diff --git a/README.md b/README.md
index 030e544..e825d95 100644
--- a/README.md
+++ b/README.md
@@ -56,69 +56,124 @@ go get github.com/segmentio/terraform-docs
terraform-docs md ./ | cat -s | tail -r | tail -n +2 | tail -r >> README.md
```
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+| [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_appautoscaling_policy.autoscaling_read_replica_count](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
+| [aws_appautoscaling_target.read_replica_count](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource |
+| [aws_cloudwatch_metric_alarm.aurora_replica_lag](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cpu_utilization_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.cpu_utilization_writer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.database_connections_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.database_connections_writer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.disk_queue_depth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.freeable_memory_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.freeable_memory_writer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.swap_usage_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.swap_usage_writer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_db_subnet_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
+| [aws_iam_role.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_rds_cluster.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster) | resource |
+| [aws_rds_cluster_instance.data_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource |
+| [aws_rds_cluster_instance.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource |
+| [aws_route53_record.data_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_security_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [random_id.master_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [random_id.snapshot_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [aws_iam_policy_document.monitoring_rds_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
## Inputs
| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:-----:|
-| allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list` | `[]` | no |
-| apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | `bool` | `false` | no |
-| auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | `bool` | `true` | no |
-| backup\_retention\_period | How long to keep backups for (in days) | `number` | `7` | no |
-| ca\_cert\_identifier | The identifier of the CA certificate for the DB instances | `string` | `""` | no |
-| cloudwatch\_alarm\_actions | Actions for cloudwatch alarms. e.g. an SNS topic | `list(string)` | `[]` | no |
-| cloudwatch\_alarm\_default\_thresholds | Override default thresholds for CloudWatch alarms. See cloudwatch\_alarm\_default\_thresholds in cloudwatch.tf for valid keys | `map(string)` | `{}` | no |
-| cloudwatch\_create\_alarms | Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified | `bool` | `false` | no |
-| create\_resources | Whether to create the Aurora cluster and related resources | `bool` | `true` | no |
-| create\_timeout | Timeout used for Cluster creation | `string` | `"120m"` | no |
-| db\_cluster\_parameter\_group\_name | The name of a DB Cluster parameter group to use | `string` | `"default.aurora5.6"` | no |
-| db\_parameter\_group\_name | The name of a DB parameter group to use | `string` | `"default.aurora5.6"` | no |
-| delete\_timeout | Timeout used for destroying cluster. This includes any cleanup task during the destroying process. | `string` | `"120m"` | no |
-| deletion\_protection | The database can't be deleted when this value is set to true. | `bool` | `true` | no |
-| engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | `string` | `"aurora"` | no |
-| engine\_version | Aurora database engine version. | `string` | `"5.6.10a"` | no |
-| extra\_security\_groups | A list of Security Group IDs to add to the cluster | `list` | `[]` | no |
-| final\_snapshot\_identifier\_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | `string` | `"final-"` | no |
-| identifier\_prefix | Prefix for cluster and instance identifier | `string` | `""` | no |
-| instance\_type | Instance type to use | `string` | `"db.r4.large"` | no |
-| kms\_key\_id | The ARN for the KMS encryption key if one is set to the cluster. | `string` | `""` | no |
-| monitoring\_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | `number` | `0` | no |
