chore(release): version 4.2.1 [skip ci]

## [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.2.0...v4.2.1) (2025-10-21) ### Bug Fixes * Update CI workflow versions to latest ([#40](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/40)) ([5deff22](5deff22cf4))
fix: Update CI workflow versions to latest (#40 )
2025-12-17 16:31:11 +00:00 · 2025-10-21 09:10:15 +00:00 · 2025-10-21 11:09:40 +02:00 · 2025-10-14 13:10:34 +00:00 · 2025-10-14 08:10:07 -05:00 · 2025-10-01 14:13:37 +00:00
36 changed files with 677 additions and 143 deletions
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@ -8,7 +8,7 @@ jobs:
  lock:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          issue-comment: >
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -14,7 +14,7 @@ jobs:
    steps:
      # Please look up the latest version from
      # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v5.0.2
+      - uses: amannn/action-semantic-pull-request@v6.1.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@ -7,7 +7,8 @@ on:
      - master
 env:
-  TERRAFORM_DOCS_VERSION: v0.16.0
+  TERRAFORM_DOCS_VERSION: v0.20.0
  TFLINT_VERSION: v0.59.1
 jobs:
  collectInputs:
@ -17,11 +18,11 @@ jobs:
      directories: ${{ steps.dirs.outputs.directories }}
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
      - name: Get root directories
        id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/directories@v1.14.0
  preCommitMinVersions:
    name: Min TF pre-commit
@ -31,29 +32,61 @@ jobs:
      matrix:
        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
    steps:
      - name: Install rmz
        uses: jaxxstorm/action-install-gh-release@v2.1.0
        with:
          repo: SUPERCILEX/fuc
          asset-name: x86_64-unknown-linux-gnu-rmz
          rename-to: rmz
          chmod: 0755
          extension-matching: disable
      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
      - name: Delete unnecessary files
        run: |
          formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
          getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
          BEFORE=$(getAvailableSpace)
          ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz
          rmz -f /opt/hostedtoolcache/CodeQL &
          rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk &
          rmz -f /opt/hostedtoolcache/PyPy &
          rmz -f /opt/hostedtoolcache/Ruby &
          rmz -f /opt/hostedtoolcache/go &
          wait
          AFTER=$(getAvailableSpace)
          SAVED=$((AFTER-BEFORE))
          echo "=> Saved $(formatByteCount $SAVED)"
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
      - name: Terraform min/max versions
        id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.0
+        uses: clowdhaus/terraform-min-max@v2.1.0
        with:
          directory: ${{ matrix.directory }}
      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
        # Run only validate pre-commit check on min version supported
        if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
        with:
          terraform-version: ${{ steps.minMax.outputs.minVersion }}
          tflint-version: ${{ env.TFLINT_VERSION }}
          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
        # Run only validate pre-commit check on min version supported
        if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
        with:
          terraform-version: ${{ steps.minMax.outputs.minVersion }}
          tflint-version: ${{ env.TFLINT_VERSION }}
          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
  preCommitMaxVersion:
@ -61,18 +94,75 @@ jobs:
    runs-on: ubuntu-latest
    needs: collectInputs
    steps:
      - name: Install rmz
        uses: jaxxstorm/action-install-gh-release@v2.1.0
        with:
          repo: SUPERCILEX/fuc
          asset-name: x86_64-unknown-linux-gnu-rmz
          rename-to: rmz
          chmod: 0755
          extension-matching: disable
      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
      - name: Delete unnecessary files
        run: |
          formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
          getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
          BEFORE=$(getAvailableSpace)
          ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz
          rmz -f /opt/hostedtoolcache/CodeQL &
          rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk &
          rmz -f /opt/hostedtoolcache/PyPy &
          rmz -f /opt/hostedtoolcache/Ruby &
          rmz -f /opt/hostedtoolcache/go &
          sudo rmz -f /usr/local/lib/android &
          if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then
            sudo rmz -f /usr/share/dotnet &
            sudo rmz -f /usr/local/.ghcup &
