Add ca_cert_identifier and missing backup_window on cluster resource (#…

…11)

* Add ca_cert_identifier and missing backup_window on cluster

* update readme

README.md

@@ -59,56 +59,57 @@ terraform-docs md ./ | cat -s | tail -r | tail -n +2 | tail -r >> README.md
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| allowed\_security\_groups | A list of Security Group ID's to allow access to. | list | `[]` | no |
-| apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | string | `"false"` | no |
-| auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | string | `"true"` | no |
-| backup\_retention\_period | How long to keep backups for (in days) | string | `"7"` | no |
-| cloudwatch\_alarm\_actions | Actions for cloudwatch alarms. e.g. an SNS topic | list | `[]` | no |
-| cloudwatch\_alarm\_default\_thresholds | Override default thresholds for CloudWatch alarms. See cloudwatch_alarm_default_thresholds in cloudwatch.tf for valid keys | map | `{}` | no |
-| cloudwatch\_create\_alarms | Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified | string | `"false"` | no |
-| create\_resources | Whether to create the Aurora cluster and related resources | string | `"true"` | no |
-| create\_timeout | Timeout used for Cluster creation | string | `"120m"` | no |
-| db\_cluster\_parameter\_group\_name | The name of a DB Cluster parameter group to use | string | `"default.aurora5.6"` | no |
-| db\_parameter\_group\_name | The name of a DB parameter group to use | string | `"default.aurora5.6"` | no |
-| delete\_timeout | Timeout used for destroying cluster. This includes any cleanup task during the destroying process. | string | `"120m"` | no |
-| deletion\_protection | The database can't be deleted when this value is set to true. | string | `"true"` | no |
-| engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | string | `"aurora"` | no |
-| engine\_version | Aurora database engine version. | string | `"5.6.10a"` | no |
-| extra\_security\_groups | A list of Security Group IDs to add to the cluster | list | `[]` | no |
-| final\_snapshot\_identifier\_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | string | `"final-"` | no |
-| identifier\_prefix | Prefix for cluster and instance identifier | string | `""` | no |
-| instance\_type | Instance type to use | string | `"db.r4.large"` | no |
-| kms\_key\_id | The ARN for the KMS encryption key if one is set to the cluster. | string | `""` | no |
-| monitoring\_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | string | `"0"` | no |
-| name | Name given resources | string | n/a | yes |
-| password | Master DB password | string | `""` | no |
-| performance\_insights\_enabled | Specifies whether Performance Insights is enabled or not. | string | `"false"` | no |
-| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. | string | `""` | no |
-| port | The port on which to accept connections | string | `""` | no |
-| preferred\_backup\_window | When to perform DB backups | string | `"02:00-03:00"` | no |
-| preferred\_maintenance\_window | When to perform DB maintenance | string | `"sun:05:00-sun:06:00"` | no |
-| publicly\_accessible | Whether the DB should have a public IP address | string | `"false"` | no |
-| reader\_endpoint\_suffix | Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53_zone_id is passed also | string | `"-ro"` | no |
-| replica\_autoscaling | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | string | `"false"` | no |
-| replica\_count | Number of reader nodes to create.  If `replica_scale_enable` is `true`, the value of `replica_scale_min` is used instead. | string | `"1"` | no |
-| replica\_scale\_cpu | CPU usage to trigger autoscaling at | string | `"70"` | no |
-| replica\_scale\_in\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | string | `"300"` | no |
-| replica\_scale\_max | Maximum number of replicas to allow scaling for | string | `"0"` | no |
-| replica\_scale\_min | Maximum number of replicas to allow scaling for | string | `"1"` | no |
-| replica\_scale\_out\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | string | `"300"` | no |
-| route53\_record\_appendix | Will be appended to the route53 record. Only used if route53_zone_id is passed also | string | `".rds"` | no |
-| route53\_record\_ttl | TTL of route53 record. Only used if route53_zone_id is passed also | string | `"60"` | no |
-| route53\_zone\_id | If specified a route53 record will be created | string | `""` | no |
-| security\_group\_name\_prefix | Prefix for security group name | string | `"aurora-"` | no |
-| skip\_final\_snapshot | Should a final snapshot be created on cluster destroy | string | `"false"` | no |
-| snapshot\_identifier | DB snapshot to create this database from | string | `""` | no |
-| storage\_encrypted | Specifies whether the underlying storage layer should be encrypted | string | `"false"` | no |
-| subnet\_ids | List of subnet IDs to use | list | n/a | yes |
-| tags | A map of tags to add to all resources. | map | `{}` | no |
-| update\_timeout | Timeout used for Cluster modifications | string | `"120m"` | no |
-| username | Master DB username | string | `"root"` | no |
-| vpc\_id | VPC ID | string | n/a | yes |
+|------|-------------|------|---------|:-----:|
+| allowed\_security\_groups | A list of Security Group ID's to allow access to. | `list` | `[]` | no |
+| apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | `bool` | `false` | no |
+| auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | `bool` | `true` | no |
+| backup\_retention\_period | How long to keep backups for (in days) | `number` | `7` | no |
+| ca\_cert\_identifier | The identifier of the CA certificate for the DB instances | `string` | `""` | no |
+| cloudwatch\_alarm\_actions | Actions for cloudwatch alarms. e.g. an SNS topic | `list(string)` | `[]` | no |
+| cloudwatch\_alarm\_default\_thresholds | Override default thresholds for CloudWatch alarms. See cloudwatch\_alarm\_default\_thresholds in cloudwatch.tf for valid keys | `map(string)` | `{}` | no |
+| cloudwatch\_create\_alarms | Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified | `bool` | `false` | no |
+| create\_resources | Whether to create the Aurora cluster and related resources | `bool` | `true` | no |
+| create\_timeout | Timeout used for Cluster creation | `string` | `"120m"` | no |
+| db\_cluster\_parameter\_group\_name | The name of a DB Cluster parameter group to use | `string` | `"default.aurora5.6"` | no |
+| db\_parameter\_group\_name | The name of a DB parameter group to use | `string` | `"default.aurora5.6"` | no |
+| delete\_timeout | Timeout used for destroying cluster. This includes any cleanup task during the destroying process. | `string` | `"120m"` | no |
+| deletion\_protection | The database can't be deleted when this value is set to true. | `bool` | `true` | no |
+| engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | `string` | `"aurora"` | no |
+| engine\_version | Aurora database engine version. | `string` | `"5.6.10a"` | no |
+| extra\_security\_groups | A list of Security Group IDs to add to the cluster | `list` | `[]` | no |
+| final\_snapshot\_identifier\_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | `string` | `"final-"` | no |
+| identifier\_prefix | Prefix for cluster and instance identifier | `string` | `""` | no |
+| instance\_type | Instance type to use | `string` | `"db.r4.large"` | no |
+| kms\_key\_id | The ARN for the KMS encryption key if one is set to the cluster. | `string` | `""` | no |
+| monitoring\_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | `number` | `0` | no |
+| name | Name given resources | `string` | n/a | yes |
+| password | Master DB password | `string` | `""` | no |
+| performance\_insights\_enabled | Specifies whether Performance Insights is enabled or not. | `string` | `false` | no |
+| performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data. | `string` | `""` | no |
+| port | The port on which to accept connections | `string` | `""` | no |
+| preferred\_backup\_window | When to perform DB backups | `string` | `"02:00-03:00"` | no |
+| preferred\_maintenance\_window | When to perform DB maintenance | `string` | `"sun:05:00-sun:06:00"` | no |
+| publicly\_accessible | Whether the DB should have a public IP address | `bool` | `false` | no |
+| reader\_endpoint\_suffix | Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53\_zone\_id is passed also | `string` | `"-ro"` | no |
+| replica\_autoscaling | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | `string` | `false` | no |
+| replica\_count | Number of reader nodes to create.  If `replica_scale_enable` is `true`, the value of `replica_scale_min` is used instead. | `number` | `1` | no |
+| replica\_scale\_cpu | CPU usage to trigger autoscaling at | `string` | `70` | no |
+| replica\_scale\_in\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | `string` | `300` | no |
+| replica\_scale\_max | Maximum number of replicas to allow scaling for | `string` | `0` | no |
+| replica\_scale\_min | Maximum number of replicas to allow scaling for | `string` | `1` | no |
+| replica\_scale\_out\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | `string` | `300` | no |
+| route53\_record\_appendix | Will be appended to the route53 record. Only used if route53\_zone\_id is passed also | `string` | `".rds"` | no |
+| route53\_record\_ttl | TTL of route53 record. Only used if route53\_zone\_id is passed also | `string` | `60` | no |
+| route53\_zone\_id | If specified a route53 record will be created | `string` | `""` | no |
+| security\_group\_name\_prefix | Prefix for security group name | `string` | `"aurora-"` | no |
+| skip\_final\_snapshot | Should a final snapshot be created on cluster destroy | `bool` | `false` | no |
+| snapshot\_identifier | DB snapshot to create this database from | `string` | `""` | no |
+| storage\_encrypted | Specifies whether the underlying storage layer should be encrypted | `bool` | `false` | no |
+| subnet\_ids | List of subnet IDs to use | `list(string)` | n/a | yes |
+| tags | A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| update\_timeout | Timeout used for Cluster modifications | `string` | `"120m"` | no |
+| username | Master DB username | `string` | `"root"` | no |
+| vpc\_id | VPC ID | `string` | n/a | yes |
 
