added new example for Snapshot

examples/rds-from-snapshot/README.md

@@ -0,0 +1,48 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3, < 2.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0, < 6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.100.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_rds"></a> [rds](#module\_rds) | ../../ | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_subnets.private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
+| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_environment"></a> [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `"poc"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `"arc"` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | `"us-east-1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | Instance or Cluster ARN |
+| <a name="output_endpoint"></a> [endpoint](#output\_endpoint) | Instance or Cluster Endpoint |
+| <a name="output_id"></a> [id](#output\_id) | Instance or Cluster ID |
+| <a name="output_identifier"></a> [identifier](#output\_identifier) | Instance or Cluster Identifier |
+| <a name="output_kms_key_id"></a> [kms\_key\_id](#output\_kms\_key\_id) | Instance or Cluster KMS Key ID |
+| <a name="output_monitoring_role_arn"></a> [monitoring\_role\_arn](#output\_monitoring\_role\_arn) | Instance or Cluster Monitoring Role ARN |
+| <a name="output_performance_insights_kms_key_id"></a> [performance\_insights\_kms\_key\_id](#output\_performance\_insights\_kms\_key\_id) | Instance or Cluster Performance Insights KMS Key ID |
+| <a name="output_port"></a> [port](#output\_port) | Database server port |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/rds-from-snapshot/data.tf

@@ -0,0 +1,23 @@
+################################################
+## imports
+################################################
+## vpc
+data "aws_vpc" "this" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.namespace}-poc-vpc"]
+  }
+}
+
+## network
+data "aws_subnets" "private" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.this.id]
+  }
+
+  filter {
+    name   = "tag:Name"
+    values = ["*public*"]
+  }
+}

examples/rds-from-snapshot/locals.tf

@@ -0,0 +1,26 @@
+locals {
+  rds_security_group_data = {
+    create      = true
+    description = "Security Group for RDS instance"
+
+    ingress_rules = [
+      {
+        description = "Allow traffic from local network"
+        cidr_block  = data.aws_vpc.this.cidr_block
+        from_port   = 5432
+        ip_protocol = "tcp"
+        to_port     = 5432
+      }
+    ]
+
+    egress_rules = [
+      {
+        description = "Allow all outbound traffic"
+        cidr_block  = "0.0.0.0/0"
+        from_port   = -1
+        ip_protocol = "-1"
+        to_port     = -1
+      }
+    ]
+  }
+}

examples/rds-from-snapshot/main.tf

@@ -0,0 +1,53 @@
+################################################################################
+## defaults
+################################################################################
+terraform {
+  required_version = "~> 1.3, < 2.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0, < 6.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+}
+
+module "rds" {
+  source = "../../"
+
+  environment = var.environment
+  namespace   = var.namespace
+  vpc_id      = data.aws_vpc.this.id
+
+  name            = "${var.namespace}-${var.environment}-test-01-from-snapshot"
+  engine_type     = "rds"
+  db_server_class = "db.t3.small"
+  port            = 5432
+
+  # Restore from snapshot
+  snapshot_identifier = "manual-snaphost-test01" ### get this using Data block
+
+  # Skip values that don’t apply when restoring from snapshot
+  engine               = null
+  engine_version       = null
+  username             = null
+  manage_user_password = false
+
+  license_model = "postgresql-license"
+
+  db_subnet_group_data = {
+    name        = "${var.namespace}-${var.environment}-subnet-group"
+    create      = true
+    description = "Subnet group for rds instance"
+    subnet_ids  = data.aws_subnets.private.ids
+  }
+
+  security_group_data          = local.rds_security_group_data
+  performance_insights_enabled = true
+  monitoring_interval          = 5
+
+}

examples/rds-from-snapshot/output.tf

@@ -0,0 +1,39 @@
+output "id" {
+  value       = module.rds.id
+  description = "Instance or Cluster ID"
+}
+
+output "identifier" {
+  value       = module.rds.identifier
+  description = "Instance or Cluster Identifier"
+}
+
+output "arn" {
+  value       = module.rds.arn
+  description = "Instance or Cluster ARN"
+}
+
+output "port" {
+  value       = module.rds.port
+  description = "Database server port"
+}
+
+output "endpoint" {
+  value       = module.rds.endpoint
+  description = "Instance or Cluster Endpoint"
+}
+
+output "kms_key_id" {
+  value       = module.rds.kms_key_id
+  description = "Instance or Cluster KMS Key ID"
+}
+
+output "performance_insights_kms_key_id" {
+  value       = module.rds.performance_insights_kms_key_id
+  description = "Instance or Cluster Performance Insights KMS Key ID"
+}
+
+output "monitoring_role_arn" {
+  value       = module.rds.monitoring_role_arn
+  description = "Instance or Cluster Monitoring Role ARN"
+}