            sudo apt-get -qq remove -y 'azure-.*'
            sudo apt-get -qq remove -y 'cpp-.*'
            sudo apt-get -qq remove -y 'dotnet-runtime-.*'
            sudo apt-get -qq remove -y 'google-.*'
            sudo apt-get -qq remove -y 'libclang-.*'
            sudo apt-get -qq remove -y 'libllvm.*'
            sudo apt-get -qq remove -y 'llvm-.*'
            sudo apt-get -qq remove -y 'mysql-.*'
            sudo apt-get -qq remove -y 'postgresql-.*'
            sudo apt-get -qq remove -y 'php.*'
            sudo apt-get -qq remove -y 'temurin-.*'
            sudo apt-get -qq remove -y kubectl firefox mono-devel
            sudo apt-get -qq autoremove -y
            sudo apt-get -qq clean
          fi
          wait
          AFTER=$(getAvailableSpace)
          SAVED=$((AFTER-BEFORE))
          echo "=> Saved $(formatByteCount $SAVED)"
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          repository: ${{github.event.pull_request.head.repo.full_name}}
      - name: Terraform min/max versions
        id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.0
+        uses: clowdhaus/terraform-min-max@v2.1.0
      - name: Hide template dir
        # Special to this repo, we don't want to check this dir
        if: ${{ github.repository ==  'terraform-aws-modules/terraform-aws-security-group' }}
        run: rm -rf modules/_templates
      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
        with:
          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
          tflint-version: ${{ env.TFLINT_VERSION }}
          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
          install-hcledit: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -4,6 +4,7 @@ on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
    paths:
      - '**/*.tpl'
@ -19,18 +20,26 @@ jobs:
    if: github.repository_owner == 'terraform-aws-modules'
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
        with:
          persist-credentials: false
          fetch-depth: 0
-      - name: Release
+      - name: Set correct Node.js version
-        uses: cycjimmy/semantic-release-action@v3
+        uses: actions/setup-node@v6
        with:
-          semantic_version: 18.0.0
+          node-version: 24
-          extra_plugins: |
+
-            @semantic-release/changelog@6.0.0
+      - name: Install dependencies
-            @semantic-release/git@10.0.0
+        run: |
-            conventional-changelog-conventionalcommits@4.6.3
+          npm install \
            @semantic-release/changelog@6.0.3 \
            @semantic-release/git@10.0.1 \
            conventional-changelog-conventionalcommits@9.1.0
      - name: Release
        uses: cycjimmy/semantic-release-action@v5
        with:
          semantic_version: 25.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
--- a/.github/workflows/stale-actions.yaml
+++ b/.github/workflows/stale-actions.yaml
@ -7,7 +7,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v6
+      - uses: actions/stale@v10
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          # Staling issues and PR's
--- a/.gitignore
+++ b/.gitignore
@ -1,13 +1,13 @@
 # Local .terraform directories
 **/.terraform/*
 # Terraform lockfile
 .terraform.lock.hcl
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # terraform lockfile
 .terraform.lock.hcl
 # Crash log files
 crash.log
@ -15,7 +15,6 @@ crash.log
 # password, private keys, and other secrets. These should not be part of version
 # control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 #
 *.tfvars
 # Ignore override files as they are usually used to override resources locally and so
@ -25,13 +24,16 @@ override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 #
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 # Lambda build artifacts
 builds/
 __pycache__/
 *.zip
 .tox
 # Local editors/macos files
 .DS_Store
 .idea
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,9 +1,9 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.103.0
    hooks:
      - id: terraform_fmt
-      - id: terraform_validate
+      - id: terraform_wrapper_module_for_each
      - id: terraform_docs
        args:
          - '--args=--lockfile=false'
@ -22,8 +22,10 @@ repos:
          - '--args=--only=terraform_required_providers'
          - '--args=--only=terraform_standard_module_structure'
          - '--args=--only=terraform_workspace_remote'
      - id: terraform_validate
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v6.0.0
    hooks:
      - id: check-merge-conflict
      - id: end-of-file-fixer
      - id: trailing-whitespace
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,70 @@
 All notable changes to this project will be documented in this file.