-| name | Name given resources | `string` | n/a | yes |
-| password | Master DB password | `string` | `""` | no |
-| performance\_insights\_enabled | Specifies whether Performance Insights is enabled or not. | `string` | `false` | no |
-| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. | `string` | `""` | no |
-| port | The port on which to accept connections | `string` | `""` | no |
-| preferred\_backup\_window | When to perform DB backups | `string` | `"02:00-03:00"` | no |
-| preferred\_maintenance\_window | When to perform DB maintenance | `string` | `"sun:05:00-sun:06:00"` | no |
-| publicly\_accessible | Whether the DB should have a public IP address | `bool` | `false` | no |
-| reader\_endpoint\_suffix | Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53\_zone\_id is passed also | `string` | `"-ro"` | no |
-| replica\_autoscaling | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | `string` | `false` | no |
-| replica\_count | Number of reader nodes to create. If `replica_scale_enable` is `true`, the value of `replica_scale_min` is used instead. | `number` | `1` | no |
-| replica\_scale\_cpu | CPU usage to trigger autoscaling at | `string` | `70` | no |
-| replica\_scale\_in\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | `string` | `300` | no |
-| replica\_scale\_max | Maximum number of replicas to allow scaling for | `string` | `0` | no |
-| replica\_scale\_min | Maximum number of replicas to allow scaling for | `string` | `1` | no |
-| replica\_scale\_out\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | `string` | `300` | no |
-| route53\_record\_appendix | Will be appended to the route53 record. Only used if route53\_zone\_id is passed also | `string` | `".rds"` | no |
-| route53\_record\_ttl | TTL of route53 record. Only used if route53\_zone\_id is passed also | `string` | `60` | no |
-| route53\_zone\_id | If specified a route53 record will be created | `string` | `""` | no |
-| security\_group\_name\_prefix | Prefix for security group name | `string` | `"aurora-"` | no |
-| skip\_final\_snapshot | Should a final snapshot be created on cluster destroy | `bool` | `false` | no |
-| snapshot\_identifier | DB snapshot to create this database from | `string` | `""` | no |
-| storage\_encrypted | Specifies whether the underlying storage layer should be encrypted | `bool` | `false` | no |
-| subnet\_ids | List of subnet IDs to use | `list(string)` | n/a | yes |
-| tags | A map of tags to add to all resources. | `map(string)` | `{}` | no |
-| update\_timeout | Timeout used for Cluster modifications | `string` | `"120m"` | no |
-| username | Master DB username | `string` | `"root"` | no |
-| vpc\_id | VPC ID | `string` | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Determines whether or not major version upgrades are permitted | `bool` | `false` | no |
+| [allowed\_security\_groups](#input\_allowed\_security\_groups) | A list of Security Group ID's to allow access to. | `list` | `[]` | no |
+| [apply\_immediately](#input\_apply\_immediately) | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | `bool` | `false` | no |
+| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Determines whether minor engine upgrades will be performed automatically in the maintenance window | `bool` | `true` | no |
+| [backup\_retention\_period](#input\_backup\_retention\_period) | How long to keep backups for (in days) | `number` | `7` | no |
+| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the CA certificate for the DB instances | `string` | `""` | no |
+| [cloudwatch\_alarm\_actions](#input\_cloudwatch\_alarm\_actions) | Actions for cloudwatch alarms. e.g. an SNS topic | `list(string)` | `[]` | no |
+| [cloudwatch\_alarm\_default\_thresholds](#input\_cloudwatch\_alarm\_default\_thresholds) | Override default thresholds for CloudWatch alarms. See cloudwatch\_alarm\_default\_thresholds in cloudwatch.tf for valid keys | `map(string)` | `{}` | no |
+| [cloudwatch\_create\_alarms](#input\_cloudwatch\_create\_alarms) | Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified | `bool` | `false` | no |
+| [create\_data\_reader](#input\_create\_data\_reader) | Specifies if a data reader node is created. | `bool` | `false` | no |
+| [create\_resources](#input\_create\_resources) | Whether to create the Aurora cluster and related resources | `bool` | `true` | no |
+| [create\_timeout](#input\_create\_timeout) | Timeout used for Cluster creation | `string` | `"120m"` | no |
