feat: Support endpoint_network_type and target_connection_network_type for aws_db_proxy (#44)

README.md

@@ -106,6 +106,7 @@ No modules.
 | <a name="input_db_instance_identifier"></a> [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
 | <a name="input_debug_logging"></a> [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
 | <a name="input_default_auth_scheme"></a> [default\_auth\_scheme](#input\_default\_auth\_scheme) | Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM\_AUTH. Defaults to NONE | `string` | `null` | no |
+| <a name="input_endpoint_network_type"></a> [endpoint\_network\_type](#input\_endpoint\_network\_type) | Network type of the DB proxy endpoint. Valid values are IPV4, IPV6 and DUAL. Defaults to IPV4. If IPV6 is specified, the subnets associated with the proxy must be IPv6-only, and target\_connection\_network\_type must be IPV6 | `string` | `null` | no |
 | <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | Map of DB proxy endpoints to create and their attributes | <pre>map(object({<br/>    name                   = optional(string)<br/>    vpc_subnet_ids         = list(string)<br/>    vpc_security_group_ids = optional(list(string))<br/>    target_role            = optional(string)<br/>    tags                   = optional(map(string), {})<br/>  }))</pre> | `{}` | no |
 | <a name="input_engine_family"></a> [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
 | <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
@@ -133,6 +134,7 @@ No modules.
 | <a name="input_role_arn"></a> [role\_arn](#input\_role\_arn) | The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager | `string` | `""` | no |
 | <a name="input_session_pinning_filters"></a> [session\_pinning\_filters](#input\_session\_pinning\_filters) | Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
+| <a name="input_target_connection_network_type"></a> [target\_connection\_network\_type](#input\_target\_connection\_network\_type) | Network type that the proxy uses to connect to the target database. Valid values are IPV4 and IPV6. Defaults to IPV4 | `string` | `null` | no |
 | <a name="input_target_db_cluster"></a> [target\_db\_cluster](#input\_target\_db\_cluster) | Determines whether DB cluster is targeted by proxy | `bool` | `false` | no |
 | <a name="input_target_db_instance"></a> [target\_db\_instance](#input\_target\_db\_instance) | Determines whether DB instance is targeted by proxy | `bool` | `false` | no |
 | <a name="input_use_policy_name_prefix"></a> [use\_policy\_name\_prefix](#input\_use\_policy\_name\_prefix) | Whether to use unique name beginning with the specified `iam_policy_name` | `bool` | `false` | no |

main.tf

@@ -20,15 +20,17 @@ resource "aws_db_proxy" "this" {
     }
   }
 
-  debug_logging          = var.debug_logging
-  default_auth_scheme    = var.default_auth_scheme
-  engine_family          = var.engine_family
-  idle_client_timeout    = var.idle_client_timeout
-  name                   = var.name
-  require_tls            = var.require_tls
-  role_arn               = try(aws_iam_role.this[0].arn, var.role_arn)
-  vpc_security_group_ids = var.vpc_security_group_ids
-  vpc_subnet_ids         = var.vpc_subnet_ids
+  debug_logging                  = var.debug_logging
+  default_auth_scheme            = var.default_auth_scheme
+  endpoint_network_type          = var.endpoint_network_type
+  engine_family                  = var.engine_family
+  idle_client_timeout            = var.idle_client_timeout
+  name                           = var.name
+  require_tls                    = var.require_tls
+  role_arn                       = try(aws_iam_role.this[0].arn, var.role_arn)
+  target_connection_network_type = var.target_connection_network_type
+  vpc_security_group_ids         = var.vpc_security_group_ids
+  vpc_subnet_ids                 = var.vpc_subnet_ids
 
   tags = merge(var.tags, var.proxy_tags)
 

variables.tf

@@ -55,6 +55,12 @@ variable "default_auth_scheme" {
   default     = null
 }
 
+variable "endpoint_network_type" {
+  description = "Network type of the DB proxy endpoint. Valid values are IPV4, IPV6 and DUAL. Defaults to IPV4. If IPV6 is specified, the subnets associated with the proxy must be IPv6-only, and target_connection_network_type must be IPV6"
+  type        = string
+  default     = null
+}
+
 variable "engine_family" {
   description = "The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL`"
   type        = string
@@ -79,6 +85,12 @@ variable "role_arn" {
   default     = ""
 }
 
+variable "target_connection_network_type" {
+  description = "Network type that the proxy uses to connect to the target database. Valid values are IPV4 and IPV6. Defaults to IPV4"
+  type        = string
+  default     = null
+}
+
 variable "vpc_security_group_ids" {
   description = "One or more VPC security group IDs to associate with the new proxy"
   type        = list(string)

wrappers/main.tf

@@ -16,6 +16,7 @@ module "wrapper" {
   db_instance_identifier         = try(each.value.db_instance_identifier, var.defaults.db_instance_identifier, "")
   debug_logging                  = try(each.value.debug_logging, var.defaults.debug_logging, false)
   default_auth_scheme            = try(each.value.default_auth_scheme, var.defaults.default_auth_scheme, null)
+  endpoint_network_type          = try(each.value.endpoint_network_type, var.defaults.endpoint_network_type, null)
   endpoints                      = try(each.value.endpoints, var.defaults.endpoints, {})
   engine_family                  = try(each.value.engine_family, var.defaults.engine_family, "")
   iam_policy_name                = try(each.value.iam_policy_name, var.defaults.iam_policy_name, "")
@@ -43,6 +44,7 @@ module "wrapper" {
   role_arn                       = try(each.value.role_arn, var.defaults.role_arn, "")
   session_pinning_filters        = try(each.value.session_pinning_filters, var.defaults.session_pinning_filters, [])
   tags                           = try(each.value.tags, var.defaults.tags, {})
+  target_connection_network_type = try(each.value.target_connection_network_type, var.defaults.target_connection_network_type, null)
   target_db_cluster              = try(each.value.target_db_cluster, var.defaults.target_db_cluster, false)
   target_db_instance             = try(each.value.target_db_instance, var.defaults.target_db_instance, false)
   use_policy_name_prefix         = try(each.value.use_policy_name_prefix, var.defaults.use_policy_name_prefix, false)