 ## [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.2.0...v4.2.1) (2025-10-21)
 ### Bug Fixes
 * Update CI workflow versions to latest ([#40](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/40)) ([5deff22](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/5deff22cf4c471ce824c016687c3b933cd8b783c))
 ## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.1.0...v4.2.0) (2025-10-14)
 ### Features
 * Support `default_auth_scheme` ([#39](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/39)) ([c2073a0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/c2073a031c947270dac3f17c7f76e2996cd1b5b1))
 ## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.0.0...v4.1.0) (2025-10-01)
 ### Features
 * Add Terragrunt wrappers ([#38](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/38)) ([33b43c7](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/33b43c72abdad0b01655238d844e56dabca5e6d4))
 ## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.2.1...v4.0.0) (2025-09-16)
 ### ⚠ BREAKING CHANGES
 * Upgrade AWS provider and min required Terraform version to `6.0` and `1.5.7` respectively (#34)
 ### Features
 * Upgrade AWS provider and min required Terraform version to `6.0` and `1.5.7` respectively ([#34](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/34)) ([47c0fca](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/47c0fcad4b3e40ef112544028dba1a4c10ee50dc))
 ## [3.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.2.0...v3.2.1) (2025-05-22)
 ### Bug Fixes
 * Correct service principal to rds.amazonaws.com (incl China) ([#32](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/32)) ([bbbf50c](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/bbbf50ce8734f05d4ac69fa41c23c88094b82356))
 ## [3.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.1.1...v3.2.0) (2024-11-19)
 ### Features
 * Add CloudWatch log group name to outputs ([#28](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/28)) ([0fc0e19](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/0fc0e19e642a2fdcd8f546bf219f78b5db252c65))
 ### Bug Fixes
 * Update CI workflow versions to latest ([#27](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/27)) ([b6f22be](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/b6f22becf63614f365e72a81151c1955ab0d4df3))
 ## [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.1.0...v3.1.1) (2024-03-06)
 ### Bug Fixes
 * Update CI workflow versions to remove deprecated runtime warnings ([#26](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/26)) ([a31a810](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/a31a81097b9828776e91864973783d0e9530e12d))
 ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.0.0...v3.1.0) (2023-08-30)
 ### Features
 * Add IAM role output ([#22](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/22)) ([d18ae45](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/d18ae45d9ebf8253f7144e6bdc6ef39af9a4863f))
 ## [3.0.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v2.1.2...v3.0.0) (2023-06-09)
--- a/README.md
+++ b/README.md
@ -52,24 +52,24 @@ module "rds_proxy" {
 Examples codified under the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module(s). If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
- [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_cluster)
+- [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql-iam-cluster)
- [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_instance)
+- [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql-iam-instance)
- [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_cluster)
+- [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql-iam-cluster)
- [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_instance)
+- [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql-iam-instance)
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
 ## Modules
@ -91,12 +91,13 @@ No modules.
 | [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_service_principal.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source |
 ## Inputs
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_auth"></a> [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | `any` | `{}` | no |
+| <a name="input_auth"></a> [auth](#input\_auth) | Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters | <pre>map(object({<br/>    auth_scheme               = optional(string)<br/>    client_password_auth_type = optional(string)<br/>    description               = optional(string)<br/>    iam_auth                  = optional(string)<br/>    secret_arn                = optional(string)<br/>    username                  = optional(string)<br/>  }))</pre> | <pre>{<br/>  "default": {<br/>    "auth_scheme": "SECRETS"<br/>  }<br/>}</pre> | no |
 | <a name="input_connection_borrow_timeout"></a> [connection\_borrow\_timeout](#input\_connection\_borrow\_timeout) | The number of seconds for a proxy to wait for a connection to become available in the connection pool | `number` | `null` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether cluster should be created (affects nearly all resources) | `bool` | `true` | no |
 | <a name="input_create_iam_policy"></a> [create\_iam\_policy](#input\_create\_iam\_policy) | Determines whether an IAM policy is created | `bool` | `true` | no |
@ -104,7 +105,8 @@ No modules.
 | <a name="input_db_cluster_identifier"></a> [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
 | <a name="input_db_instance_identifier"></a> [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
 | <a name="input_debug_logging"></a> [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
-| <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no |
+| <a name="input_default_auth_scheme"></a> [default\_auth\_scheme](#input\_default\_auth\_scheme) | Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM\_AUTH. Defaults to NONE | `string` | `null` | no |
 | <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | Map of DB proxy endpoints to create and their attributes | <pre>map(object({<br/>    name                   = optional(string)<br/>    vpc_subnet_ids         = list(string)<br/>    vpc_security_group_ids = optional(list(string))<br/>    target_role            = optional(string)<br/>    tags                   = optional(map(string), {})<br/>  }))</pre> | `{}` | no |
 | <a name="input_engine_family"></a> [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
 | <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | The description of the role | `string` | `""` | no |
@ -117,6 +119,7 @@ No modules.
 | <a name="input_idle_client_timeout"></a> [idle\_client\_timeout](#input\_idle\_client\_timeout) | The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it | `number` | `1800` | no |
 | <a name="input_init_query"></a> [init\_query](#input\_init\_query) | One or more SQL statements for the proxy to run when opening each new database connection | `string` | `""` | no |
 | <a name="input_kms_key_arns"></a> [kms\_key\_arns](#input\_kms\_key\_arns) | List of KMS Key ARNs to allow access to decrypt SecretsManager secrets | `list(string)` | `[]` | no |
 | <a name="input_log_group_class"></a> [log\_group\_class](#input\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
 | <a name="input_log_group_kms_key_id"></a> [log\_group\_kms\_key\_id](#input\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data | `string` | `null` | no |
 | <a name="input_log_group_retention_in_days"></a> [log\_group\_retention\_in\_days](#input\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the log group | `number` | `30` | no |
 | <a name="input_log_group_tags"></a> [log\_group\_tags](#input\_log\_group\_tags) | A map of tags to apply to the CloudWatch log group | `map(string)` | `{}` | no |
@ -125,6 +128,7 @@ No modules.
