diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3bc131b..ad121ba 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,13 +1,27 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.55.0
+ rev: v1.56.0
hooks:
- id: terraform_fmt
+ - id: terraform_validate
- id: terraform_docs
args:
- '--args=--lockfile=false'
- - id: terraform_validate
- id: terraform_tflint
+ args:
+ - '--args=--only=terraform_deprecated_interpolation'
+ - '--args=--only=terraform_deprecated_index'
+ - '--args=--only=terraform_unused_declarations'
+ - '--args=--only=terraform_comment_syntax'
+ - '--args=--only=terraform_documented_outputs'
+ - '--args=--only=terraform_documented_variables'
+ - '--args=--only=terraform_typed_variables'
+ - '--args=--only=terraform_module_pinned_source'
+ - '--args=--only=terraform_naming_convention'
+ - '--args=--only=terraform_required_version'
+ - '--args=--only=terraform_required_providers'
+ - '--args=--only=terraform_standard_module_structure'
+ - '--args=--only=terraform_workspace_remote'
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
diff --git a/README.md b/README.md
index d648522..3015ace 100644
--- a/README.md
+++ b/README.md
@@ -114,21 +114,17 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | `map(string)` | `{}` | no |
| [auth\_scheme](#input\_auth\_scheme) | The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS` | `string` | `"SECRETS"` | no |
| [connection\_borrow\_timeout](#input\_connection\_borrow\_timeout) | The number of seconds for a proxy to wait for a connection to become available in the connection pool | `number` | `null` | no |
| [create\_iam\_policy](#input\_create\_iam\_policy) | Determines whether an IAM policy is created | `bool` | `true` | no |
| [create\_iam\_role](#input\_create\_iam\_role) | Determines whether an IAM role is created | `bool` | `true` | no |
| [create\_proxy](#input\_create\_proxy) | Determines whether a proxy and its resources will be created | `bool` | `true` | no |
| [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
-| [db\_host](#input\_db\_host) | The identifier to use for the database endpoint | `string` | `""` | no |
| [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
-| [db\_name](#input\_db\_name) | The name of the database | `string` | `""` | no |
| [db\_proxy\_endpoints](#input\_db\_proxy\_endpoints) | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no |
| [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
| [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
| [iam\_auth](#input\_iam\_auth) | Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED` | `string` | `"REQUIRED"` | no |
-| [iam\_creation\_wait\_duration](#input\_iam\_creation\_wait\_duration) | Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay. | `string` | `"30s"` | no |
| [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
| [iam\_role\_description](#input\_iam\_role\_description) | The description of the role | `string` | `""` | no |
| [iam\_role\_force\_detach\_policies](#input\_iam\_role\_force\_detach\_policies) | Specifies to force detaching any policies the role has before destroying it | `bool` | `true` | no |
diff --git a/examples/mysql_iam_cluster/README.md b/examples/mysql_iam_cluster/README.md
index 8c13127..8eece2f 100644
--- a/examples/mysql_iam_cluster/README.md
+++ b/examples/mysql_iam_cluster/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.1 |
| [aws](#requirement\_aws) | >= 3.38 |
+| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.38 |
-| [random](#provider\_random) | n/a |
+| [random](#provider\_random) | >= 2.0 |
## Modules
@@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
| [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/mysql_iam_cluster/main.tf b/examples/mysql_iam_cluster/main.tf
index 64a812d..a3e86c2 100644
--- a/examples/mysql_iam_cluster/main.tf
+++ b/examples/mysql_iam_cluster/main.tf
@@ -3,14 +3,10 @@ provider "aws" {
}
locals {
- region = "us-east-1"
- name = "example-${replace(basename(path.cwd), "_", "-")}"
-
- db_name = "example"
- db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
- db_password = random_password.password.result
- db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6)
- db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+ region = "us-east-1"
+ name = "example-${replace(basename(path.cwd), "_", "-")}"
+ db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+ db_password = random_password.password.result
tags = {
Example = local.name
@@ -18,10 +14,6 @@ locals {
}
}
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
################################################################################
# Supporting Resources
################################################################################
@@ -72,7 +64,7 @@ module "rds" {
version = "~> 6.0"
name = local.name
- database_name = local.db_name
+ database_name = "example"
master_username = local.db_username
master_password = local.db_password
@@ -213,8 +205,6 @@ module "rds_proxy" {
}
engine_family = "MYSQL"
- db_host = module.rds.cluster_endpoint
- db_name = module.rds.cluster_database_name
debug_logging = true
