feat: Repo has moved to [terraform-aws-modules](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy) organization

2025-12-16 16:01:11 +00:00 · 2022-04-20 18:48:34 -04:00 · 2022-04-20 18:48:34 -04:00 · ec9c76000e
commit ec9c76000e
parent 2f5444105f
21 changed files with 489 additions and 421 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,2 +0,0 @@
 # Default owners - required for review/approval
 *   @bryantbiggs
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@ -1,76 +0,0 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, sex characteristics, gender identity and expression,
 level of experience, education, socio-economic status, nationality, personal
 appearance, race, religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment
 include:
 - Using welcoming and inclusive language
 - Being respectful of differing viewpoints and experiences
 - Gracefully accepting constructive criticism
 - Focusing on what is best for the community
 - Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 - The use of sexualized language or imagery and unwelcome sexual attention or
  advances
 - Trolling, insulting/derogatory comments, and personal or political attacks
 - Public or private harassment
 - Publishing others' private information, such as a physical or electronic
  address, without explicit permission
 - Other conduct which could reasonably be considered inappropriate in a
  professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project team at contact@clowd.haus. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
 Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 [homepage]: https://www.contributor-covenant.org
 For answers to common questions about this code of conduct, see
 https://www.contributor-covenant.org/faq
--- a/.github/images/bridgecrew.svg
+++ b/.github/images/bridgecrew.svg
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -0,0 +1,52 @@
 name: 'Validate PR title'
 on:
  pull_request_target:
    types:
      - opened
      - edited
      - synchronize
 jobs:
  main:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
      # Please look up the latest version from
      # https://github.com/amannn/action-semantic-pull-request/releases
      - uses: amannn/action-semantic-pull-request@v3.4.6
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          # Configure which types are allowed.
          # Default: https://github.com/commitizen/conventional-commit-types
          types: |
            fix
            feat
            docs
            ci
            chore
          # Configure that a scope must always be provided.
          requireScope: false
          # Configure additional validation for the subject based on a regex.
          # This example ensures the subject starts with an uppercase character.
          subjectPattern: ^[A-Z].+$
          # If `subjectPattern` is configured, you can use this property to override
          # the default error message that is shown when the pattern doesn't match.
          # The variables `subject` and `title` can be used within the message.
          subjectPatternError: |
            The subject "{subject}" found in the pull request title "{title}"
            didn't match the configured pattern. Please ensure that the subject
            starts with an uppercase character.