+| [data\_reader\_endpoint\_suffix](#input\_data\_reader\_endpoint\_suffix) | Suffix for the Route53 record pointing to the cluster data reader endpoint. Only used if route53\_zone\_id is passed also | `string` | `"-data-reader"` | no |
+| [data\_reader\_instance\_type](#input\_data\_reader\_instance\_type) | Instance type to use for data reader node | `string` | `"db.r4.large"` | no |
+| [data\_reader\_parameter\_group\_name](#input\_data\_reader\_parameter\_group\_name) | Data reader node db parameter group | `string` | `""` | no |
+| [data\_reader\_route53\_prefix](#input\_data\_reader\_route53\_prefix) | If specified a data reader route53 record will be created | `string` | `""` | no |
+| [data\_reader\_route53\_zone\_id](#input\_data\_reader\_route53\_zone\_id) | If specified a data reader route53 record will be created | `string` | `""` | no |
+| [data\_reader\_tags](#input\_data\_reader\_tags) | A map of tags to add to data reader resources. | `map(string)` | `{}` | no |
+| [db\_cluster\_parameter\_group\_name](#input\_db\_cluster\_parameter\_group\_name) | The name of a DB Cluster parameter group to use | `string` | `"default.aurora5.6"` | no |
+| [db\_parameter\_group\_name](#input\_db\_parameter\_group\_name) | The name of a DB parameter group to use | `string` | `"default.aurora5.6"` | no |
+| [delete\_timeout](#input\_delete\_timeout) | Timeout used for destroying cluster. This includes any cleanup task during the destroying process. | `string` | `"120m"` | no |
+| [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true. | `bool` | `true` | no |
+| [engine](#input\_engine) | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | `string` | `"aurora"` | no |
+| [engine\_version](#input\_engine\_version) | Aurora database engine version. | `string` | `"5.6.10a"` | no |
+| [extra\_security\_groups](#input\_extra\_security\_groups) | A list of Security Group IDs to add to the cluster | `list` | `[]` | no |
+| [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | `string` | `"final-"` | no |
+| [identifier\_prefix](#input\_identifier\_prefix) | Prefix for cluster and instance identifier | `string` | `""` | no |
+| [instance\_type](#input\_instance\_type) | Instance type to use | `string` | `"db.r4.large"` | no |
+| [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key if one is set to the cluster. | `string` | `""` | no |
+| [monitoring\_interval](#input\_monitoring\_interval) | The interval (seconds) between points when Enhanced Monitoring metrics are collected | `number` | `0` | no |
+| [name](#input\_name) | Name given resources | `string` | n/a | yes |
+| [password](#input\_password) | Master DB password | `string` | `""` | no |
+| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights is enabled or not. | `string` | `false` | no |
+| [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | The ARN for the KMS key to encrypt Performance Insights data. | `string` | `""` | no |
+| [port](#input\_port) | The port on which to accept connections | `string` | `""` | no |
+| [preferred\_backup\_window](#input\_preferred\_backup\_window) | When to perform DB backups for the cluster | `string` | `"02:00-03:00"` | no |
+| [preferred\_backup\_window\_instance](#input\_preferred\_backup\_window\_instance) | When to perform DB backups for instances | `string` | `""` | no |
+| [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | When to perform DB maintenance for the cluster | `string` | `"sun:05:00-sun:06:00"` | no |
+| [preferred\_maintenance\_window\_instance](#input\_preferred\_maintenance\_window\_instance) | When to perform DB maintenance for instances | `string` | `""` | no |
+| [publicly\_accessible](#input\_publicly\_accessible) | Whether the DB should have a public IP address | `bool` | `false` | no |
+| [reader\_endpoint\_suffix](#input\_reader\_endpoint\_suffix) | Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53\_zone\_id is passed also | `string` | `"-ro"` | no |
+| [replica\_autoscaling](#input\_replica\_autoscaling) | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | `string` | `false` | no |
+| [replica\_count](#input\_replica\_count) | Number of reader nodes to create. If `replica_scale_enable` is `true`, the value of `replica_scale_min` is used instead. | `number` | `1` | no |
+| [replica\_scale\_cpu](#input\_replica\_scale\_cpu) | CPU usage to trigger autoscaling at | `string` | `70` | no |
+| [replica\_scale\_in\_cooldown](#input\_replica\_scale\_in\_cooldown) | Cooldown in seconds before allowing further scaling operations after a scale in | `string` | `300` | no |