 | <a name="input_max_idle_connections_percent"></a> [max\_idle\_connections\_percent](#input\_max\_idle\_connections\_percent) | Controls how actively the proxy closes idle database connections in the connection pool | `number` | `50` | no |
 | <a name="input_name"></a> [name](#input\_name) | The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens | `string` | `""` | no |
 | <a name="input_proxy_tags"></a> [proxy\_tags](#input\_proxy\_tags) | A map of tags to apply to the RDS Proxy | `map(string)` | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration | `string` | `null` | no |
 | <a name="input_require_tls"></a> [require\_tls](#input\_require\_tls) | A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy | `bool` | `true` | no |
 | <a name="input_role_arn"></a> [role\_arn](#input\_role\_arn) | The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager | `string` | `""` | no |
 | <a name="input_session_pinning_filters"></a> [session\_pinning\_filters](#input\_session\_pinning\_filters) | Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection | `list(string)` | `[]` | no |
@ -141,7 +145,11 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
 | <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager. |
 | <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | IAM role name |
 | <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | The name of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
 | <a name="output_proxy_default_target_group_id"></a> [proxy\_default\_target\_group\_id](#output\_proxy\_default\_target\_group\_id) | The ID for the default target group |
@ -155,7 +163,7 @@ No modules.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 ## License
--- a/docs/UPGRADE-3.0.md
+++ b/docs/UPGRADE-3.0.md
--- a/examples/README.md
+++ b/examples/README.md
@ -1,6 +1,8 @@
-# AWS RDS Proxy Terraform Examples
+# Examples
- [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_cluster)
+Please note - the examples provided serve two primary means:
- [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql_iam_instance)
+
- [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_cluster)
+1. Show users working examples of the various ways in which the module can be configured and features supported
- [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql_iam_instance)
+2. A means of testing/validating module changes
 Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc.
--- a/examples/mysql-iam-cluster/README.md
+++ b/examples/mysql-iam-cluster/README.md
@ -25,28 +25,28 @@ An EC2 instance configuration has been provided for use in validating the exampl
 3. Copy the output from `superuser_proxy_iam_connect` and paste it into the window
 4. You should now be connected to the `example` database in the RDS instance via the AWS Proxy using IAM authentication
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 8.0 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 9.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
 | <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 ## Resources
@ -64,6 +64,7 @@ No inputs.
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | The name of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
 | <a name="output_proxy_default_target_group_id"></a> [proxy\_default\_target\_group\_id](#output\_proxy\_default\_target\_group\_id) | The ID for the default target group |
@ -77,6 +78,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/blob/master/LICENSE).
--- a/examples/mysql-iam-cluster/main.tf
+++ b/examples/mysql-iam-cluster/main.tf
@ -69,7 +69,7 @@ module "rds_proxy" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  name = local.name
  cidr = local.vpc_cidr
@ -84,7 +84,7 @@ module "vpc" {
 module "rds" {
  source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "~> 8.0"
+  version = "~> 9.0"
  name            = local.name
  engine          = "aurora-mysql"
--- a/examples/mysql-iam-cluster/outputs.tf
+++ b/examples/mysql-iam-cluster/outputs.tf
@ -77,3 +77,8 @@ output "log_group_arn" {
  description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
  value       = module.rds_proxy.log_group_arn
 }
 output "log_group_name" {
  description = "The name of the CloudWatch log group"
  value       = module.rds_proxy.log_group_name
 }
--- a/examples/mysql-iam-cluster/versions.tf
+++ b/examples/mysql-iam-cluster/versions.tf
@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.15"
    }
  }
 }
--- a/examples/mysql-iam-instance/README.md
+++ b/examples/mysql-iam-instance/README.md
@ -25,31 +25,31 @@ An EC2 instance configuration has been provided for use in validating the exampl
 3. Copy the output from `superuser_proxy_iam_connect` and paste it into the window
 4. You should now be connected to the `example` database in the Aurora cluster via the AWS Proxy using IAM authentication
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 5.0 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 6.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
 | <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
 | <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 ## Resources
@ -72,6 +72,7 @@ No inputs.
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | The name of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
 | <a name="output_proxy_default_target_group_id"></a> [proxy\_default\_target\_group\_id](#output\_proxy\_default\_target\_group\_id) | The ID for the default target group |
@ -85,6 +86,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/blob/master/LICENSE).