# Target Aurora cluster
diff --git a/examples/mysql_iam_cluster/variables.tf b/examples/mysql_iam_cluster/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/mysql_iam_cluster/versions.tf b/examples/mysql_iam_cluster/versions.tf
index 7f7a34a..31a0e14 100644
--- a/examples/mysql_iam_cluster/versions.tf
+++ b/examples/mysql_iam_cluster/versions.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.38"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.0"
+ }
}
}
diff --git a/examples/mysql_iam_instance/README.md b/examples/mysql_iam_instance/README.md
index 363ba2d..25de7f2 100644
--- a/examples/mysql_iam_instance/README.md
+++ b/examples/mysql_iam_instance/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.1 |
| [aws](#requirement\_aws) | >= 3.38 |
+| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.38 |
-| [random](#provider\_random) | n/a |
+| [random](#provider\_random) | >= 2.0 |
## Modules
@@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
| [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/mysql_iam_instance/main.tf b/examples/mysql_iam_instance/main.tf
index 64b52f2..461a65e 100644
--- a/examples/mysql_iam_instance/main.tf
+++ b/examples/mysql_iam_instance/main.tf
@@ -3,14 +3,10 @@ provider "aws" {
}
locals {
- region = "us-east-1"
- name = "example-${replace(basename(path.cwd), "_", "-")}"
-
- db_name = "example"
- db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
- db_password = random_password.password.result
- db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6)
- db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+ region = "us-east-1"
+ name = "example-${replace(basename(path.cwd), "_", "-")}"
+ db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+ db_password = random_password.password.result
tags = {
Example = local.name
@@ -18,10 +14,6 @@ locals {
}
}
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
################################################################################
# Supporting Resources
################################################################################
@@ -92,7 +84,7 @@ module "rds" {
source = "terraform-aws-modules/rds/aws"
version = "~> 3.0"
- name = local.db_name
+ name = "example"
username = local.db_username
password = local.db_password
@@ -218,8 +210,6 @@ module "rds_proxy" {
}
engine_family = "MYSQL"
- db_host = module.rds.db_instance_address
- db_name = module.rds.db_instance_name
debug_logging = true
# Target RDS instance
diff --git a/examples/mysql_iam_instance/variables.tf b/examples/mysql_iam_instance/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/mysql_iam_instance/versions.tf b/examples/mysql_iam_instance/versions.tf
index 7f7a34a..31a0e14 100644
--- a/examples/mysql_iam_instance/versions.tf
+++ b/examples/mysql_iam_instance/versions.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.38"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.0"
+ }
}
}
diff --git a/examples/postgresql_iam_cluster/README.md b/examples/postgresql_iam_cluster/README.md
index 764caf0..4d59d79 100644
--- a/examples/postgresql_iam_cluster/README.md
+++ b/examples/postgresql_iam_cluster/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.1 |
| [aws](#requirement\_aws) | >= 3.38 |
+| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.38 |
-| [random](#provider\_random) | n/a |
+| [random](#provider\_random) | >= 2.0 |
## Modules
@@ -59,9 +60,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
| [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/postgresql_iam_cluster/main.tf b/examples/postgresql_iam_cluster/main.tf
index e2b3bf9..8f7a5f1 100644
--- a/examples/postgresql_iam_cluster/main.tf
+++ b/examples/postgresql_iam_cluster/main.tf
@@ -3,14 +3,10 @@ provider "aws" {
}
locals {
- region = "us-east-1"
- name = "example-${replace(basename(path.cwd), "_", "-")}"
-
- db_name = "example"
- db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
- db_password = random_password.password.result
- db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6)
- db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+ region = "us-east-1"
+ name = "example-${replace(basename(path.cwd), "_", "-")}"
+ db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+ db_password = random_password.password.result
tags = {
Example = local.name
@@ -18,10 +14,6 @@ locals {
}
}
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
################################################################################
# Supporting Resources
################################################################################
@@ -72,7 +64,7 @@ module "rds" {
version = "~> 6.0"
name = local.name
- database_name = local.db_name
+ database_name = "example"
master_username = local.db_username
master_password = local.db_password
@@ -213,8 +205,6 @@ module "rds_proxy" {
}
engine_family = "POSTGRESQL"
- db_host = module.rds.cluster_endpoint
- db_name = module.rds.cluster_database_name
debug_logging = true
# Target Aurora cluster
diff --git a/examples/postgresql_iam_cluster/variables.tf b/examples/postgresql_iam_cluster/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/postgresql_iam_cluster/versions.tf b/examples/postgresql_iam_cluster/versions.tf
