chore: update examples and CI workflows (#7)

.github/workflows/pre-commit.yml

@@ -0,0 +1,78 @@
+name: pre-commit
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+
+env:
+  TERRAFORM_DOCS_VERSION: v0.16.0
+
+jobs:
+  collectInputs:
+    name: Collect workflow inputs
+    runs-on: ubuntu-latest
+    outputs:
+      directories: ${{ steps.dirs.outputs.directories }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Get root directories
+        id: dirs
+        uses: clowdhaus/terraform-composite-actions/directories@v1.3.0
+
+  preCommitMinVersions:
+    name: Min TF pre-commit
+    needs: collectInputs
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@v1.0.3
+        with:
+          directory: ${{ matrix.directory }}
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory !=  '.' }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory ==  '.' }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+
+  preCommitMaxVersion:
+    name: Max TF pre-commit
+    runs-on: ubuntu-latest
+    needs: collectInputs
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@v1.0.3
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.3.0
+        with:
+          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}

.github/workflows/semantic-releaser.yml

@@ -1,4 +1,4 @@
-name: Release
+name: release
 
 on:
   push:
@@ -10,7 +10,7 @@ on:
 
 jobs:
   release:
-    name: Release
+    name: release
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -26,5 +26,5 @@ jobs:
 
       - name: Release
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE }}
         run: npx semantic-release

.github/workflows/static-checks.yml

@@ -1,77 +0,0 @@
-name: static-checks
-
-on:
-  pull_request:
-
-jobs:
-  versionExtract:
-    name: Get min/max versions
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Terraform min/max versions
-        id: minMax
-        uses: clowdhaus/terraform-min-max@main
-    outputs:
-      minVersion: ${{ steps.minMax.outputs.minVersion }}
-      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
-
-  versionEvaluate:
-    name: Evaluate Terraform versions
-    runs-on: ubuntu-latest
-    needs: versionExtract
-    strategy:
-      fail-fast: false
-      matrix:
-        version:
-          - ${{ needs.versionExtract.outputs.minVersion }}
-          - ${{ needs.versionExtract.outputs.maxVersion }}
-        directory:
-          - examples/mysql_iam_cluster
-          - examples/mysql_iam_instance
-          - examples/postgresql_iam_cluster
-          - examples/postgresql_iam_instance
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Install Terraform v${{ matrix.version }}
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: ${{ matrix.version }}
-
-      - name: Init & validate v${{ matrix.version }}
-        run: |
-          cd ${{ matrix.directory }}
-          terraform init
-          terraform validate
-
-      - name: tflint
-        uses: reviewdog/action-tflint@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          working_directory: ${{ matrix.directory }}
-          fail_on_error: 'true'
-          filter_mode: 'nofilter'
-          flags: '--module'
-
-  format:
-    name: Check code format
-    runs-on: ubuntu-latest
-    needs: versionExtract
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-
-      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
-
-      - name: Check Terraform format changes
-        run: terraform fmt --recursive -check=true

.pre-commit-config.yaml

@@ -1,10 +1,15 @@
 repos:
-  - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.51.0
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.55.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
-  - repo: git://github.com/pre-commit/pre-commit-hooks
+        args:
+          - '--args=--lockfile=false'
+      - id: terraform_validate
+      - id: terraform_tflint
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:
-      - id: check-merge-conflict
+      - id: check-merge-conflict
+      - id: end-of-file-fixer

examples/mysql_iam_cluster/README.md

@@ -37,38 +37,29 @@ An EC2 instance configuration has been provided for use in validating the exampl
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.59.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ec2_instance"></a> [ec2\_instance](#module\_ec2\_instance) | terraform-aws-modules/ec2-instance/aws | ~> 3 |
-| <a name="module_ec2_sg"></a> [ec2\_sg](#module\_ec2\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 4 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 6.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
-| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3 |
+| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_db_parameter_group.aurora_db_mysql57_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
-| [aws_iam_instance_profile.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_role.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.ec2_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_rds_cluster_parameter_group.aurora_cluster_mysql57_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
 | [aws_secretsmanager_secret.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ec2_test_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -95,9 +86,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-| <a name="output_superuser_db_password_connect"></a> [superuser\_db\_password\_connect](#output\_superuser\_db\_password\_connect) | Connect to database using superuser with username/password directly to database |
-| <a name="output_superuser_proxy_iam_connect"></a> [superuser\_proxy\_iam\_connect](#output\_superuser\_proxy\_iam\_connect) | Connect to RDS Proxy using IAM auth via token generated |
-| <a name="output_superuser_proxy_iam_token"></a> [superuser\_proxy\_iam\_token](#output\_superuser\_proxy\_iam\_token) | Gerate connection token for connecting to RDS Proxy with IAM auth |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 Apache-2.0 Licensed. See [LICENSE](../../LICENSE).

