diff --git a/README.md b/README.md index 59171e6e..0133cfba 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,8 @@ module "db" { password = "YourPwdShouldBeLongAndSecure!" port = "3306" + iam_database_authentication_enabled = true + vpc_security_group_ids = ["sg-12345678"] maintenance_window = "Mon:00:00-Mon:03:00" @@ -42,7 +44,7 @@ module "db" { # Enhanced Monitoring - see example for details on how to create the role monitoring_interval = "30" monitoring_role_arn = "arn:aws:iam::123456789012:role/rds-monitoring-role" - + tags = { Owner = "user" Environment = "dev" @@ -75,23 +77,19 @@ Examples * [Complete RDS example for MySQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/mysql) * [Complete RDS example for PostgreSQL](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/postgres) +* [Complete RDS example for Oracle](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/complete/oracle) * [Enhanced monitoring example](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/examples/enhanced_monitoring) -Limitations ------------ - -* [module db_parameter_group](https://github.com/terraform-aws-modules/terraform-aws-rds/tree/master/modules/db_parameter_group) does not implement setting of parameters - Notes ----- -1. This module does not create RDS security group. Use [terraform-aws-sg](https://github.com/terraform-aws-modules/terraform-aws-sg) module for this. +1. This module does not create RDS security group. Use [terraform-aws-security-group](https://github.com/terraform-aws-modules/terraform-aws-security-group) module for this. Authors ------- -Migrated from `terraform-community-modules/tf_aws_rds`, where it was maintained by [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_rds/graphs/contributors). Currently maintained by [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-rds/graphs/contributors). +Migrated from `terraform-community-modules/tf_aws_rds`, where it was maintained by [these awesome contributors](https://github.com/terraform-community-modules/tf_aws_rds/graphs/contributors). Module managed by [Anton Babenko](https://github.com/antonbabenko). License diff --git a/examples/complete/mysql/main.tf b/examples/complete/mysql/main.tf index c51fae09..943a6130 100644 --- a/examples/complete/mysql/main.tf +++ b/examples/complete/mysql/main.tf @@ -33,21 +33,27 @@ module "db" { storage_encrypted = false # kms_key_id = "arm:aws:kms:::key/" + name = "demodb" + username = "user" + password = "YourPwdShouldBeLongAndSecure!" + port = "3306" + + vpc_security_group_ids = ["${data.aws_security_group.default.id}"] + + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + + # disable backups to create DB faster + backup_retention_period = 0 - name = "demodb" - username = "user" - password = "YourPwdShouldBeLongAndSecure!" - port = "3306" - vpc_security_group_ids = ["${data.aws_security_group.default.id}"] - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - backup_retention_period = 0 // disable backups to create DB faster tags = { Owner = "user" Environment = "dev" } + # DB subnet group subnet_ids = ["${data.aws_subnet_ids.all.ids}"] + # DB parameter group family = "mysql5.7" diff --git a/examples/complete/oracle/README.md b/examples/complete/oracle/README.md new file mode 100644 index 00000000..240166fe --- /dev/null +++ b/examples/complete/oracle/README.md @@ -0,0 +1,19 @@ +Complete RDS example for Oracle +=============================== + +Configuration in this directory creates set of RDS resources including DB instance, DB subnet group and DB parameter group. + +Data sources are used to discover existing VPC resources (VPC, subnet and security group). + +Usage +===== + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. diff --git a/examples/complete/oracle/main.tf b/examples/complete/oracle/main.tf new file mode 100644 index 00000000..e9cf8182 --- /dev/null +++ b/examples/complete/oracle/main.tf @@ -0,0 +1,63 @@ +provider "aws" { + region = "eu-west-1" +} + +############################################################## +# Data sources to get VPC, subnets and security group details +############################################################## +data "aws_vpc" "default" { + default = true +} + +data "aws_subnet_ids" "all" { + vpc_id = "${data.aws_vpc.default.id}" +} + +data "aws_security_group" "default" { + vpc_id = "${data.aws_vpc.default.id}" + name = "default" +} + +##### +# DB +##### +module "db" { + source = "../../../" + + identifier = "demodb" + + engine = "oracle-ee" + engine_version = "12.1.0.2.v8" + instance_class = "db.t2.large" + allocated_storage = 10 + storage_encrypted = false + license_model = "bring-your-own-license" + + # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time + name = "DEMODB" + username = "something_like_user" + password = "YourPwdShouldBeLongAndSecure!" + port = "1521" + iam_database_authentication_enabled = false + + vpc_security_group_ids = ["${data.aws_security_group.default.id}"] + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + + # disable backups to create DB faster + backup_retention_period = 0 + + tags = { + Owner = "user" + Environment = "dev" + } + + # DB subnet group + subnet_ids = ["${data.aws_subnet_ids.all.ids}"] + + # DB parameter group + family = "oracle-ee-12.1" + + # Snapshot name upon DB deletion + final_snapshot_identifier = "demodb" +} diff --git a/examples/complete/oracle/outputs.tf b/examples/complete/oracle/outputs.tf new file mode 100644 index 00000000..f5c4a719 --- /dev/null +++ b/examples/complete/oracle/outputs.tf @@ -0,0 +1,82 @@ +# DB instance +output "this_db_instance_address" { + description = "The address of the RDS instance" + value = "${module.db.this_db_instance_address}" +} + +output "this_db_instance_arn" { + description = "The ARN of the RDS instance" + value = "${module.db.this_db_instance_arn}" +} + +output "this_db_instance_availability_zone" { + description = "The availability zone of the RDS instance" + value = "${module.db.this_db_instance_availability_zone}" +} + +output "this_db_instance_endpoint" { + description = "The connection endpoint" + value = "${module.db.this_db_instance_endpoint}" +} + +output "this_db_instance_hosted_zone_id" { + description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" + value = "${module.db.this_db_instance_hosted_zone_id}" +} + +output "this_db_instance_id" { + description = "The RDS instance ID" + value = "${module.db.this_db_instance_id}" +} + +output "this_db_instance_resource_id" { + description = "The RDS Resource ID of this instance" + value = "${module.db.this_db_instance_resource_id}" +} + +output "this_db_instance_status" { + description = "The RDS instance status" + value = "${module.db.this_db_instance_status}" +} + +output "this_db_instance_name" { + description = "The database name" + value = "${module.db.this_db_instance_name}" +} + +output "this_db_instance_username" { + description = "The master username for the database" + value = "${module.db.this_db_instance_username}" +} + +output "this_db_instance_password" { + description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" + value = "${module.db.this_db_instance_password}" +} + +output "this_db_instance_port" { + description = "The database port" + value = "${module.db.this_db_instance_port}" +} + +# DB subnet group +output "this_db_subnet_group_id" { + description = "The db subnet group name" + value = "${module.db.this_db_subnet_group_id}" +} + +output "this_db_subnet_group_arn" { + description = "The ARN of the db subnet group" + value = "${module.db.this_db_subnet_group_arn}" +} + +# DB parameter group +output "this_db_parameter_group_id" { + description = "The db parameter group id" + value = "${module.db.this_db_parameter_group_id}" +} + +output "this_db_parameter_group_arn" { + description = "The ARN of the db parameter group" + value = "${module.db.this_db_parameter_group_arn}" +} diff --git a/examples/complete/postgres/main.tf b/examples/complete/postgres/main.tf index 49101baa..7261f0da 100644 --- a/examples/complete/postgres/main.tf +++ b/examples/complete/postgres/main.tf @@ -31,21 +31,25 @@ module "db" { instance_class = "db.t2.large" allocated_storage = 5 storage_encrypted = false + # kms_key_id = "arm:aws:kms:::key/" + name = "demodb" - name = "demodb" # NOTE: Do NOT use 'user' as the value for 'username' as it throws: # "Error creating DB Instance: InvalidParameterValue: MasterUsername # user cannot be used as it is a reserved word used by the engine" username = "demouser" + password = "YourPwdShouldBeLongAndSecure!" port = "5432" vpc_security_group_ids = ["${data.aws_security_group.default.id}"] - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - backup_retention_period = 0 // disable backups to create DB faster + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + + # disable backups to create DB faster + backup_retention_period = 0 tags = { Owner = "user" diff --git a/main.tf b/main.tf index dac79fc5..1f53d008 100644 --- a/main.tf +++ b/main.tf @@ -41,11 +41,13 @@ module "db_instance" { storage_type = "${var.storage_type}" storage_encrypted = "${var.storage_encrypted}" kms_key_id = "${var.kms_key_id}" + license_model = "${var.license_model}" - name = "${var.name}" - username = "${var.username}" - password = "${var.password}" - port = "${var.port}" + name = "${var.name}" + username = "${var.username}" + password = "${var.password}" + port = "${var.port}" + iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" vpc_security_group_ids = ["${var.vpc_security_group_ids}"] db_subnet_group_name = "${module.db_subnet_group.this_db_subnet_group_id}" diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf index 2fef0d4a..ee7382f1 100644 --- a/modules/db_instance/main.tf +++ b/modules/db_instance/main.tf @@ -11,11 +11,13 @@ resource "aws_db_instance" "this" { storage_type = "${var.storage_type}" storage_encrypted = "${var.storage_encrypted}" kms_key_id = "${var.kms_key_id}" + license_model = "${var.license_model}" - name = "${var.name}" - username = "${var.username}" - password = "${var.password}" - port = "${var.port}" + name = "${var.name}" + username = "${var.username}" + password = "${var.password}" + port = "${var.port}" + iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" vpc_security_group_ids = ["${var.vpc_security_group_ids}"] db_subnet_group_name = "${var.db_subnet_group_name}" diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf index 10a87216..37394fe7 100644 --- a/modules/db_instance/variables.tf +++ b/modules/db_instance/variables.tf @@ -21,6 +21,16 @@ variable "kms_key_id" { default = "" } +variable "license_model" { + description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1" + default = "" +} + +variable "iam_database_authentication_enabled" { + description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" + default = false +} + variable "engine" { description = "The database engine to use" } diff --git a/variables.tf b/variables.tf index c3616066..4cc37276 100644 --- a/variables.tf +++ b/variables.tf @@ -21,6 +21,16 @@ variable "kms_key_id" { default = "" } +variable "license_model" { + description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1" + default = "" +} + +variable "iam_database_authentication_enabled" { + description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" + default = false +} + variable "engine" { description = "The database engine to use" }