--- a/examples/mysql-iam-instance/main.tf
+++ b/examples/mysql-iam-instance/main.tf
@ -61,7 +61,7 @@ module "rds_proxy" {
  # Target RDS instance
  target_db_instance     = true
-  db_instance_identifier = module.rds.db_instance_id
+  db_instance_identifier = module.rds.db_instance_identifier
  tags = local.tags
 }
@ -82,7 +82,7 @@ resource "random_password" "password" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  name = local.name
  cidr = local.vpc_cidr
@ -97,7 +97,7 @@ module "vpc" {
 module "rds" {
  source  = "terraform-aws-modules/rds/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  username = local.db_username
  password = local.db_password
--- a/examples/mysql-iam-instance/outputs.tf
+++ b/examples/mysql-iam-instance/outputs.tf
@ -77,3 +77,8 @@ output "log_group_arn" {
  description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
  value       = module.rds_proxy.log_group_arn
 }
 output "log_group_name" {
  description = "The name of the CloudWatch log group"
  value       = module.rds_proxy.log_group_name
 }
--- a/examples/mysql-iam-instance/versions.tf
+++ b/examples/mysql-iam-instance/versions.tf
@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.15"
    }
    random = {
      source  = "hashicorp/random"
--- a/examples/postgresql-iam-cluster/README.md
+++ b/examples/postgresql-iam-cluster/README.md
@ -25,28 +25,28 @@ An EC2 instance configuration has been provided for use in validating the exampl
 3. Copy the output from `superuser_proxy_iam_connect` and paste it into the window - NOTE: remove the string escape slashes `psql \"host...` -> `psql "host...`
 4. You should now be connected to the `example` database in the RDS instance via the AWS Proxy using IAM authentication
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 8.0 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds-aurora/aws | ~> 9.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
 | <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 ## Resources
@ -63,7 +63,11 @@ No inputs.
 | Name | Description |
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
 | <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the role proxy uses to access secrets |
 | <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | The name of the role proxy uses to access secrets |
 | <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the role proxy uses to access secrets |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | The name of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
 | <a name="output_proxy_default_target_group_id"></a> [proxy\_default\_target\_group\_id](#output\_proxy\_default\_target\_group\_id) | The ID for the default target group |
@ -77,6 +81,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/blob/master/LICENSE).
--- a/examples/postgresql-iam-cluster/main.tf
+++ b/examples/postgresql-iam-cluster/main.tf
@ -69,7 +69,7 @@ module "rds_proxy" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  name = local.name
  cidr = local.vpc_cidr
@ -84,11 +84,11 @@ module "vpc" {
 module "rds" {
  source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "~> 8.0"
+  version = "~> 9.0"
  name            = local.name
  engine          = "aurora-postgresql"
-  engine_version  = "14.7"
+  engine_version  = "17.5"
  master_username = "root"
  # When using RDS Proxy w/ IAM auth - Database must be username/password auth, not IAM
--- a/examples/postgresql-iam-cluster/outputs.tf
+++ b/examples/postgresql-iam-cluster/outputs.tf
@ -77,3 +77,24 @@ output "log_group_arn" {
  description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
  value       = module.rds_proxy.log_group_arn
 }
 output "log_group_name" {
  description = "The name of the CloudWatch log group"
  value       = module.rds_proxy.log_group_name
 }
 # IAM role
 output "iam_role_arn" {
  description = "The Amazon Resource Name (ARN) specifying the role proxy uses to access secrets"
  value       = module.rds_proxy.iam_role_arn
 }
 output "iam_role_name" {
  description = "The name of the role proxy uses to access secrets"
  value       = module.rds_proxy.iam_role_name
 }
 output "iam_role_unique_id" {
  description = "Stable and unique string identifying the role proxy uses to access secrets"
  value       = module.rds_proxy.iam_role_unique_id
 }
--- a/examples/postgresql-iam-cluster/versions.tf
+++ b/examples/postgresql-iam-cluster/versions.tf
@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.15"
    }
  }
 }
--- a/examples/postgresql-iam-instance/README.md
+++ b/examples/postgresql-iam-instance/README.md
@ -25,31 +25,31 @@ An EC2 instance configuration has been provided for use in validating the exampl
 3. Copy the output from `superuser_proxy_iam_connect` and paste it into the window - NOTE: remove the string escape slashes `psql \"host...` -> `psql "host...`
 4. You should now be connected to the `example` database in the Aurora cluster via the AWS Proxy using IAM authentication
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
 ## Providers
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
 ## Modules
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 5.0 |
+| <a name="module_rds"></a> [rds](#module\_rds) | terraform-aws-modules/rds/aws | ~> 6.0 |
 | <a name="module_rds_proxy"></a> [rds\_proxy](#module\_rds\_proxy) | ../../ | n/a |
 | <a name="module_rds_proxy_sg"></a> [rds\_proxy\_sg](#module\_rds\_proxy\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
 | <a name="module_rds_sg"></a> [rds\_sg](#module\_rds\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
 ## Resources
@ -72,6 +72,7 @@ No inputs.