examples/mysql_iam_cluster/main.tf

@@ -38,7 +38,7 @@ resource "random_password" "password" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name = local.name
   cidr = "10.0.0.0/18"
@@ -69,20 +69,21 @@ module "vpc" {
 
 module "rds" {
   source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "~> 4"
+  version = "~> 6.0"
 
-  name          = local.name
-  database_name = local.db_name
-  username      = local.db_username
-  password      = local.db_password
+  name            = local.name
+  database_name   = local.db_name
+  master_username = local.db_username
+  master_password = local.db_password
 
   # When using RDS Proxy w/ IAM auth - Database must be username/password auth, not IAM
   iam_database_authentication_enabled = false
 
-  engine              = "aurora-mysql"
-  engine_version      = "5.7"
-  replica_count       = 1
-  instance_type       = "db.t3.medium"
+  engine         = "aurora-mysql"
+  engine_version = "5.7.12"
+  instance_class = "db.r6g.large"
+  instances      = { 1 = {}, 2 = {} }
+
   storage_encrypted   = true
   apply_immediately   = true
   skip_final_snapshot = true
@@ -97,6 +98,7 @@ module "rds" {
   vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
 
   db_subnet_group_name            = local.name # Created by VPC module
+  create_db_subnet_group          = false
   db_parameter_group_name         = aws_db_parameter_group.aurora_db_mysql57_parameter_group.id
   db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_cluster_mysql57_parameter_group.id
 
@@ -119,117 +121,6 @@ resource "aws_rds_cluster_parameter_group" "aurora_cluster_mysql57_parameter_gro
   tags = local.tags
 }
 
-################################################################################
-# Test Resources
-################################################################################
-
-resource "aws_iam_instance_profile" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.name
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test_assume" {
-  statement {
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "ec2_test" {
-  name_prefix           = local.name
-  force_detach_policies = true
-  assume_role_policy    = data.aws_iam_policy_document.ec2_test_assume.json
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test" {
-  statement {
-    actions   = ["rds-db:connect"]
-    resources = ["${local.db_iam_connect_prefix}/${local.db_username}"]
-  }
-}
-
-resource "aws_iam_role_policy" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.id
-  policy      = data.aws_iam_policy_document.ec2_test.json
-}
-
-resource "aws_iam_role_policy_attachment" "ec2_ssm" {
-  role       = aws_iam_role.ec2_test.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
-}
-
-data "aws_ami" "ubuntu" {
-  most_recent = true
-  owners      = ["679593333241"]
-
-  filter {
-    name   = "name"
-    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-*"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-}
-
-module "ec2_sg" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
-
-  name        = "ec2"
-  description = "EC2 RDS Proxy example security group"
-  vpc_id      = module.vpc.vpc_id
-
-  egress_rules = ["all-all"]
-
-  tags = local.tags
-}
-
-module "ec2_instance" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3"
-
-  name = local.name
-
-  monitoring    = true
-  ebs_optimized = true
-  metadata_options = {
-    http_endpoint = "disabled"
-  }
-  root_block_device = [
-    {
-      encrypted = true
-    }
-  ]
-
-  iam_instance_profile = aws_iam_instance_profile.ec2_test.name
-  user_data            = <<-EOT
-  #!/usr/bin/env bash
-
-  mkdir -p /home/ssm-user/ && wget -O /home/ssm-user/AmazonRootCA1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
-
-  apt update
-  apt install awscli mysql-server -y
-
-  EOT
-
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = "t3.micro"
-  vpc_security_group_ids = [module.ec2_sg.security_group_id]
-  subnet_id              = element(module.vpc.private_subnets, 0)
-
-  tags = local.tags
-}
-
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
@@ -260,7 +151,7 @@ resource "aws_secretsmanager_secret_version" "superuser" {
 