          # For work-in-progress PRs you can typically use draft pull requests
          # from Github. However, private repositories on the free plan don't have
          # this option and therefore this action allows you to opt-in to using the
          # special "[WIP]" prefix to indicate this state. This will avoid the
          # validation of the PR title and the pull request checks remain pending.
          # Note that a second check will be reported if this is enabled.
          wip: true
          # When using "Squash and merge" on a PR with only one commit, GitHub
          # will suggest using that commit message instead of the PR title for the
          # merge commit, and it's easy to commit this by mistake. Enable this option
          # to also validate the commit message for one commit PRs.
          validateSingleCommit: false
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@ -1,4 +1,4 @@
-name: pre-commit
+name: Pre-Commit
 on:
  pull_request:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,36 @@
 name: Release
 on:
  workflow_dispatch:
  push:
    branches:
      - master
    paths:
      - '**/*.tpl'
      - '**/*.py'
      - '**/*.tf'
      - '.github/workflows/release.yml'
 jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    # Skip running release workflow on forks
    if: github.repository_owner == 'terraform-aws-modules'
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          persist-credentials: false
          fetch-depth: 0
      - name: Release
        uses: cycjimmy/semantic-release-action@v2
        with:
          semantic_version: 18.0.0
          extra_plugins: |
            @semantic-release/changelog@6.0.0
            @semantic-release/git@10.0.0
            conventional-changelog-conventionalcommits@4.6.3
        env:
          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
--- a/.github/workflows/semantic-releaser.yml
+++ b/.github/workflows/semantic-releaser.yml
@ -1,12 +1,15 @@
 name: release
 on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths:
      - '**.tf'
      - '**.tmpl'
      - '!examples/**.tf'
      - '.github/workflows/semantic-releaser.yml'
 jobs:
  release:
@ -20,11 +23,17 @@ jobs:
          persist-credentials: false
      - name: Setup Node.js
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
        with:
-          node-version: 14
+          node-version: 16
      - name: Release
        uses: cycjimmy/semantic-release-action@v2
        with:
          semantic_version: 18.0.0
          extra_plugins: |
            @semantic-release/changelog@6.0.0
            @semantic-release/git@10.0.0
            conventional-changelog-conventionalcommits@4.6.3
        env:
          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE }}
        run: npx semantic-release
--- a/.github/workflows/stale-actions.yaml
+++ b/.github/workflows/stale-actions.yaml
@ -0,0 +1,32 @@
 name: 'Mark or close stale issues and PRs'
 on:
  schedule:
    - cron: '0 0 * * *'
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v4
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          # Staling issues and PR's
          days-before-stale: 30
          stale-issue-label: stale
          stale-pr-label: stale
          stale-issue-message: |
            This issue has been automatically marked as stale because it has been open 30 days
            with no activity. Remove stale label or comment or this issue will be closed in 10 days
          stale-pr-message: |
            This PR has been automatically marked as stale because it has been open 30 days
            with no activity. Remove stale label or comment or this PR will be closed in 10 days
          # Not stale if have this labels or part of milestone
          exempt-issue-labels: bug,wip,on-hold
          exempt-pr-labels: bug,wip,on-hold
          exempt-all-milestones: true
          # Close issue operations
          # Label will be automatically removed if the issues are no longer closed nor locked.
          days-before-close: 10
          delete-branch: true
          close-issue-message: This issue was automatically closed because of stale in 10 days
          close-pr-message: This PR was automatically closed because of stale in 10 days
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.56.0
+    rev: v1.68.1
    hooks:
      - id: terraform_fmt
      - id: terraform_validate
@ -23,7 +23,7 @@ repos:
          - '--args=--only=terraform_standard_module_structure'
          - '--args=--only=terraform_workspace_remote'
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.0.1
+    rev: v4.2.0
    hooks:
      - id: check-merge-conflict
      - id: end-of-file-fixer
--- a/.releaserc.json
+++ b/.releaserc.json
@ -1,10 +1,45 @@
 {
  "branches": [
-    "main"
+    "main",
    "master"
  ],
  "ci": false,
  "plugins": [
-    "@semantic-release/commit-analyzer",
+    [
-    "@semantic-release/release-notes-generator",
+      "@semantic-release/commit-analyzer",
-    "@semantic-release/github"
+      {
        "preset": "conventionalcommits"
      }
    ],
    [
      "@semantic-release/release-notes-generator",
      {
        "preset": "conventionalcommits"
      }
    ],
    [
      "@semantic-release/github",
      {
        "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
        "labels": false,
        "releasedLabels": false
      }
    ],
    [
      "@semantic-release/changelog",
      {
        "changelogFile": "CHANGELOG.md",
        "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
      }
    ],
    [
      "@semantic-release/git",
      {
        "assets": [
          "CHANGELOG.md"
        ],
        "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
      }
    ]
  ]
 }
--- a/25
+++ b/25
@ -174,28 +174,3 @@
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright 2021 Clowd Haus, LLC.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/README.md
+++ b/README.md
@ -1,14 +1,23 @@
 # AWS RDS Proxy Terraform module
 ## ⚠️ Module has moved to `terraform-aws-modules`
 This module has moved to the terraform-aws-modules organization. Users will need to update their module source:
 ```diff
 - source = "clowdhaus/rds-proxy/aws"
 + source = "terraform-aws-modules/rds-proxy/aws"
 ```
 Terraform module which creates an AWS RDS Proxy and its supporting resources.