 |------|-------------|
 | <a name="output_db_proxy_endpoints"></a> [db\_proxy\_endpoints](#output\_db\_proxy\_endpoints) | Array containing the full resource object and attributes for all DB proxy endpoints created |
 | <a name="output_log_group_arn"></a> [log\_group\_arn](#output\_log\_group\_arn) | The Amazon Resource Name (ARN) of the CloudWatch log group |
 | <a name="output_log_group_name"></a> [log\_group\_name](#output\_log\_group\_name) | The name of the CloudWatch log group |
 | <a name="output_proxy_arn"></a> [proxy\_arn](#output\_proxy\_arn) | The Amazon Resource Name (ARN) for the proxy |
 | <a name="output_proxy_default_target_group_arn"></a> [proxy\_default\_target\_group\_arn](#output\_proxy\_default\_target\_group\_arn) | The Amazon Resource Name (ARN) for the default target group |
 | <a name="output_proxy_default_target_group_id"></a> [proxy\_default\_target\_group\_id](#output\_proxy\_default\_target\_group\_id) | The ID for the default target group |
@ -85,6 +86,6 @@ No inputs.
 | <a name="output_proxy_target_target_arn"></a> [proxy\_target\_target\_arn](#output\_proxy\_target\_target\_arn) | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API |
 | <a name="output_proxy_target_tracked_cluster_id"></a> [proxy\_target\_tracked\_cluster\_id](#output\_proxy\_target\_tracked\_cluster\_id) | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster |
 | <a name="output_proxy_target_type"></a> [proxy\_target\_type](#output\_proxy\_target\_type) | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/blob/master/LICENSE).
--- a/examples/postgresql-iam-instance/main.tf
+++ b/examples/postgresql-iam-instance/main.tf
@ -61,7 +61,7 @@ module "rds_proxy" {
  # Target RDS instance
  target_db_instance     = true
-  db_instance_identifier = module.rds.db_instance_id
+  db_instance_identifier = module.rds.db_instance_identifier
  tags = local.tags
 }
@ -82,7 +82,7 @@ resource "random_password" "password" {
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  name = local.name
  cidr = local.vpc_cidr
@ -97,7 +97,7 @@ module "vpc" {
 module "rds" {
  source  = "terraform-aws-modules/rds/aws"
-  version = "~> 5.0"
+  version = "~> 6.0"
  username = local.db_username
  password = local.db_password
--- a/examples/postgresql-iam-instance/outputs.tf
+++ b/examples/postgresql-iam-instance/outputs.tf
@ -77,3 +77,8 @@ output "log_group_arn" {
  description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
  value       = module.rds_proxy.log_group_arn
 }
 output "log_group_name" {
  description = "The name of the CloudWatch log group"
  value       = module.rds_proxy.log_group_name
 }
--- a/examples/postgresql-iam-instance/versions.tf
+++ b/examples/postgresql-iam-instance/versions.tf
@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.15"
    }
    random = {
      source  = "hashicorp/random"
--- a/main.tf
+++ b/main.tf
@ -1,12 +1,3 @@
 locals {
  role_arn    = var.create && var.create_iam_role ? aws_iam_role.this[0].arn : var.role_arn
  role_name   = coalesce(var.iam_role_name, var.name)
  policy_name = coalesce(var.iam_policy_name, var.name)
 }
 data "aws_region" "current" {}
 data "aws_partition" "current" {}
 ################################################################################
 # RDS Proxy
 ################################################################################
@ -14,25 +5,28 @@ data "aws_partition" "current" {}
 resource "aws_db_proxy" "this" {
  count = var.create ? 1 : 0
  region = var.region
  dynamic "auth" {
    for_each = var.auth
    content {
-      auth_scheme               = try(auth.value.auth_scheme, "SECRETS")
+      auth_scheme               = auth.value.auth_scheme
-      client_password_auth_type = try(auth.value.client_password_auth_type, null)
+      client_password_auth_type = auth.value.client_password_auth_type
-      description               = try(auth.value.description, null)
+      description               = auth.value.description
-      iam_auth                  = try(auth.value.iam_auth, null)
+      iam_auth                  = auth.value.iam_auth
-      secret_arn                = try(auth.value.secret_arn, null)
+      secret_arn                = auth.value.secret_arn
-      username                  = try(auth.value.username, null)
+      username                  = auth.value.username
    }
  }
  debug_logging          = var.debug_logging
  default_auth_scheme    = var.default_auth_scheme
  engine_family          = var.engine_family
  idle_client_timeout    = var.idle_client_timeout
  name                   = var.name
  require_tls            = var.require_tls
-  role_arn               = local.role_arn
+  role_arn               = try(aws_iam_role.this[0].arn, var.role_arn)
  vpc_security_group_ids = var.vpc_security_group_ids
  vpc_subnet_ids         = var.vpc_subnet_ids
@ -41,9 +35,15 @@ resource "aws_db_proxy" "this" {
  depends_on = [aws_cloudwatch_log_group.this]
 }