 module "rds_proxy_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds_proxy"
   description = "PostgreSQL RDS Proxy example security group"
@@ -322,13 +213,13 @@ module "rds_proxy" {
   }
 
   engine_family = "MYSQL"
-  db_host       = module.rds.rds_cluster_endpoint
-  db_name       = module.rds.rds_cluster_database_name
+  db_host       = module.rds.cluster_endpoint
+  db_name       = module.rds.cluster_database_name
   debug_logging = true
 
   # Target Aurora cluster
   target_db_cluster     = true
-  db_cluster_identifier = module.rds.rds_cluster_id
+  db_cluster_identifier = module.rds.cluster_id
 
   tags = local.tags
 }

examples/mysql_iam_cluster/outputs.tf

@@ -77,20 +77,3 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = module.rds_proxy.log_group_arn
 }
-
-# For aiding in testing & verification
-output "superuser_db_password_connect" {
-  description = "Connect to database using superuser with username/password directly to database"
-  value       = "mysql --host=${module.rds.rds_cluster_endpoint} --user=${local.db_username} --password=${local.db_password} ${module.rds.rds_cluster_database_name}"
-  sensitive   = true
-}
-
-output "superuser_proxy_iam_token" {
-  description = "Gerate connection token for connecting to RDS Proxy with IAM auth"
-  value       = "TOKEN=$(aws rds generate-db-auth-token --hostname ${module.rds_proxy.proxy_endpoint} --port 3306 --region ${local.region} --username ${local.db_username})"
-}
-
-output "superuser_proxy_iam_connect" {
-  description = "Connect to RDS Proxy using IAM auth via token generated"
-  value       = "mysql --host=${module.rds_proxy.proxy_endpoint} --user=${local.db_username} --password=$TOKEN ${module.rds.rds_cluster_database_name} --ssl-ca=/home/ssm-user/AmazonRootCA1.pem --enable-cleartext-plugin"
-}

examples/mysql_iam_instance/README.md

@@ -37,37 +37,28 @@ An EC2 instance configuration has been provided for use in validating the exampl
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.59.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ec2_instance"></a> [ec2\_instance](#module\_ec2\_instance) | terraform-aws-modules/ec2-instance/aws | ~> 3 |
-| <a name="module_ec2_sg"></a> [ec2\_sg](#module\_ec2\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 3 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 3.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
-| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3 |
+| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_iam_instance_profile.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_role.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.ec2_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_secretsmanager_secret.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ec2_test_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -94,9 +85,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-| <a name="output_superuser_db_password_connect"></a> [superuser\_db\_password\_connect](#output\_superuser\_db\_password\_connect) | Connect to database using superuser with username/password directly to database |
-| <a name="output_superuser_proxy_iam_connect"></a> [superuser\_proxy\_iam\_connect](#output\_superuser\_proxy\_iam\_connect) | Connect to RDS Proxy using IAM auth via token generated |
-| <a name="output_superuser_proxy_iam_token"></a> [superuser\_proxy\_iam\_token](#output\_superuser\_proxy\_iam\_token) | Gerate connection token for connecting to RDS Proxy with IAM auth |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 Apache-2.0 Licensed. See [LICENSE](../../LICENSE).

examples/mysql_iam_instance/main.tf

@@ -38,7 +38,7 @@ resource "random_password" "password" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name = local.name
   cidr = "10.0.0.0/18"
@@ -69,7 +69,7 @@ module "vpc" {
 
 module "rds_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds"
   description = "MySQL RDS example security group"
@@ -90,7 +90,7 @@ module "rds_sg" {
 
 module "rds" {
   source  = "terraform-aws-modules/rds/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name     = local.db_name
   username = local.db_username
@@ -126,117 +126,6 @@ module "rds" {
   tags = local.tags
 }
 
