-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add enhanced monitoring #6
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Enhanced Monitoring example | ||
=========================== | ||
|
||
Configuration in this directory creates the additional resources required to use Enhanced Monitoring. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Remember that these examples should always be executed using just terraform init, plan, apply. Users should not be asked to update anything in the example to try them out. Please include "provider" section and "rest of params here as per complete example". There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Are there guidelines for examples? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, but there will be (probably during next week or two). |
||
|
||
Data sources are used to discover existing VPC resources (VPC, subnet and security group). | ||
|
||
Usage | ||
===== | ||
|
||
To run this example you need to execute: | ||
|
||
```bash | ||
$ terraform init | ||
$ terraform plan | ||
$ terraform apply | ||
``` | ||
|
||
Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
provider "aws" { | ||
region = "eu-west-1" | ||
} | ||
|
||
############################################################## | ||
# Data sources to get VPC, subnets and security group details | ||
############################################################## | ||
data "aws_vpc" "default" { | ||
default = true | ||
} | ||
|
||
data "aws_subnet_ids" "all" { | ||
vpc_id = "${data.aws_vpc.default.id}" | ||
} | ||
|
||
data "aws_security_group" "default" { | ||
vpc_id = "${data.aws_vpc.default.id}" | ||
name = "default" | ||
} | ||
|
||
################################################## | ||
# Create an IAM role to allow enhanced monitoring | ||
################################################## | ||
resource "aws_iam_role" "rds_enhanced_monitoring" { | ||
name = "rds-enhanced_monitoring-role" | ||
assume_role_policy = "${data.aws_iam_policy_document.rds_enhanced_monitoring.json}" | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" { | ||
role = "${aws_iam_role.rds_enhanced_monitoring.name}" | ||
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" | ||
} | ||
|
||
data "aws_iam_policy_document" "rds_enhanced_monitoring" { | ||
statement { | ||
actions = [ | ||
"sts:AssumeRole", | ||
] | ||
|
||
effect = "Allow" | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["monitoring.rds.amazonaws.com"] | ||
} | ||
} | ||
} | ||
|
||
##### | ||
# DB | ||
##### | ||
module "db" { | ||
source = "../../" | ||
|
||
identifier = "demodb" | ||
|
||
engine = "mysql" | ||
engine_version = "5.7.11" | ||
instance_class = "db.t2.large" | ||
allocated_storage = 5 | ||
storage_encrypted = false | ||
|
||
# kms_key_id = "arm:aws:kms:<region>:<accound id>:key/<kms key id>" | ||
|
||
name = "demodb" | ||
username = "user" | ||
password = "YourPwdShouldBeLongAndSecure!" | ||
port = "3306" | ||
vpc_security_group_ids = ["${data.aws_security_group.default.id}"] | ||
maintenance_window = "Mon:00:00-Mon:03:00" | ||
backup_window = "03:00-06:00" | ||
backup_retention_period = 0 // disable backups to create DB faster | ||
tags = { | ||
Owner = "user" | ||
Environment = "dev" | ||
} | ||
# DB subnet group | ||
subnet_ids = ["${data.aws_subnet_ids.all.ids}"] | ||
# DB parameter group | ||
family = "mysql5.7" | ||
monitoring_interval = "30" | ||
monitoring_role_arn = "${aws_iam_role.rds_enhanced_monitoring.arn}" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Write how the end result will have to look like -
monitoring_role_arn = "arn:aws:iam::123456789012:role/RDSEnhancedMonitoring"
and leave it to curious user to figure out how to get the value (maybe he will use data-source to find the one he has already make, maybe he will create resource himself, maybe he will hardcode it, maybe he passes it as variable, ...)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it worth putting in a link to the relevant AWS page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think so, a small note is usually a good idea. In general, I would love to hear from real users what do they miss.