 ################################################################################
 # Default Target Group
 ################################################################################
 resource "aws_db_proxy_default_target_group" "this" {
  count = var.create ? 1 : 0
  region = var.region
  db_proxy_name = aws_db_proxy.this[0].name
  connection_pool_config {
@ -55,9 +55,15 @@ resource "aws_db_proxy_default_target_group" "this" {
  }
 }
 ################################################################################
 # Target(s)
 ################################################################################
 resource "aws_db_proxy_target" "db_instance" {
  count = var.create && var.target_db_instance ? 1 : 0
  region = var.region
  db_proxy_name          = aws_db_proxy.this[0].name
  target_group_name      = aws_db_proxy_default_target_group.this[0].name
  db_instance_identifier = var.db_instance_identifier
@ -66,33 +72,44 @@ resource "aws_db_proxy_target" "db_instance" {
 resource "aws_db_proxy_target" "db_cluster" {
  count = var.create && var.target_db_cluster ? 1 : 0
  region = var.region
  db_proxy_name         = aws_db_proxy.this[0].name
  target_group_name     = aws_db_proxy_default_target_group.this[0].name
  db_cluster_identifier = var.db_cluster_identifier
 }
 ################################################################################
 # Endpoint(s)
 ################################################################################
 resource "aws_db_proxy_endpoint" "this" {
  for_each = { for k, v in var.endpoints : k => v if var.create }
-  db_proxy_name          = aws_db_proxy.this[0].name
+  region = var.region
  db_proxy_endpoint_name = each.value.name
  vpc_subnet_ids         = each.value.vpc_subnet_ids
  vpc_security_group_ids = lookup(each.value, "vpc_security_group_ids", null)
  target_role            = lookup(each.value, "target_role", null)
-  tags = lookup(each.value, "tags", var.tags)
+  db_proxy_name          = aws_db_proxy.this[0].name
  db_proxy_endpoint_name = coalesce(each.value.name, each.key)
  vpc_subnet_ids         = each.value.vpc_subnet_ids
  vpc_security_group_ids = each.value.vpc_security_group_ids
  target_role            = each.value.target_role
  tags = merge(var.tags, each.value.tags)
 }
 ################################################################################
-# CloudWatch Logs
+# CloudWatch Log Group
 ################################################################################
 resource "aws_cloudwatch_log_group" "this" {
  count = var.create && var.manage_log_group ? 1 : 0
  region = var.region
  name              = "/aws/rds/proxy/${var.name}"
  retention_in_days = var.log_group_retention_in_days
  kms_key_id        = var.log_group_kms_key_id
  log_group_class   = var.log_group_class
  tags = merge(var.tags, var.log_group_tags)
 }
@ -101,8 +118,37 @@ resource "aws_cloudwatch_log_group" "this" {
 # IAM Role
 ################################################################################
 locals {
  create_iam_role = var.create && var.create_iam_role
  role_name   = coalesce(var.iam_role_name, var.name)
  policy_name = coalesce(var.iam_policy_name, var.name)
  partition  = try(data.aws_partition.current[0].partition, "aws")
  dns_suffix = try(data.aws_partition.current[0].dns_suffix, "amazonaws.com")
  region     = try(data.aws_region.current[0].region, var.region)
 }
 data "aws_region" "current" {
  count = local.create_iam_role ? 1 : 0
  region = var.region
 }
 data "aws_partition" "current" {
  count = local.create_iam_role ? 1 : 0
 }
 data "aws_service_principal" "rds" {
  count = local.create_iam_role ? 1 : 0
  service_name = "rds"
  region       = data.aws_region.current[0].region
 }
 data "aws_iam_policy_document" "assume_role" {
-  count = var.create && var.create_iam_role ? 1 : 0
+  count = local.create_iam_role ? 1 : 0
  statement {
    sid     = "RDSAssume"
@ -111,13 +157,13 @@ data "aws_iam_policy_document" "assume_role" {
    principals {
      type        = "Service"
-      identifiers = ["rds.${data.aws_partition.current.dns_suffix}"]
+      identifiers = [data.aws_service_principal.rds[0].name]
    }
  }
 }
 resource "aws_iam_role" "this" {
-  count = var.create && var.create_iam_role ? 1 : 0
+  count = local.create_iam_role ? 1 : 0
  name        = var.use_role_name_prefix ? null : local.role_name
  name_prefix = var.use_role_name_prefix ? "${local.role_name}-" : null
@ -132,8 +178,12 @@ resource "aws_iam_role" "this" {
  tags = merge(var.tags, var.iam_role_tags)
 }
 ################################################################################
 # IAM Role Policy
 ################################################################################
 data "aws_iam_policy_document" "this" {
-  count = var.create && var.create_iam_role && var.create_iam_policy ? 1 : 0
+  count = local.create_iam_role && var.create_iam_policy ? 1 : 0
  statement {
    sid     = "DecryptSecrets"
@ -141,14 +191,14 @@ data "aws_iam_policy_document" "this" {