 ## Usage
-See [`examples`](./examples) directory for working examples to reference:
+See [`examples`](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples) directory for working examples to reference:
 ```hcl
 module "rds_proxy" {
-  source = "clowdhaus/rds-proxy/aws"
+  source = "terraform-aws-modules/rds-proxy/aws"
  name                   = "rds-proxy"
  iam_role_name          = "rds-proxy-role"
@ -51,27 +60,12 @@ module "rds_proxy" {
 ## Examples
-Examples codified under the [`examples`](./examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module(s). If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
+Examples codified under the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module(s). If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
- [IAM auth. w/ MySQL Aurora cluster](./examples/mysql_iam_cluster)
+- [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_cluster)
- [IAM auth. w/ MySQL RDS instance](./examples/mysql_iam_instance)
+- [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_instance)
- [IAM auth. w/ PostgreSQL Aurora cluster](./examples/postgresql_iam_cluster)
+- [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_cluster)
- [IAM auth. w/ PostgreSQL RDS instance](./examples/postgresql_iam_instance)
+- [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_instance)
 ## Security & Compliance [<img src="https://raw.githubusercontent.com/clowdhaus/terraform-aws-rds-proxy/main/.github/images/bridgecrew.svg" width="250" align="right" />](https://bridgecrew.io/)
 Security scanning results provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
 | Benchmark | Description |
 |--------|---------------|
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/pci_dss_v321)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=PCI-DSS+V3.2.1) | Payment Card Industry Data Security Standards Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=SOC2) | Service Organization Control 2 Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance |
 | [![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/clowdhaus/terraform-aws-rds-proxy/fedramp_moderate)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=clowdhaus%2Fterraform-aws-rds-proxy&benchmark=FEDRAMP+%28MODERATE%29) | FedRAMP Moderate Impact Level |
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
@ -175,4 +169,4 @@ No modules.
 ## License
-Apache-2.0 Licensed. See [LICENSE](LICENSE).
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/LICENSE).
--- a/examples/README.md
+++ b/examples/README.md
@ -0,0 +1,6 @@
 # AWS RDS Proxy Terraform Examples
 - [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_cluster)
 - [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_instance)
 - [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_cluster)
 - [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_instance)
--- a/examples/mysql_iam_cluster/README.md
+++ b/examples/mysql_iam_cluster/README.md
@ -87,4 +87,4 @@ No inputs.
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-Apache-2.0 Licensed. See [LICENSE](../../LICENSE).
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/LICENSE).
--- a/examples/mysql_iam_cluster/main.tf
+++ b/examples/mysql_iam_cluster/main.tf
@ -3,17 +3,67 @@ provider "aws" {
 }
 locals {
-  region      = "us-east-1"
+  region = "us-east-1"
-  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  name   = "rds-proxy-ex-${replace(basename(path.cwd), "_", "-")}"
  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
  db_password = random_password.password.result
  tags = {
-    Example     = local.name
+    Name       = local.name
-    Environment = "dev"
+    Example    = local.name
    Repository = "https://github.com/terraform-aws-modules/terraform-aws-rds-proxy"
  }
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy" {
  source = "../../"
  create_proxy = true
  name                   = local.name
  iam_role_name          = local.name
  vpc_subnet_ids         = module.vpc.private_subnets
  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "MYSQL"
  debug_logging = true
  # Target Aurora cluster
  target_db_cluster     = true
  db_cluster_identifier = module.rds.cluster_id
  tags = local.tags
 }
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -113,34 +163,6 @@ resource "aws_rds_cluster_parameter_group" "aurora_cluster_mysql57_parameter_gro
  tags = local.tags
 }
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
 data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
 resource "aws_secretsmanager_secret" "superuser" {
  name        = local.db_username
  description = "Database superuser, ${local.db_username}, databse connection values"
  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"
@ -170,46 +192,26 @@ module "rds_proxy_sg" {
  tags = local.tags
 }
-module "rds_proxy" {
+################################################################################
-  source = "../../"
+# Secrets - DB user passwords
 ################################################################################
-  create_proxy = true
+data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
-  name                   = local.name
+resource "aws_secretsmanager_secret" "superuser" {
-  iam_role_name          = local.name
+  name        = local.db_username
-  vpc_subnet_ids         = module.vpc.private_subnets
+  description = "Database superuser, ${local.db_username}, databse connection values"
-  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
+  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "MYSQL"
  debug_logging = true
  # Target Aurora cluster
  target_db_cluster     = true
  db_cluster_identifier = module.rds.cluster_id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
--- a/examples/mysql_iam_instance/README.md
+++ b/examples/mysql_iam_instance/README.md
@ -86,4 +86,4 @@ No inputs.