-################################################################################
-# Test Resources
-################################################################################
-
-resource "aws_iam_instance_profile" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.name
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test_assume" {
-  statement {
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "ec2_test" {
-  name_prefix           = local.name
-  force_detach_policies = true
-  assume_role_policy    = data.aws_iam_policy_document.ec2_test_assume.json
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test" {
-  statement {
-    actions   = ["rds-db:connect"]
-    resources = ["${local.db_iam_connect_prefix}/${local.db_username}"]
-  }
-}
-
-resource "aws_iam_role_policy" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.id
-  policy      = data.aws_iam_policy_document.ec2_test.json
-}
-
-resource "aws_iam_role_policy_attachment" "ec2_ssm" {
-  role       = aws_iam_role.ec2_test.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
-}
-
-data "aws_ami" "ubuntu" {
-  most_recent = true
-  owners      = ["679593333241"]
-
-  filter {
-    name   = "name"
-    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-*"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-}
-
-module "ec2_sg" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
-
-  name        = "ec2"
-  description = "EC2 RDS Proxy example security group"
-  vpc_id      = module.vpc.vpc_id
-
-  egress_rules = ["all-all"]
-
-  tags = local.tags
-}
-
-module "ec2_instance" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3"
-
-  name = local.name
-
-  monitoring    = true
-  ebs_optimized = true
-  metadata_options = {
-    http_endpoint = "disabled"
-  }
-  root_block_device = [
-    {
-      encrypted = true
-    }
-  ]
-
-  iam_instance_profile = aws_iam_instance_profile.ec2_test.name
-  user_data            = <<-EOT
-  #!/usr/bin/env bash
-
-  mkdir -p /home/ssm-user/ && wget -O /home/ssm-user/AmazonRootCA1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
-
-  apt update
-  apt install awscli mysql-server -y
-
-  EOT
-
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = "t3.micro"
-  vpc_security_group_ids = [module.ec2_sg.security_group_id]
-  subnet_id              = element(module.vpc.private_subnets, 0)
-
-  tags = local.tags
-}
-
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
@@ -267,7 +156,7 @@ resource "aws_secretsmanager_secret_version" "superuser" {
 
 module "rds_proxy_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds_proxy"
   description = "MySQL RDS Proxy example security group"

examples/mysql_iam_instance/outputs.tf

@@ -77,20 +77,3 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = module.rds_proxy.log_group_arn
 }
-
-# For aiding in testing & verification
-output "superuser_db_password_connect" {
-  description = "Connect to database using superuser with username/password directly to database"
-  value       = "mysql --host=${module.rds.db_instance_address} --user=${local.db_username} --password=${local.db_password} ${module.rds.db_instance_name}"
-  sensitive   = true
-}
-
-output "superuser_proxy_iam_token" {
-  description = "Gerate connection token for connecting to RDS Proxy with IAM auth"
-  value       = "TOKEN=$(aws rds generate-db-auth-token --hostname ${module.rds_proxy.proxy_endpoint} --port 3306 --region ${local.region} --username ${local.db_username})"
-}
-
-output "superuser_proxy_iam_connect" {
-  description = "Connect to RDS Proxy using IAM auth via token generated"
-  value       = "mysql --host=${module.rds_proxy.proxy_endpoint} --user=${local.db_username} --password=$TOKEN ${module.rds.db_instance_name} --ssl-ca=/home/ssm-user/AmazonRootCA1.pem --enable-cleartext-plugin"
-}

examples/postgresql_iam_cluster/README.md

@@ -37,38 +37,29 @@ An EC2 instance configuration has been provided for use in validating the exampl
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.59.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ec2_instance"></a> [ec2\_instance](#module\_ec2\_instance) | terraform-aws-modules/ec2-instance/aws | ~> 3 |
-| <a name="module_ec2_sg"></a> [ec2\_sg](#module\_ec2\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 5 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 6.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
-| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3 |
+| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | [aws_db_parameter_group.aurora_db_postgres11_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
-| [aws_iam_instance_profile.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_role.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.ec2_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_rds_cluster_parameter_group.aurora_cluster_postgres11_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
 | [aws_secretsmanager_secret.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ec2_test_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -95,9 +86,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-| <a name="output_superuser_db_password_connect"></a> [superuser\_db\_password\_connect](#output\_superuser\_db\_password\_connect) | Connect to database using superuser with username/password directly to database |
-| <a name="output_superuser_proxy_iam_connect"></a> [superuser\_proxy\_iam\_connect](#output\_superuser\_proxy\_iam\_connect) | Connect to RDS Proxy using IAM auth via token generated |
-| <a name="output_superuser_proxy_iam_token"></a> [superuser\_proxy\_iam\_token](#output\_superuser\_proxy\_iam\_token) | Gerate connection token for connecting to RDS Proxy with IAM auth |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 Apache-2.0 Licensed. See [LICENSE](../../LICENSE).

