From d320348984db35c28ca8d272407e5c45ead983ae Mon Sep 17 00:00:00 2001
From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com>
Date: Fri, 12 Jul 2024 08:32:09 -0400
Subject: [PATCH] feat: Multi-az rds cluster ca cert identifier (#458)
* multi-az rds cluster ca cert identifier
* update variable description
* remove param for testing
---
README.md | 7 +++++--
examples/autoscaling/README.md | 4 ++--
examples/autoscaling/versions.tf | 2 +-
examples/global-cluster/README.md | 6 +++---
examples/global-cluster/versions.tf | 2 +-
examples/multi-az/README.md | 6 ++++--
examples/multi-az/main.tf | 4 +++-
examples/multi-az/outputs.tf | 10 ++++++++++
examples/multi-az/versions.tf | 2 +-
examples/mysql/README.md | 4 ++--
examples/mysql/versions.tf | 2 +-
examples/postgresql/README.md | 4 ++--
examples/postgresql/versions.tf | 2 +-
examples/s3-import/README.md | 4 ++--
examples/s3-import/versions.tf | 2 +-
examples/serverless/README.md | 4 ++--
examples/serverless/versions.tf | 2 +-
main.tf | 1 +
outputs.tf | 10 ++++++++++
variables.tf | 6 ++++++
versions.tf | 2 +-
21 files changed, 60 insertions(+), 26 deletions(-)
diff --git a/README.md b/README.md
index b53aa74..6448898 100644
--- a/README.md
+++ b/README.md
@@ -224,13 +224,13 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
@@ -283,6 +283,7 @@ No modules.
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
| [cloudwatch\_log\_group\_retention\_in\_days](#input\_cloudwatch\_log\_group\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance | `number` | `7` | no |
| [cloudwatch\_log\_group\_skip\_destroy](#input\_cloudwatch\_log\_group\_skip\_destroy) | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state | `bool` | `null` | no |
+| [cluster\_ca\_cert\_identifier](#input\_cluster\_ca\_cert\_identifier) | The CA certificate identifier to use for the DB cluster's server certificate. Currently only supported for multi-az DB clusters | `string` | `null` | no |
| [cluster\_members](#input\_cluster\_members) | List of RDS Instances that are a part of this cluster | `list(string)` | `null` | no |
| [cluster\_tags](#input\_cluster\_tags) | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | `map(string)` | `{}` | no |
| [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no |
@@ -392,6 +393,8 @@ No modules.
|------|-------------|
| [additional\_cluster\_endpoints](#output\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
| [cluster\_arn](#output\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
+| [cluster\_ca\_certificate\_identifier](#output\_cluster\_ca\_certificate\_identifier) | CA identifier of the CA certificate used for the DB instance's server certificate |
+| [cluster\_ca\_certificate\_valid\_till](#output\_cluster\_ca\_certificate\_valid\_till) | Expiration date of the DB instance’s server certificate |
| [cluster\_database\_name](#output\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
| [cluster\_endpoint](#output\_cluster\_endpoint) | Writer endpoint for the cluster |
| [cluster\_engine\_version\_actual](#output\_cluster\_engine\_version\_actual) | The running version of the cluster database |
diff --git a/examples/autoscaling/README.md b/examples/autoscaling/README.md
index 0520010..e5ef334 100644
--- a/examples/autoscaling/README.md
+++ b/examples/autoscaling/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
diff --git a/examples/autoscaling/versions.tf b/examples/autoscaling/versions.tf
index 4cda07e..2c346da 100644
--- a/examples/autoscaling/versions.tf
+++ b/examples/autoscaling/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}
diff --git a/examples/global-cluster/README.md b/examples/global-cluster/README.md
index 4e81f24..d926ce7 100644
--- a/examples/global-cluster/README.md
+++ b/examples/global-cluster/README.md
@@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
| [random](#requirement\_random) | >= 2.2 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
-| [aws.secondary](#provider\_aws.secondary) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
+| [aws.secondary](#provider\_aws.secondary) | >= 5.58 |
| [random](#provider\_random) | >= 2.2 |
## Modules
diff --git a/examples/global-cluster/versions.tf b/examples/global-cluster/versions.tf
index 954c03a..eb5aea8 100644
--- a/examples/global-cluster/versions.tf
+++ b/examples/global-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
random = {
diff --git a/examples/multi-az/README.md b/examples/multi-az/README.md
index 83f95e4..0dc02a7 100644
--- a/examples/multi-az/README.md
+++ b/examples/multi-az/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
@@ -51,6 +51,8 @@ No inputs.
