feat: Add support for aws_db_instance_automated_backups_replication (#413)

magreenbaum · web-flow · commit f1e15a16a30f · 2022-07-14T16:35:58.000-04:00
diff --git a/examples/complete-mssql/README.md b/examples/complete-mssql/README.md
@@ -33,6 +33,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_db"></a> [db](#module\_db) | ../../ | n/a |
+| <a name="module_db_automated_backups_replication"></a> [db\_automated\_backups\_replication](#module\_db\_automated\_backups\_replication) | ../../modules/db_instance_automated_backups_replication | n/a |
 | <a name="module_db_disabled"></a> [db\_disabled](#module\_db\_disabled) | ../../ | n/a |
 | <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
diff --git a/examples/complete-mssql/main.tf b/examples/complete-mssql/main.tf
@@ -3,8 +3,9 @@ provider "aws" {
 }
 
 locals {
-  name   = "complete-mssql"
-  region = "eu-west-1"
+  name    = "complete-mssql"
+  region  = "eu-west-1"
+  region2 = "eu-central-1"
   tags = {
     Owner       = "user"
     Environment = "dev"
@@ -135,6 +136,9 @@ module "db" {
   allocated_storage     = 20
   max_allocated_storage = 100
 
+  # Encryption at rest is not available for DB instances running SQL Server Express Edition
+  storage_encrypted = false
+
   username = "complete_mssql"
   port     = 1433
 
@@ -150,7 +154,7 @@ module "db" {
   enabled_cloudwatch_logs_exports = ["error"]
   create_cloudwatch_log_group     = true
 
-  backup_retention_period = 0
+  backup_retention_period = 1
   skip_final_snapshot     = true
   deletion_protection     = false
 
@@ -177,3 +181,21 @@ module "db_disabled" {
   create_db_parameter_group = false
   create_db_option_group    = false
 }
+
+################################################################################
+# RDS Automated Backups Replication Module
+################################################################################
+provider "aws" {
+  alias  = "region2"
+  region = local.region2
+}
+
+module "db_automated_backups_replication" {
+  source = "../../modules/db_instance_automated_backups_replication"
+
+  source_db_instance_arn = module.db.db_instance_arn
+
+  providers = {
+    aws = aws.region2
+  }
+}
diff --git a/examples/complete-oracle/README.md b/examples/complete-oracle/README.md
@@ -24,20 +24,26 @@ Note that this example may create resources which cost money. Run `terraform des
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.6 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_db"></a> [db](#module\_db) | ../../ | n/a |
+| <a name="module_db_automated_backups_replication"></a> [db\_automated\_backups\_replication](#module\_db\_automated\_backups\_replication) | ../../modules/db_instance_automated_backups_replication | n/a |
 | <a name="module_db_disabled"></a> [db\_disabled](#module\_db\_disabled) | ../../ | n/a |
+| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 |
 | <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 
 ## Inputs
 
diff --git a/examples/complete-oracle/main.tf b/examples/complete-oracle/main.tf
@@ -2,9 +2,13 @@ provider "aws" {
   region = local.region
 }
 
+data "aws_caller_identity" "current" {}
+
 locals {
-  name   = "complete-oracle"
-  region = "eu-west-1"
+  name             = "complete-oracle"
+  region           = "eu-west-1"
+  region2          = "eu-central-1"
+  current_identity = data.aws_caller_identity.current.arn
   tags = {
     Owner       = "user"
     Environment = "dev"
@@ -65,16 +69,17 @@ module "db" {
 
   engine               = "oracle-ee"
   engine_version       = "19.0.0.0.ru-2021-10.rur-2021-10.r1"
-  family               = "oracle-ee-19.0" # DB parameter group
-  major_engine_version = "19.0"           # DB option group
+  family               = "oracle-ee-19" # DB parameter group
+  major_engine_version = "19"           # DB option group
   instance_class       = "db.t3.large"
   license_model        = "bring-your-own-license"
 
   allocated_storage     = 20
   max_allocated_storage = 100
 
   # Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
-  db_name  = "COMPLETEORACLE"
+  # Oracle database name cannot be longer than 8 characters
+  db_name  = "ORACLE"
   username = "complete_oracle"
   port     = 1521
 
@@ -87,7 +92,7 @@ module "db" {
   enabled_cloudwatch_logs_exports = ["alert", "audit"]
   create_cloudwatch_log_group     = true
 
-  backup_retention_period = 0
+  backup_retention_period = 1
   skip_final_snapshot     = true
   deletion_protection     = false
 