examples/postgresql_iam_cluster/main.tf

@@ -38,7 +38,7 @@ resource "random_password" "password" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name = local.name
   cidr = "10.0.0.0/18"
@@ -69,20 +69,21 @@ module "vpc" {
 
 module "rds" {
   source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "~> 5"
+  version = "~> 6.0"
 
-  name          = local.name
-  database_name = local.db_name
-  username      = local.db_username
-  password      = local.db_password
+  name            = local.name
+  database_name   = local.db_name
+  master_username = local.db_username
+  master_password = local.db_password
 
   # When using RDS Proxy w/ IAM auth - Database must be username/password auth, not IAM
   iam_database_authentication_enabled = false
 
-  engine              = "aurora-postgresql"
-  engine_version      = "11.9"
-  replica_count       = 1
-  instance_type       = "db.t3.medium"
+  engine         = "aurora-postgresql"
+  engine_version = "11.12"
+  instance_class = "db.r6g.large"
+  instances      = { 1 = {}, 2 = {} }
+
   storage_encrypted   = true
   apply_immediately   = true
   skip_final_snapshot = true
@@ -97,6 +98,7 @@ module "rds" {
   vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
 
   db_subnet_group_name            = local.name # Created by VPC module
+  create_db_subnet_group          = false
   db_parameter_group_name         = aws_db_parameter_group.aurora_db_postgres11_parameter_group.id
   db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_cluster_postgres11_parameter_group.id
 
@@ -119,117 +121,6 @@ resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres11_parameter_
   tags = local.tags
 }
 
-################################################################################
-# Test Resources
-################################################################################
-
-resource "aws_iam_instance_profile" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.name
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test_assume" {
-  statement {
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "ec2_test" {
-  name_prefix           = local.name
-  force_detach_policies = true
-  assume_role_policy    = data.aws_iam_policy_document.ec2_test_assume.json
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test" {
-  statement {
-    actions   = ["rds-db:connect"]
-    resources = ["${local.db_iam_connect_prefix}/${local.db_username}"]
-  }
-}
-
-resource "aws_iam_role_policy" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.id
-  policy      = data.aws_iam_policy_document.ec2_test.json
-}
-
-resource "aws_iam_role_policy_attachment" "ec2_ssm" {
-  role       = aws_iam_role.ec2_test.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
-}
-
-data "aws_ami" "ubuntu" {
-  most_recent = true
-  owners      = ["679593333241"]
-
-  filter {
-    name   = "name"
-    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-*"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-}
-
-module "ec2_sg" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
-
-  name        = "ec2"
-  description = "EC2 RDS Proxy example security group"
-  vpc_id      = module.vpc.vpc_id
-
-  egress_rules = ["all-all"]
-
-  tags = local.tags
-}
-
-module "ec2_instance" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3"
-
-  name = local.name
-
-  monitoring    = true
-  ebs_optimized = true
-  metadata_options = {
-    http_endpoint = "disabled"
-  }
-  root_block_device = [
-    {
-      encrypted = true
-    }
-  ]
-
-  iam_instance_profile = aws_iam_instance_profile.ec2_test.name
-  user_data            = <<-EOT
-  #!/usr/bin/env bash
-
-  mkdir -p /home/ssm-user/ && wget -O /home/ssm-user/AmazonRootCA1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
-
-  apt update
-  apt install awscli postgresql-client -y
-
-  EOT
-
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = "t3.micro"
-  vpc_security_group_ids = [module.ec2_sg.security_group_id]
-  subnet_id              = element(module.vpc.private_subnets, 0)
-
-  tags = local.tags
-}
-
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
@@ -260,7 +151,7 @@ resource "aws_secretsmanager_secret_version" "superuser" {
 
 module "rds_proxy_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds_proxy"
   description = "PostgreSQL RDS Proxy example security group"
@@ -322,13 +213,13 @@ module "rds_proxy" {
   }
 
   engine_family = "POSTGRESQL"
-  db_host       = module.rds.rds_cluster_endpoint
-  db_name       = module.rds.rds_cluster_database_name
+  db_host       = module.rds.cluster_endpoint
+  db_name       = module.rds.cluster_database_name
   debug_logging = true
 