|------|-------------|
| [additional\_cluster\_endpoints](#output\_additional\_cluster\_endpoints) | A map of additional cluster endpoints and their attributes |
| [cluster\_arn](#output\_cluster\_arn) | Amazon Resource Name (ARN) of cluster |
+| [cluster\_ca\_certificate\_identifier](#output\_cluster\_ca\_certificate\_identifier) | CA identifier of the CA certificate used for the DB instance's server certificate |
+| [cluster\_ca\_certificate\_valid\_till](#output\_cluster\_ca\_certificate\_valid\_till) | Expiration date of the DB instance’s server certificate |
| [cluster\_database\_name](#output\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
| [cluster\_endpoint](#output\_cluster\_endpoint) | Writer endpoint for the cluster |
| [cluster\_engine\_version\_actual](#output\_cluster\_engine\_version\_actual) | The running version of the cluster database |
diff --git a/examples/multi-az/main.tf b/examples/multi-az/main.tf
index 35c58a1..ea772ce 100644
--- a/examples/multi-az/main.tf
+++ b/examples/multi-az/main.tf
@@ -27,7 +27,7 @@ module "aurora" {
name = local.name
engine = "postgres" # This uses RDS engine, not Aurora
- engine_version = "14.5"
+ engine_version = "15.7"
master_username = "root"
vpc_id = module.vpc.vpc_id
@@ -45,6 +45,8 @@ module "aurora" {
iops = 2500
storage_type = "io1"
+ cluster_ca_cert_identifier = "rds-ca-rsa4096-g1"
+
skip_final_snapshot = true
tags = local.tags
diff --git a/examples/multi-az/outputs.tf b/examples/multi-az/outputs.tf
index bc39159..e29199a 100644
--- a/examples/multi-az/outputs.tf
+++ b/examples/multi-az/outputs.tf
@@ -66,6 +66,16 @@ output "cluster_hosted_zone_id" {
value = module.aurora.cluster_hosted_zone_id
}
+output "cluster_ca_certificate_identifier" {
+ description = "CA identifier of the CA certificate used for the DB instance's server certificate"
+ value = module.aurora.cluster_ca_certificate_identifier
+}
+
+output "cluster_ca_certificate_valid_till" {
+ description = "Expiration date of the DB instance’s server certificate"
+ value = module.aurora.cluster_ca_certificate_valid_till
+}
+
################################################################################
# Cluster Instance(s)
################################################################################
diff --git a/examples/multi-az/versions.tf b/examples/multi-az/versions.tf
index 4cda07e..2c346da 100644
--- a/examples/multi-az/versions.tf
+++ b/examples/multi-az/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}
diff --git a/examples/mysql/README.md b/examples/mysql/README.md
index 0a14403..288bc8b 100644
--- a/examples/mysql/README.md
+++ b/examples/mysql/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
diff --git a/examples/mysql/versions.tf b/examples/mysql/versions.tf
index 4cda07e..2c346da 100644
--- a/examples/mysql/versions.tf
+++ b/examples/mysql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}
diff --git a/examples/postgresql/README.md b/examples/postgresql/README.md
index 5708aca..a15949a 100644
--- a/examples/postgresql/README.md
+++ b/examples/postgresql/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
diff --git a/examples/postgresql/versions.tf b/examples/postgresql/versions.tf
index 4cda07e..2c346da 100644
--- a/examples/postgresql/versions.tf
+++ b/examples/postgresql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}
diff --git a/examples/s3-import/README.md b/examples/s3-import/README.md
index 3582f9b..793f18a 100644
--- a/examples/s3-import/README.md
+++ b/examples/s3-import/README.md
@@ -49,13 +49,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
## Modules
diff --git a/examples/s3-import/versions.tf b/examples/s3-import/versions.tf
index 4cda07e..2c346da 100644
--- a/examples/s3-import/versions.tf
+++ b/examples/s3-import/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}
diff --git a/examples/serverless/README.md b/examples/serverless/README.md
index b3a6ba1..4a128b9 100644
--- a/examples/serverless/README.md
+++ b/examples/serverless/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.42 |
+| [aws](#requirement\_aws) | >= 5.58 |
| [random](#requirement\_random) | >= 3.5 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.42 |
+| [aws](#provider\_aws) | >= 5.58 |
| [random](#provider\_random) | >= 3.5 |
## Modules
diff --git a/examples/serverless/versions.tf b/examples/serverless/versions.tf
index 9f1d544..bc79575 100644
--- a/examples/serverless/versions.tf
+++ b/examples/serverless/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
random = {
source = "hashicorp/random"
diff --git a/main.tf b/main.tf
index 755cfae..5e34179 100644
--- a/main.tf
+++ b/main.tf
@@ -45,6 +45,7 @@ resource "aws_rds_cluster" "this" {
availability_zones = var.availability_zones
backup_retention_period = var.backup_retention_period
backtrack_window = local.backtrack_window
+ ca_certificate_identifier = var.cluster_ca_cert_identifier
cluster_identifier = var.cluster_use_name_prefix ? null : var.name
cluster_identifier_prefix = var.cluster_use_name_prefix ? "${var.name}-" : null
cluster_members = var.cluster_members
diff --git a/outputs.tf b/outputs.tf
index ec24ee8..f755d00 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -79,6 +79,16 @@ output "cluster_hosted_zone_id" {
value = try(aws_rds_cluster.this[0].hosted_zone_id, null)
}
+output "cluster_ca_certificate_identifier" {
+ description = "CA identifier of the CA certificate used for the DB instance's server certificate"
+ value = try(aws_rds_cluster.this[0].ca_certificate_identifier, null)
+}
+
+output "cluster_ca_certificate_valid_till" {
+ description = "Expiration date of the DB instance’s server certificate"
+ value = try(aws_rds_cluster.this[0].ca_certificate_valid_till, null)
+}
+
################################################################################
# Cluster Instance(s)
################################################################################
diff --git a/variables.tf b/variables.tf
index 3019fc5..3967ae0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -90,6 +90,12 @@ variable "backtrack_window" {
default = null
}
+variable "cluster_ca_cert_identifier" {
+ description = "The CA certificate identifier to use for the DB cluster's server certificate. Currently only supported for multi-az DB clusters"
+ type = string
+ default = null
+}
+
variable "cluster_members" {
description = "List of RDS Instances that are a part of this cluster"
type = list(string)
diff --git a/versions.tf b/versions.tf
index 4cda07e..2c346da 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.42"
+ version = ">= 5.58"
}
}
}