+}
+
+data "aws_security_group" "default" {
+  vpc_id = "${data.aws_vpc.default.id}"
+  name   = "default"
+}
+
+#####
+# DB
+#####
+module "db" {
+  source = "../../../"
+
+  identifier = "demodb"
+
+  engine            = "oracle-ee"
+  engine_version    = "12.1.0.2.v8"
+  instance_class    = "db.t2.large"
+  allocated_storage = 10
+  storage_encrypted = false
+  license_model     = "bring-your-own-license"
+
+  # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
+  name                                = "DEMODB"
+  username                            = "something_like_user"
+  password                            = "YourPwdShouldBeLongAndSecure!"
+  port                                = "1521"
+  iam_database_authentication_enabled = false
+
+  vpc_security_group_ids = ["${data.aws_security_group.default.id}"]
+  maintenance_window     = "Mon:00:00-Mon:03:00"
+  backup_window          = "03:00-06:00"
+
+  # disable backups to create DB faster
+  backup_retention_period = 0
+
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+
+  # DB subnet group
+  subnet_ids = ["${data.aws_subnet_ids.all.ids}"]
+
+  # DB parameter group
+  family = "oracle-ee-12.1"
+
+  # Snapshot name upon DB deletion
+  final_snapshot_identifier = "demodb"
+}
diff --git a/examples/complete/oracle/outputs.tf b/examples/complete/oracle/outputs.tf
@@ -0,0 +1,82 @@
+# DB instance
+output "this_db_instance_address" {
+  description = "The address of the RDS instance"
+  value       = "${module.db.this_db_instance_address}"
+}
+
+output "this_db_instance_arn" {
+  description = "The ARN of the RDS instance"
+  value       = "${module.db.this_db_instance_arn}"
+}
+
+output "this_db_instance_availability_zone" {
+  description = "The availability zone of the RDS instance"
+  value       = "${module.db.this_db_instance_availability_zone}"
+}
+
+output "this_db_instance_endpoint" {
+  description = "The connection endpoint"
+  value       = "${module.db.this_db_instance_endpoint}"
+}
+
+output "this_db_instance_hosted_zone_id" {
+  description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)"
+  value       = "${module.db.this_db_instance_hosted_zone_id}"
+}
+
+output "this_db_instance_id" {
+  description = "The RDS instance ID"
+  value       = "${module.db.this_db_instance_id}"
+}
+
+output "this_db_instance_resource_id" {
+  description = "The RDS Resource ID of this instance"
+  value       = "${module.db.this_db_instance_resource_id}"
+}
+
+output "this_db_instance_status" {
+  description = "The RDS instance status"
+  value       = "${module.db.this_db_instance_status}"
+}
+
+output "this_db_instance_name" {
+  description = "The database name"
+  value       = "${module.db.this_db_instance_name}"
+}
+
+output "this_db_instance_username" {
+  description = "The master username for the database"
+  value       = "${module.db.this_db_instance_username}"
+}
+
+output "this_db_instance_password" {
+  description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
+  value       = "${module.db.this_db_instance_password}"
+}
+
+output "this_db_instance_port" {
+  description = "The database port"
+  value       = "${module.db.this_db_instance_port}"
+}
+
+# DB subnet group
+output "this_db_subnet_group_id" {
+  description = "The db subnet group name"
+  value       = "${module.db.this_db_subnet_group_id}"
+}
+
+output "this_db_subnet_group_arn" {
+  description = "The ARN of the db subnet group"
+  value       = "${module.db.this_db_subnet_group_arn}"
+}
+
+# DB parameter group
+output "this_db_parameter_group_id" {
+  description = "The db parameter group id"
+  value       = "${module.db.this_db_parameter_group_id}"
+}
+
+output "this_db_parameter_group_arn" {
+  description = "The ARN of the db parameter group"
+  value       = "${module.db.this_db_parameter_group_arn}"
+}
diff --git a/examples/complete/postgres/main.tf b/examples/complete/postgres/main.tf
@@ -31,21 +31,25 @@ module "db" {
   instance_class    = "db.t2.large"
   allocated_storage = 5
   storage_encrypted = false
+
   # kms_key_id        = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
+  name = "demodb"
 
-  name     = "demodb"
   # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
   # "Error creating DB Instance: InvalidParameterValue: MasterUsername
   # user cannot be used as it is a reserved word used by the engine"
   username = "demouser"
+
   password = "YourPwdShouldBeLongAndSecure!"
   port     = "5432"
 
   vpc_security_group_ids = ["${data.aws_security_group.default.id}"]
 
-  maintenance_window      = "Mon:00:00-Mon:03:00"
-  backup_window           = "03:00-06:00"
-  backup_retention_period = 0                     // disable backups to create DB faster
+  maintenance_window = "Mon:00:00-Mon:03:00"
+  backup_window      = "03:00-06:00"
+
+  # disable backups to create DB faster
+  backup_retention_period = 0
 
   tags = {
     Owner       = "user"

diff --git a/main.tf b/main.tf
@@ -41,11 +41,13 @@ module "db_instance" {
   storage_type      = "${var.storage_type}"
   storage_encrypted = "${var.storage_encrypted}"
   kms_key_id        = "${var.kms_key_id}"
+  license_model     = "${var.license_model}"
 
-  name     = "${var.name}"
-  username = "${var.username}"
-  password = "${var.password}"
-  port     = "${var.port}"
+  name                                = "${var.name}"
+  username                            = "${var.username}"
+  password                            = "${var.password}"
+  port                                = "${var.port}"
+  iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}"
 
   vpc_security_group_ids = ["${var.vpc_security_group_ids}"]
   db_subnet_group_name   = "${module.db_subnet_group.this_db_subnet_group_id}"

diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf
@@ -11,11 +11,13 @@ resource "aws_db_instance" "this" {
   storage_type      = "${var.storage_type}"
   storage_encrypted = "${var.storage_encrypted}"
   kms_key_id        = "${var.kms_key_id}"
+  license_model     = "${var.license_model}"
 
-  name     = "${var.name}"
-  username = "${var.username}"
-  password = "${var.password}"
-  port     = "${var.port}"
+  name                                = "${var.name}"
+  username                            = "${var.username}"
+  password                            = "${var.password}"
+  port                                = "${var.port}"
+  iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}"
 
   vpc_security_group_ids = ["${var.vpc_security_group_ids}"]
   db_subnet_group_name   = "${var.db_subnet_group_name}"

diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf
@@ -21,6 +21,16 @@ variable "kms_key_id" {
   default     = ""
 }
 
+variable "license_model" {
+  description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1"
+  default     = ""
+}
+
+variable "iam_database_authentication_enabled" {
+  description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled"
+  default     = false
+}
+
 variable "engine" {
   description = "The database engine to use"
 }

diff --git a/variables.tf b/variables.tf
@@ -21,6 +21,16 @@ variable "kms_key_id" {
   default     = ""
 }
 
+variable "license_model" {
+  description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1"
+  default     = ""
+}
+
+variable "iam_database_authentication_enabled" {
+  description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled"
+  default     = false
+}
+
 variable "engine" {
   description = "The database engine to use"
 }