   # Target Aurora cluster
   target_db_cluster     = true
-  db_cluster_identifier = module.rds.rds_cluster_id
+  db_cluster_identifier = module.rds.cluster_id
 
   tags = local.tags
 }

examples/postgresql_iam_cluster/outputs.tf

@@ -77,20 +77,3 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = module.rds_proxy.log_group_arn
 }
-
-# For aiding in testing & verification
-output "superuser_db_password_connect" {
-  description = "Connect to database using superuser with username/password directly to database"
-  value       = "PGPASSWORD=${local.db_password} psql -h ${module.rds.rds_cluster_endpoint} -p 5432 -d ${module.rds.rds_cluster_database_name} -U ${local.db_username} --set=sslmode=require"
-  sensitive   = true
-}
-
-output "superuser_proxy_iam_token" {
-  description = "Gerate connection token for connecting to RDS Proxy with IAM auth"
-  value       = "TOKEN=$(aws rds generate-db-auth-token --hostname ${module.rds_proxy.proxy_endpoint} --port 5432 --region ${local.region} --username ${local.db_username})"
-}
-
-output "superuser_proxy_iam_connect" {
-  description = "Connect to RDS Proxy using IAM auth via token generated"
-  value       = "psql \"host=${module.rds_proxy.proxy_endpoint} port=5432 sslmode=verify-full sslrootcert=/home/ssm-user/AmazonRootCA1.pem dbname=${module.rds.rds_cluster_database_name} user=${local.db_username} password=$TOKEN\""
-}

examples/postgresql_iam_instance/README.md

@@ -37,37 +37,28 @@ An EC2 instance configuration has been provided for use in validating the exampl
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 3.59.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.1.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.38 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ec2_instance"></a> [ec2\_instance](#module\_ec2\_instance) | terraform-aws-modules/ec2-instance/aws | ~> 3 |
-| <a name="module_ec2_sg"></a> [ec2\_sg](#module\_ec2\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 3 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 3.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
-| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 4 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3 |
+| <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_iam_instance_profile.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
-| [aws_iam_role.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.ec2_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_secretsmanager_secret.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
 | [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_iam_policy_document.ec2_test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.ec2_test_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
@@ -94,9 +85,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-| <a name="output_superuser_db_password_connect"></a> [superuser\_db\_password\_connect](#output\_superuser\_db\_password\_connect) | Connect to database using superuser with username/password directly to database |
-| <a name="output_superuser_proxy_iam_connect"></a> [superuser\_proxy\_iam\_connect](#output\_superuser\_proxy\_iam\_connect) | Connect to RDS Proxy using IAM auth via token generated |
-| <a name="output_superuser_proxy_iam_token"></a> [superuser\_proxy\_iam\_token](#output\_superuser\_proxy\_iam\_token) | Gerate connection token for connecting to RDS Proxy with IAM auth |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 Apache-2.0 Licensed. See [LICENSE](../../LICENSE).

examples/postgresql_iam_instance/main.tf

@@ -38,7 +38,7 @@ resource "random_password" "password" {
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name = local.name
   cidr = "10.0.0.0/18"
@@ -69,7 +69,7 @@ module "vpc" {
 
 module "rds_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds"
   description = "PostgreSQL RDS example security group"
@@ -90,7 +90,7 @@ module "rds_sg" {
 
 module "rds" {
   source  = "terraform-aws-modules/rds/aws"
-  version = "~> 3"
+  version = "~> 3.0"
 
   name     = local.db_name
   username = local.db_username
@@ -101,7 +101,7 @@ module "rds" {
 
   identifier           = local.name
   engine               = "postgres"
-  engine_version       = "11.9"
+  engine_version       = "11.12"
   family               = "postgres11"
   major_engine_version = "11"
   port                 = 5432
@@ -126,117 +126,6 @@ module "rds" {
   tags = local.tags
 }
 