index 7f7a34a..31a0e14 100644
--- a/examples/postgresql_iam_cluster/versions.tf
+++ b/examples/postgresql_iam_cluster/versions.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.38"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.0"
+ }
}
}
diff --git a/examples/postgresql_iam_instance/README.md b/examples/postgresql_iam_instance/README.md
index 40cad3c..ba0b04f 100644
--- a/examples/postgresql_iam_instance/README.md
+++ b/examples/postgresql_iam_instance/README.md
@@ -32,13 +32,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.1 |
| [aws](#requirement\_aws) | >= 3.38 |
+| [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.38 |
-| [random](#provider\_random) | n/a |
+| [random](#provider\_random) | >= 2.0 |
## Modules
@@ -58,9 +59,7 @@ An EC2 instance configuration has been provided for use in validating the exampl
| [aws_secretsmanager_secret_version.superuser](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_pet.users](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
-| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_kms_alias.secretsmanager](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_alias) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/postgresql_iam_instance/main.tf b/examples/postgresql_iam_instance/main.tf
index 826040a..07b56d2 100644
--- a/examples/postgresql_iam_instance/main.tf
+++ b/examples/postgresql_iam_instance/main.tf
@@ -3,14 +3,10 @@ provider "aws" {
}
locals {
- region = "us-east-1"
- name = "example-${replace(basename(path.cwd), "_", "-")}"
-
- db_name = "example"
- db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
- db_password = random_password.password.result
- db_proxy_resource_id = element(split(":", module.rds_proxy.proxy_arn), 6)
- db_iam_connect_prefix = "arn:aws:rds-db:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:dbuser:${local.db_proxy_resource_id}"
+ region = "us-east-1"
+ name = "example-${replace(basename(path.cwd), "_", "-")}"
+ db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
+ db_password = random_password.password.result
tags = {
Example = local.name
@@ -18,10 +14,6 @@ locals {
}
}
-data "aws_region" "current" {}
-
-data "aws_caller_identity" "current" {}
-
################################################################################
# Supporting Resources
################################################################################
@@ -92,7 +84,7 @@ module "rds" {
source = "terraform-aws-modules/rds/aws"
version = "~> 3.0"
- name = local.db_name
+ name = "example"
username = local.db_username
password = local.db_password
@@ -218,8 +210,6 @@ module "rds_proxy" {
}
engine_family = "POSTGRESQL"
- db_host = module.rds.db_instance_address
- db_name = module.rds.db_instance_name
debug_logging = true
# Target RDS instance
diff --git a/examples/postgresql_iam_instance/variables.tf b/examples/postgresql_iam_instance/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/postgresql_iam_instance/versions.tf b/examples/postgresql_iam_instance/versions.tf
index 7f7a34a..31a0e14 100644
--- a/examples/postgresql_iam_instance/versions.tf
+++ b/examples/postgresql_iam_instance/versions.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = ">= 3.38"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 2.0"
+ }
}
}
diff --git a/main.tf b/main.tf
index 42e51cc..656d23a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,4 @@
locals {
- db_identifier_key = var.db_instance_identifier != "" ? "dbInstanceIdentifier" : "dbClusterIdentifier"
- db_identifier_value = var.db_instance_identifier != "" ? var.db_instance_identifier : var.db_cluster_identifier
-
role_arn = var.create_proxy && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn
role_name = coalesce(var.iam_role_name, var.name)
policy_name = coalesce(var.iam_policy_name, var.name)
diff --git a/variables.tf b/variables.tf
index 1547bfd..cb4254f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -17,12 +17,6 @@ variable "name" {
default = ""
}
-variable "auth" {
- description = "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters"
- type = map(string)
- default = {}
-}
-
variable "debug_logging" {
description = "Whether the proxy includes detailed information about SQL statements in its logs"
type = bool
@@ -89,18 +83,6 @@ variable "secrets" {
default = {}
}
-variable "db_host" {
- description = "The identifier to use for the database endpoint"
- type = string
- default = ""
-}
-
-variable "db_name" {
- description = "The name of the database"
- type = string
- default = ""
-}
-
# Proxy Default Target Group
variable "connection_borrow_timeout" {
description = "The number of seconds for a proxy to wait for a connection to become available in the connection pool"
@@ -262,9 +244,3 @@ variable "use_policy_name_prefix" {
type = bool
default = false
}
-
-variable "iam_creation_wait_duration" {
- description = "Time duration delay to wait for IAM resource creation/propagation. For example, 30s for 30 seconds or 5m for 5 minutes. Updating this value by itself will not trigger a delay."
- type = string
- default = "30s"
-}