examples/rds-from-snapshot/variables.tf

@@ -0,0 +1,20 @@
+################################################################################
+## shared
+################################################################################
+variable "region" {
+  type        = string
+  default     = "us-east-1"
+  description = "AWS region"
+}
+
+variable "environment" {
+  type        = string
+  default     = "poc"
+  description = "ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'"
+}
+
+variable "namespace" {
+  type        = string
+  default     = "arc"
+  description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
+}

examples/rds/data.tf

@@ -18,6 +18,6 @@ data "aws_subnets" "private" {
 
   filter {
     name   = "tag:Name"
-    values = ["*private*"]
+    values = ["*public*"]
   }
-}
+}

examples/rds/main.tf

@@ -50,7 +50,7 @@ module "rds" {
   namespace   = var.namespace
   vpc_id      = data.aws_vpc.this.id
 
-  name                 = "${var.namespace}-${var.environment}-test"
+  name                 = "${var.namespace}-${var.environment}-test-01"
   engine_type          = "rds"
   db_server_class      = "db.t3.small"
   port                 = 5432
@@ -77,4 +77,10 @@ module "rds" {
     deletion_window_in_days = 7
     enable_key_rotation     = true
   }
+
+  #   kms_data = {
+  #   create      = false
+  #   kms_key_id  = data.aws_kms_key.by_alias.arn
+  # }
+
 }

locals.tf

@@ -1,7 +1,8 @@
 locals {
   // Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is provided
   // null - is equal to 'false', don't set it to false , known bug :  https://github.com/hashicorp/terraform-provider-aws/issues/31179
-  manage_user_password = var.manage_user_password ? true : null
+  # manage_user_password = var.manage_user_password ? true : null
+  manage_user_password = coalesce(var.manage_user_password, false)
 
   prefix                             = "${var.namespace}-${var.environment}"
   security_group_ids_to_attach       = var.security_group_data.create ? concat(var.security_group_data.security_group_ids_to_attach, [module.security_group[0].id]) : var.security_group_data.security_group_ids_to_attach

main.tf

@@ -4,20 +4,24 @@
 resource "aws_db_instance" "this" {
   count = var.engine_type == "rds" ? 1 : 0
 
-  identifier               = var.name
-  db_name                  = var.database_name
-  allocated_storage        = var.allocated_storage
-  engine                   = var.engine
-  engine_version           = var.engine_version
-  engine_lifecycle_support = var.engine_lifecycle_support
-  port                     = var.port
-  instance_class           = var.db_server_class
+  identifier = var.name
 
+  # ========= Dynamic logic for snapshot vs new =========
+  snapshot_identifier = var.snapshot_identifier != null ? var.snapshot_identifier : null
 
-  username                    = var.username
-  password                    = var.password == null && local.manage_user_password == false ? random_password.master[0].result : var.password
-  manage_master_user_password = var.manage_user_password
+  # Only set these if NOT restoring from snapshot
+  db_name                     = var.snapshot_identifier == null ? var.database_name : null
+  username                    = var.snapshot_identifier == null ? var.username : null
+  password                    = var.snapshot_identifier == null && local.manage_user_password == false ? random_password.master[0].result : (var.snapshot_identifier == null ? var.password : null)
+  manage_master_user_password = var.snapshot_identifier == null ? var.manage_user_password : null
+  engine                      = var.snapshot_identifier == null ? var.engine : null
+  engine_version              = var.snapshot_identifier == null ? var.engine_version : null
+  engine_lifecycle_support    = var.snapshot_identifier == null ? var.engine_lifecycle_support : null
+  port                        = var.snapshot_identifier == null ? var.port : null
+  # =====================================================
 
+  allocated_storage                   = var.allocated_storage
+  instance_class                      = var.db_server_class
   iops                                = var.iops
   db_subnet_group_name                = var.db_subnet_group_data.create ? aws_db_subnet_group.this[0].name : null
   vpc_security_group_ids              = local.security_group_ids_to_attach

variables.tf

@@ -19,6 +19,17 @@ variable "vpc_id" {
   description = "VPC Id for creating security group"
 }
 
+
+variable "snapshot_identifier" {
+  description = <<EOT
+The identifier for the DB snapshot or DB cluster snapshot to restore from.  
+If provided, the RDS instance will be created from this snapshot and engine/db_name/username/password will be ignored.  
+If null, a fresh RDS instance will be created.
+EOT
+  type        = string
+  default     = null
+}
+
 variable "serverlessv2_scaling_config" {
   type = object({
     max_capacity = number