 ## Outputs
 

main.tf

@@ -63,6 +63,7 @@ resource "aws_rds_cluster_instance" "instance" {
   publicly_accessible             = var.publicly_accessible
   db_subnet_group_name            = aws_db_subnet_group.main[0].name
   db_parameter_group_name         = var.db_parameter_group_name
+  preferred_backup_window         = var.preferred_backup_window
   preferred_maintenance_window    = var.preferred_maintenance_window
   apply_immediately               = var.apply_immediately
   monitoring_role_arn             = join("", aws_iam_role.rds_enhanced_monitoring.*.arn)
@@ -71,6 +72,7 @@ resource "aws_rds_cluster_instance" "instance" {
   promotion_tier                  = count.index + 1
   performance_insights_enabled    = var.performance_insights_enabled
   performance_insights_kms_key_id = var.performance_insights_kms_key_id
+  ca_cert_identifier              = var.ca_cert_identifier
   tags                            = var.tags
 }
 
@@ -162,4 +164,3 @@ resource "aws_security_group_rule" "default_ingress" {
   source_security_group_id = element(var.allowed_security_groups, count.index)
   security_group_id        = aws_security_group.main[0].id
 }
-

variables.tf

@@ -3,6 +3,11 @@ variable "name" {
   type        = string
 }
 
+variable "ca_cert_identifier" {
+  description = "The identifier of the CA certificate for the DB instances"
+  default     = ""
+}
+
 variable "create_resources" {
   description = "Whether to create the Aurora cluster and related resources"
   default     = true
@@ -262,4 +267,3 @@ variable "reader_endpoint_suffix" {
   default     = "-ro"
   description = "Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53_zone_id is passed also"
 }
-