+| [replica\_scale\_max](#input\_replica\_scale\_max) | Maximum number of replicas to allow scaling for | `string` | `0` | no |
+| [replica\_scale\_min](#input\_replica\_scale\_min) | Maximum number of replicas to allow scaling for | `string` | `1` | no |
+| [replica\_scale\_out\_cooldown](#input\_replica\_scale\_out\_cooldown) | Cooldown in seconds before allowing further scaling operations after a scale out | `string` | `300` | no |
+| [route53\_record\_appendix](#input\_route53\_record\_appendix) | Will be appended to the route53 record. Only used if route53\_zone\_id is passed also | `string` | `".rds"` | no |
+| [route53\_record\_ttl](#input\_route53\_record\_ttl) | TTL of route53 record. Only used if route53\_zone\_id is passed also | `string` | `60` | no |
+| [route53\_zone\_id](#input\_route53\_zone\_id) | If specified a route53 record will be created | `string` | `""` | no |
+| [security\_group\_name\_prefix](#input\_security\_group\_name\_prefix) | Prefix for security group name | `string` | `"aurora-"` | no |
+| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Should a final snapshot be created on cluster destroy | `bool` | `false` | no |
+| [snapshot\_identifier](#input\_snapshot\_identifier) | DB snapshot to create this database from | `string` | `""` | no |
+| [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the underlying storage layer should be encrypted | `bool` | `false` | no |
+| [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs to use | `list(string)` | n/a | yes |
+| [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| [update\_timeout](#input\_update\_timeout) | Timeout used for Cluster modifications | `string` | `"120m"` | no |
+| [username](#input\_username) | Master DB username | `string` | `"root"` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
-| cluster\_endpoint | The cluster endpoint |
-| cluster\_id | The ID of the cluster |
-| cluster\_master\_password | The master password |
-| cluster\_master\_username | The master username |
-| cluster\_port | The port |
-| cluster\_reader\_endpoint | The cluster reader endpoint |
-| security\_group\_id | The security group ID of the cluster |
+| [cluster\_endpoint](#output\_cluster\_endpoint) | The cluster endpoint |
+| [cluster\_id](#output\_cluster\_id) | The ID of the cluster |
+| [cluster\_master\_password](#output\_cluster\_master\_password) | The master password |
+| [cluster\_master\_username](#output\_cluster\_master\_username) | The master username |
+| [cluster\_port](#output\_cluster\_port) | The port |
+| [cluster\_reader\_endpoint](#output\_cluster\_reader\_endpoint) | The cluster reader endpoint |
diff --git a/main.tf b/main.tf
index 9b3906d..95d90e0 100644
--- a/main.tf
+++ b/main.tf
@@ -24,7 +24,9 @@ resource "aws_db_subnet_group" "main" {
}
resource "aws_rds_cluster" "main" {
- count = var.create_resources ? 1 : 0
+ count = var.create_resources ? 1 : 0
+
+ allow_major_version_upgrade = var.allow_major_version_upgrade
cluster_identifier = "${var.identifier_prefix}${var.name}"
engine = var.engine
engine_version = var.engine_version
@@ -74,14 +76,14 @@ resource "aws_rds_cluster_instance" "instance" {
performance_insights_kms_key_id = var.performance_insights_kms_key_id
ca_cert_identifier = var.ca_cert_identifier
tags = var.tags
-
+
# Updating engine version forces replacement of instances, and they shouldn't be replaced
# because cluster will update them if engine version is changed
lifecycle {
ignore_changes = [
engine_version
]
- }
+ }
}
resource "aws_rds_cluster_instance" "data_reader" {
@@ -105,14 +107,14 @@ resource "aws_rds_cluster_instance" "data_reader" {
performance_insights_kms_key_id = var.performance_insights_kms_key_id
ca_cert_identifier = var.ca_cert_identifier
tags = merge(var.tags, var.data_reader_tags)
-
+
# Updating engine version forces replacement of instances, and they shouldn't be replaced
# because cluster will update them if engine version is changed
lifecycle {
ignore_changes = [
engine_version
]
- }
+ }
}
resource "random_id" "snapshot_identifier" {
diff --git a/variables.tf b/variables.tf
index 029265f..ebaeaeb 100644
--- a/variables.tf
+++ b/variables.tf
@@ -34,6 +34,11 @@ variable "replica_count" {
default = 1
}
+variable "allow_major_version_upgrade" {
+ description = "Determines whether or not major version upgrades are permitted"
+ default = false
+}
+
variable "allowed_security_groups" {
description = "A list of Security Group ID's to allow access to."
default = []