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-Apache-2.0 Licensed. See [LICENSE](../../LICENSE).
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/LICENSE).
--- a/examples/mysql_iam_instance/main.tf
+++ b/examples/mysql_iam_instance/main.tf
@ -3,17 +3,67 @@ provider "aws" {
 }
 locals {
-  region      = "us-east-1"
+  region = "us-east-1"
-  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  name   = "rds-proxy-ex-${replace(basename(path.cwd), "_", "-")}"
  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
  db_password = random_password.password.result
  tags = {
-    Example     = local.name
+    Name       = local.name
-    Environment = "dev"
+    Example    = local.name
    Repository = "https://github.com/terraform-aws-modules/terraform-aws-rds-proxy"
  }
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy" {
  source = "../../"
  create_proxy = true
  name                   = local.name
  iam_role_name          = local.name
  vpc_subnet_ids         = module.vpc.private_subnets
  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "MYSQL"
  debug_logging = true
  # Target RDS instance
  target_db_instance     = true
  db_instance_identifier = module.rds.db_instance_id
  tags = local.tags
 }
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -118,34 +168,6 @@ module "rds" {
  tags = local.tags
 }
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
 data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
 resource "aws_secretsmanager_secret" "superuser" {
  name        = local.db_username
  description = "Database superuser, ${local.db_username}, databse connection values"
  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"
@ -175,46 +197,26 @@ module "rds_proxy_sg" {
  tags = local.tags
 }
-module "rds_proxy" {
+################################################################################
-  source = "../../"
+# Secrets - DB user passwords
 ################################################################################
-  create_proxy = true
+data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
-  name                   = local.name
+resource "aws_secretsmanager_secret" "superuser" {
-  iam_role_name          = local.name
+  name        = local.db_username
-  vpc_subnet_ids         = module.vpc.private_subnets
+  description = "Database superuser, ${local.db_username}, databse connection values"
-  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
+  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "MYSQL"
  debug_logging = true
  # Target RDS instance
  target_db_instance     = true
  db_instance_identifier = module.rds.db_instance_id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
--- a/examples/postgresql_iam_cluster/README.md
+++ b/examples/postgresql_iam_cluster/README.md
@ -87,4 +87,4 @@ No inputs.
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-Apache-2.0 Licensed. See [LICENSE](../../LICENSE).
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/LICENSE).
--- a/examples/postgresql_iam_cluster/main.tf
+++ b/examples/postgresql_iam_cluster/main.tf
@ -3,17 +3,67 @@ provider "aws" {
 }
 locals {
-  region      = "us-east-1"
+  region = "us-east-1"
-  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  name   = "rds-proxy-ex-${replace(basename(path.cwd), "_", "-")}"
  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
  db_password = random_password.password.result
  tags = {
-    Example     = local.name
+    Name       = local.name
-    Environment = "dev"
+    Example    = local.name
    Repository = "https://github.com/terraform-aws-modules/terraform-aws-rds-proxy"
  }
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy" {
  source = "../../"
  create_proxy = true
  name                   = local.name
  iam_role_name          = local.name
  vpc_subnet_ids         = module.vpc.private_subnets
  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "POSTGRESQL"
  debug_logging = true
  # Target Aurora cluster
  target_db_cluster     = true
  db_cluster_identifier = module.rds.cluster_id
  tags = local.tags
 }
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -113,34 +163,6 @@ resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres11_parameter_
  tags = local.tags
 }
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
 data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
 resource "aws_secretsmanager_secret" "superuser" {
  name        = local.db_username
  description = "Database superuser, ${local.db_username}, databse connection values"
  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"
@ -170,46 +192,26 @@ module "rds_proxy_sg" {
  tags = local.tags
 }
-module "rds_proxy" {
+################################################################################
-  source = "../../"
+# Secrets - DB user passwords
 ################################################################################
-  create_proxy = true
+data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
-  name                   = local.name
+resource "aws_secretsmanager_secret" "superuser" {
-  iam_role_name          = local.name
+  name        = local.db_username
-  vpc_subnet_ids         = module.vpc.private_subnets
+  description = "Database superuser, ${local.db_username}, databse connection values"
-  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
+  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "POSTGRESQL"
  debug_logging = true
  # Target Aurora cluster
  target_db_cluster     = true
  db_cluster_identifier = module.rds.cluster_id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
--- a/examples/postgresql_iam_instance/README.md
+++ b/examples/postgresql_iam_instance/README.md
@ -86,4 +86,4 @@ No inputs.
