diff --git a/main.tf b/main.tf index 1fb6226..074214e 100644 --- a/main.tf +++ b/main.tf @@ -31,25 +31,63 @@ resource "aws_security_group" "allow_mysql" { } } +resource "aws_db_parameter_group" "default" { + family = "mysql8.0" + name = "${var.identifier}-parameters" + + dynamic "parameter" { + for_each = merge(var.parameters, local.default_parameters) + content { + name = parameter.key + value = parameter.value + apply_method = "pending-reboot" + } + } +} + resource "aws_db_instance" "default" { - instance_class = var.instance_type - engine = "mysql" - engine_version = var.mysql_version - allocated_storage = var.allocated_storage - max_allocated_storage = 60 - skip_final_snapshot = var.skip_final_snapshot - identifier = var.identifier - db_name = var.db_name - username = var.master_username - password = local.password - monitoring_interval = var.enhanced_monitoring ? 60 : 0 - monitoring_role_arn = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null - maintenance_window = "mon:02:00-mon:03:30" - backup_window = "03:30-05:00" - backup_retention_period = 14 - allow_major_version_upgrade = true - apply_immediately = var.apply_immediately - db_subnet_group_name = aws_db_subnet_group.default.name - storage_encrypted = var.storage_encrypted - vpc_security_group_ids = [aws_security_group.allow_mysql.id] + instance_class = var.instance_type + engine = "mysql" + engine_version = var.mysql_version + allocated_storage = var.allocated_storage + max_allocated_storage = 60 + skip_final_snapshot = var.skip_final_snapshot + identifier = var.identifier + db_name = var.db_name + username = var.master_username + password = local.password + monitoring_interval = var.enhanced_monitoring ? 60 : 0 + monitoring_role_arn = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null + maintenance_window = "mon:02:00-mon:03:30" + backup_window = "03:30-05:00" + backup_retention_period = 14 + allow_major_version_upgrade = true + apply_immediately = var.apply_immediately + db_subnet_group_name = aws_db_subnet_group.default.name + storage_encrypted = var.storage_encrypted + vpc_security_group_ids = [aws_security_group.allow_mysql.id] + parameter_group_name = aws_db_parameter_group.default.name + kms_key_id = var.kms_key_arn + enabled_cloudwatch_logs_exports = ["error", "general", "slowquery"] + performance_insights_kms_key_id = var.kms_key_arn == "" ? null : var.kms_key_arn + performance_insights_enabled = local.performance_insights_enabled + performance_insights_retention_period = local.performance_insights_enabled ? var.performance_insights_retention_period : null +} + +locals { + default_parameters = { + "performance_schema" = 1 + } + + performance_insights_enabled = lookup( + local.instance_types_performance_insights_enabled, + try(regex("(db\\..*)\\..*", var.instance_type)[0], + "" + ), + true) + + instance_types_performance_insights_enabled = { + "db.t2" : false, + "db.t3" : false, + } } diff --git a/vars.tf b/vars.tf index 4854729..48c1ec3 100644 --- a/vars.tf +++ b/vars.tf @@ -74,3 +74,21 @@ variable "storage_encrypted" { default = true description = "Enable storage encryption on the instance" } + +variable "parameters" { + type = map(string) + default = {} + description = "parameter group overrides" +} + +variable "kms_key_arn" { + type = string + default = null + description = "KMS key to use for encryption, pass null to use AWS default KMS encryption" +} + +variable "performance_insights_retention_period" { + type = number + default = 7 + description = "Performance insights retention period in days, 7 days is free of charge. Read more here: https://aws.amazon.com/rds/performance-insights/pricing" +}