@@ -110,3 +115,40 @@ module "db_disabled" {
   create_db_parameter_group = false
   create_db_option_group    = false
 }
+
+################################################################################
+# RDS Automated Backups Replication Module
+################################################################################
+provider "aws" {
+  alias  = "region2"
+  region = local.region2
+}
+
+module "kms" {
+  source      = "terraform-aws-modules/kms/aws"
+  version     = "~> 1.0"
+  description = "KMS key for cross region automated backups replication"
+
+  # Aliases
+  aliases                 = [local.name]
+  aliases_use_name_prefix = true
+
+  key_owners = [local.current_identity]
+
+  tags = local.tags
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+module "db_automated_backups_replication" {
+  source = "../../modules/db_instance_automated_backups_replication"
+
+  source_db_instance_arn = module.db.db_instance_arn
+  kms_key_arn            = module.kms.key_arn
+
+  providers = {
+    aws = aws.region2
+  }
+}
diff --git a/examples/complete-postgres/README.md b/examples/complete-postgres/README.md
@@ -24,21 +24,27 @@ Note that this example may create resources which cost money. Run `terraform des
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.6 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_db"></a> [db](#module\_db) | ../../ | n/a |
+| <a name="module_db_automated_backups_replication"></a> [db\_automated\_backups\_replication](#module\_db\_automated\_backups\_replication) | ../../modules/db_instance_automated_backups_replication | n/a |
 | <a name="module_db_default"></a> [db\_default](#module\_db\_default) | ../../ | n/a |
 | <a name="module_db_disabled"></a> [db\_disabled](#module\_db\_disabled) | ../../ | n/a |
+| <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 |
 | <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 
 ## Inputs
 
diff --git a/examples/complete-postgres/main.tf b/examples/complete-postgres/main.tf
@@ -2,9 +2,13 @@ provider "aws" {
   region = local.region
 }
 
+data "aws_caller_identity" "current" {}
+
 locals {
-  name   = "complete-postgresql"
-  region = "eu-west-1"
+  name             = "complete-postgresql"
+  region           = "eu-west-1"
+  region2          = "eu-central-1"
+  current_identity = data.aws_caller_identity.current.arn
   tags = {
     Owner       = "user"
     Environment = "dev"
@@ -90,7 +94,7 @@ module "db" {
   enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
   create_cloudwatch_log_group     = true
 
-  backup_retention_period = 0
+  backup_retention_period = 1
   skip_final_snapshot     = true
   deletion_protection     = false
 
@@ -166,3 +170,40 @@ module "db_disabled" {
   create_db_parameter_group = false
   create_db_option_group    = false
 }
+
+################################################################################
+# RDS Automated Backups Replication Module
+################################################################################
+provider "aws" {
+  alias  = "region2"
+  region = local.region2
+}
+
+module "kms" {
+  source      = "terraform-aws-modules/kms/aws"
+  version     = "~> 1.0"
+  description = "KMS key for cross region automated backups replication"
+
+  # Aliases
+  aliases                 = [local.name]
+  aliases_use_name_prefix = true
+
+  key_owners = [local.current_identity]
+
+  tags = local.tags
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+module "db_automated_backups_replication" {
+  source = "../../modules/db_instance_automated_backups_replication"
+
+  source_db_instance_arn = module.db.db_instance_arn
+  kms_key_arn            = module.kms.key_arn
+
+  providers = {
+    aws = aws.region2
+  }
+}
diff --git a/modules/db_instance_automated_backups_replication/main.tf b/modules/db_instance_automated_backups_replication/main.tf
@@ -0,0 +1,9 @@
+resource "aws_db_instance_automated_backups_replication" "this" {
+  count = var.create ? 1 : 0
+
+  source_db_instance_arn = var.source_db_instance_arn
+  kms_key_id             = var.kms_key_arn
+  pre_signed_url         = var.pre_signed_url
+  retention_period       = var.retention_period
+
+}
diff --git a/modules/db_instance_automated_backups_replication/outputs.tf b/modules/db_instance_automated_backups_replication/outputs.tf
@@ -0,0 +1,4 @@
+output "db_instance_automated_backups_replication_id" {
+  description = "The automated backups replication id"
+  value       = try(aws_db_instance_automated_backups_replication.this[0].id, "")
+}
diff --git a/modules/db_instance_automated_backups_replication/variables.tf b/modules/db_instance_automated_backups_replication/variables.tf
@@ -0,0 +1,29 @@
+variable "create" {
+  description = "Whether to create this resource or not?"
+  type        = bool
+  default     = true
+}
+
+variable "kms_key_arn" {
+  description = "The KMS encryption key ARN in the destination AWS Region"
+  type        = string
+  default     = null
+}
+
+variable "pre_signed_url" {
+  description = "A URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication action to be called in the AWS Region of the source DB instance"
+  type        = string
+  default     = null
+}
+
+variable "retention_period" {
+  description = "The retention period for the replicated automated backups"
+  type        = number
+  default     = 7
+}
+
+variable "source_db_instance_arn" {
+  description = "The ARN of the source DB instance for the replicated automated backups"
+  type        = string
+  default     = null
+}
diff --git a/modules/db_instance_automated_backups_replication/versions.tf b/modules/db_instance_automated_backups_replication/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.13.1"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.9"
+    }
+  }
+}