-################################################################################
-# Test Resources
-################################################################################
-
-resource "aws_iam_instance_profile" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.name
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test_assume" {
-  statement {
-    actions = ["sts:AssumeRole"]
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role" "ec2_test" {
-  name_prefix           = local.name
-  force_detach_policies = true
-  assume_role_policy    = data.aws_iam_policy_document.ec2_test_assume.json
-
-  tags = local.tags
-}
-
-data "aws_iam_policy_document" "ec2_test" {
-  statement {
-    actions   = ["rds-db:connect"]
-    resources = ["${local.db_iam_connect_prefix}/${local.db_username}"]
-  }
-}
-
-resource "aws_iam_role_policy" "ec2_test" {
-  name_prefix = local.name
-  role        = aws_iam_role.ec2_test.id
-  policy      = data.aws_iam_policy_document.ec2_test.json
-}
-
-resource "aws_iam_role_policy_attachment" "ec2_ssm" {
-  role       = aws_iam_role.ec2_test.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
-}
-
-data "aws_ami" "ubuntu" {
-  most_recent = true
-  owners      = ["679593333241"]
-
-  filter {
-    name   = "name"
-    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-*"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-}
-
-module "ec2_sg" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
-
-  name        = "ec2"
-  description = "EC2 RDS Proxy example security group"
-  vpc_id      = module.vpc.vpc_id
-
-  egress_rules = ["all-all"]
-
-  tags = local.tags
-}
-
-module "ec2_instance" {
-  source  = "terraform-aws-modules/ec2-instance/aws"
-  version = "~> 3"
-
-  name = local.name
-
-  monitoring    = true
-  ebs_optimized = true
-  metadata_options = {
-    http_endpoint = "disabled"
-  }
-  root_block_device = [
-    {
-      encrypted = true
-    }
-  ]
-
-  iam_instance_profile = aws_iam_instance_profile.ec2_test.name
-  user_data            = <<-EOT
-  #!/usr/bin/env bash
-
-  mkdir -p /home/ssm-user/ && wget -O /home/ssm-user/AmazonRootCA1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
-
-  apt update
-  apt install awscli postgresql -y
-
-  EOT
-
-  ami                    = data.aws_ami.ubuntu.id
-  instance_type          = "t3.micro"
-  vpc_security_group_ids = [module.ec2_sg.security_group_id]
-  subnet_id              = element(module.vpc.private_subnets, 0)
-
-  tags = local.tags
-}
-
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
@@ -267,7 +156,7 @@ resource "aws_secretsmanager_secret_version" "superuser" {
 
 module "rds_proxy_sg" {
   source  = "terraform-aws-modules/security-group/aws"
-  version = "~> 4"
+  version = "~> 4.0"
 
   name        = "rds_proxy"
   description = "PostgreSQL RDS Proxy example security group"

examples/postgresql_iam_instance/outputs.tf

@@ -77,20 +77,3 @@ output "log_group_arn" {
   description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
   value       = module.rds_proxy.log_group_arn
 }
-
-# For aiding in testing & verification
-output "superuser_db_password_connect" {
-  description = "Connect to database using superuser with username/password directly to database"
-  value       = "PGPASSWORD=${local.db_password} psql -h ${module.rds.db_instance_address} -p 5432 -d ${module.rds.db_instance_name} -U ${local.db_username} --set=sslmode=require"
-  sensitive   = true
-}
-
-output "superuser_proxy_iam_token" {
-  description = "Gerate connection token for connecting to RDS Proxy with IAM auth"
-  value       = "TOKEN=$(aws rds generate-db-auth-token --hostname ${module.rds_proxy.proxy_endpoint} --port 5432 --region ${local.region} --username ${local.db_username})"
-}
-
-output "superuser_proxy_iam_connect" {
-  description = "Connect to RDS Proxy using IAM auth via token generated"
-  value       = "psql \"host=${module.rds_proxy.proxy_endpoint} port=5432 sslmode=verify-full sslrootcert=/home/ssm-user/AmazonRootCA1.pem dbname=${module.rds.db_instance_name} user=${local.db_username} password=$TOKEN\""
-}