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-Apache-2.0 Licensed. See [LICENSE](../../LICENSE).
+Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/LICENSE).
--- a/examples/postgresql_iam_instance/main.tf
+++ b/examples/postgresql_iam_instance/main.tf
@ -3,17 +3,67 @@ provider "aws" {
 }
 locals {
-  region      = "us-east-1"
+  region = "us-east-1"
-  name        = "example-${replace(basename(path.cwd), "_", "-")}"
+  name   = "rds-proxy-ex-${replace(basename(path.cwd), "_", "-")}"
  db_username = random_pet.users.id # using random here due to secrets taking at least 7 days before fully deleting from account
  db_password = random_password.password.result
  tags = {
-    Example     = local.name
+    Name       = local.name
-    Environment = "dev"
+    Example    = local.name
    Repository = "https://github.com/terraform-aws-modules/terraform-aws-rds-proxy"
  }
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy" {
  source = "../../"
  create_proxy = true
  name                   = local.name
  iam_role_name          = local.name
  vpc_subnet_ids         = module.vpc.private_subnets
  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "POSTGRESQL"
  debug_logging = true
  # Target RDS instance
  target_db_instance     = true
  db_instance_identifier = module.rds.db_instance_id
  tags = local.tags
 }
 ################################################################################
 # Supporting Resources
 ################################################################################
@ -118,34 +168,6 @@ module "rds" {
  tags = local.tags
 }
 ################################################################################
 # Secrets - DB user passwords
 ################################################################################
 data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
 resource "aws_secretsmanager_secret" "superuser" {
  name        = local.db_username
  description = "Database superuser, ${local.db_username}, databse connection values"
  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
 ################################################################################
 # RDS Proxy
 ################################################################################
 module "rds_proxy_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"
@ -175,46 +197,26 @@ module "rds_proxy_sg" {
  tags = local.tags
 }
-module "rds_proxy" {
+################################################################################
-  source = "../../"
+# Secrets - DB user passwords
 ################################################################################
-  create_proxy = true
+data "aws_kms_alias" "secretsmanager" {
  name = "alias/aws/secretsmanager"
 }
-  name                   = local.name
+resource "aws_secretsmanager_secret" "superuser" {
-  iam_role_name          = local.name
+  name        = local.db_username
-  vpc_subnet_ids         = module.vpc.private_subnets
+  description = "Database superuser, ${local.db_username}, databse connection values"
-  vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
+  kms_key_id  = data.aws_kms_alias.secretsmanager.id
  db_proxy_endpoints = {
    read_write = {
      name                   = "read-write-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      tags                   = local.tags
    },
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.vpc.private_subnets
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.tags
    }
  }
  secrets = {
    "${local.db_username}" = {
      description = aws_secretsmanager_secret.superuser.description
      arn         = aws_secretsmanager_secret.superuser.arn
      kms_key_id  = aws_secretsmanager_secret.superuser.kms_key_id
    }
  }
  engine_family = "POSTGRESQL"
  debug_logging = true
  # Target RDS instance
  target_db_instance     = true
  db_instance_identifier = module.rds.db_instance_id
  tags = local.tags
 }
 resource "aws_secretsmanager_secret_version" "superuser" {
  secret_id = aws_secretsmanager_secret.superuser.id
  secret_string = jsonencode({
    username = local.db_username
    password = local.db_password
  })
 }
		`@ -1,2 +0,0 @@`
			`# Default owners - required for review/approval`
			`* @bryantbiggs`