fix: Cloudwatch Log Group deletion db_instance dependency (#423)

magreenbaum · web-flow · commit e6351a3f2bc5 · 2022-07-25T15:28:19.000-04:00
* depends_on support for cloudwatch log group

* fix s3-import-mysql example

Co-authored-by: magreenbaum &lt;magreenbaum&gt;
diff --git a/examples/s3-import-mysql/README.md b/examples/s3-import-mysql/README.md
@@ -64,6 +64,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_db"></a> [db](#module\_db) | ../../ | n/a |
+| <a name="module_import_s3_bucket"></a> [import\_s3\_bucket](#module\_import\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
 | <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
@@ -73,7 +74,6 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|------|
 | [aws_iam_role.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_s3_bucket.import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
 | [aws_iam_policy_document.s3_import](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.s3_import_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/examples/s3-import-mysql/main.tf b/examples/s3-import-mysql/main.tf
@@ -80,25 +80,17 @@ module "security_group" {
   tags = local.tags
 }
 
-# Temporary work around until S3 module is updated to support v4.x
-resource "aws_s3_bucket" "import" {
+module "import_s3_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "~> 3.0"
+
   bucket        = "${local.name}-${random_pet.this.id}"
+  acl           = "private"
   force_destroy = true
 
   tags = local.tags
 }
 
-# module "import_s3_bucket" {
-#   source  = "terraform-aws-modules/s3-bucket/aws"
-#   version = "~> 2.0"
-
-#   bucket        = "${local.name}-${random_pet.this.id}"
-#   acl           = "private"
-#   force_destroy = true
-
-#   tags = local.tags
-# }
-
 data "aws_iam_policy_document" "s3_import_assume" {
   statement {
     actions = [
@@ -129,7 +121,7 @@ data "aws_iam_policy_document" "s3_import" {
     ]
 
     resources = [
-      aws_s3_bucket.import.arn
+      module.import_s3_bucket.s3_bucket_arn
     ]
   }
 
@@ -139,7 +131,7 @@ data "aws_iam_policy_document" "s3_import" {
     ]
 
     resources = [
-      "${aws_s3_bucket.import.arn}/*",
+      "${module.import_s3_bucket.s3_bucket_arn}/*",
     ]
   }
 }
@@ -153,7 +145,7 @@ resource "aws_iam_role_policy" "s3_import" {
   # also needs this role so this is an easy way of ensuring the backup is uploaded before
   # the instance creation starts
   provisioner "local-exec" {
-    command = "unzip backup.zip && aws s3 sync ${path.module}/backup s3://${aws_s3_bucket.import.id}"
+    command = "unzip backup.zip && aws s3 sync ${path.module}/backup s3://${module.import_s3_bucket.s3_bucket_id}"
   }
 }
 
@@ -168,7 +160,7 @@ module "db" {
 
   # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
   engine               = "mysql"
-  engine_version       = "8.0.27"
+  engine_version       = "8.0.28"
   family               = "mysql8.0" # DB parameter group
   major_engine_version = "8.0"      # DB option group
   instance_class       = "db.t4g.large"
@@ -182,13 +174,13 @@ module "db" {
 
   # S3 import https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html
   s3_import = {
-    source_engine_version = "8.0.27"
-    bucket_name           = aws_s3_bucket.import.id
+    source_engine_version = "8.0.28"
+    bucket_name           = module.import_s3_bucket.s3_bucket_id
     ingestion_role        = aws_iam_role.s3_import.arn
   }
 
   multi_az               = true
-  subnet_ids             = module.vpc.database_subnets
+  db_subnet_group_name   = module.vpc.database_subnet_group_name
   vpc_security_group_ids = [module.security_group.security_group_id]
 
   maintenance_window              = "Mon:00:00-Mon:03:00"
diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf
@@ -118,6 +118,8 @@ resource "aws_db_instance" "this" {
 
   tags = var.tags
 
+  depends_on = [aws_cloudwatch_log_group.this]
+
   timeouts {
     create = lookup(var.timeouts, "create", null)
     delete = lookup(var.timeouts, "delete", null)