    actions = ["kms:Decrypt"]
    resources = coalescelist(
      var.kms_key_arns,
-      ["arn:${data.aws_partition.current.partition}:kms:*:*:key/*"]
+      ["arn:${local.partition}:kms:*:*:key/*"]
    )
    condition {
      test     = "StringEquals"
      variable = "kms:ViaService"
      values = [
-        "secretsmanager.${data.aws_region.current.name}.${data.aws_partition.current.dns_suffix}"
+        "secretsmanager.${local.region}.${local.dns_suffix}"
      ]
    }
  }
@ -178,7 +228,7 @@ data "aws_iam_policy_document" "this" {
 }
 resource "aws_iam_role_policy" "this" {
-  count = var.create && var.create_iam_role && var.create_iam_policy ? 1 : 0
+  count = local.create_iam_role && var.create_iam_policy ? 1 : 0
  name        = var.use_policy_name_prefix ? null : local.policy_name
  name_prefix = var.use_policy_name_prefix ? "${local.policy_name}-" : null
--- a/outputs.tf
+++ b/outputs.tf
@ -1,4 +1,7 @@
 ################################################################################
 # RDS Proxy
 ################################################################################
 output "proxy_id" {
  description = "The ID for the proxy"
  value       = try(aws_db_proxy.this[0].id, null)
@ -14,7 +17,10 @@ output "proxy_endpoint" {
  value       = try(aws_db_proxy.this[0].endpoint, null)
 }
-# Proxy Default Target Group
+################################################################################
 # Default Target Group
 ################################################################################
 output "proxy_default_target_group_id" {
  description = "The ID for the default target group"
  value       = try(aws_db_proxy_default_target_group.this[0].id, null)
@ -30,7 +36,10 @@ output "proxy_default_target_group_name" {
  value       = try(aws_db_proxy_default_target_group.this[0].name, null)
 }
-# Proxy Target
+################################################################################
 # Target(s)
 ################################################################################
 output "proxy_target_endpoint" {
  description = "Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type"
  value       = try(aws_db_proxy_target.db_instance[0].endpoint, aws_db_proxy_target.db_cluster[0].endpoint, null)
@ -66,14 +75,44 @@ output "proxy_target_type" {
  value       = try(aws_db_proxy_target.db_instance[0].type, aws_db_proxy_target.db_cluster[0].type, null)
 }
-# DB proxy endpoints
+################################################################################
 # Endpoint(s)
 ################################################################################
 output "db_proxy_endpoints" {
  description = "Array containing the full resource object and attributes for all DB proxy endpoints created"
  value       = aws_db_proxy_endpoint.this
 }
-# CloudWatch logs
+################################################################################
 # CloudWatch Log Group
 ################################################################################
 output "log_group_arn" {
  description = "The Amazon Resource Name (ARN) of the CloudWatch log group"
  value       = try(aws_cloudwatch_log_group.this[0].arn, null)
 }
 output "log_group_name" {
  description = "The name of the CloudWatch log group"
  value       = try(aws_cloudwatch_log_group.this[0].name, null)
 }
 ################################################################################
 # IAM Role
 ################################################################################
 output "iam_role_arn" {
  description = "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager."
  value       = try(aws_iam_role.this[0].arn, null)
 }
 output "iam_role_name" {
  description = "IAM role name"
  value       = try(aws_iam_role.this[0].name, null)
 }
 output "iam_role_unique_id" {
  description = "Stable and unique string identifying the IAM role"
  value       = try(aws_iam_role.this[0].unique_id, null)
 }
--- a/variables.tf
+++ b/variables.tf
@ -4,6 +4,12 @@ variable "create" {
  default     = true
 }
 variable "region" {
  description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
  type        = string
  default     = null
 }
 variable "tags" {
  description = "A map of tags to add to all resources"
  type        = map(string)
@ -22,8 +28,19 @@ variable "name" {
 variable "auth" {
  description = "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters"
-  type        = any
+  type = map(object({
-  default     = {}
+    auth_scheme               = optional(string)
    client_password_auth_type = optional(string)
    description               = optional(string)
    iam_auth                  = optional(string)
    secret_arn                = optional(string)
    username                  = optional(string)
  }))
  default = {
    default = {
      auth_scheme = "SECRETS"
    }
  }
 }
 variable "debug_logging" {
@ -32,6 +49,12 @@ variable "debug_logging" {
  default     = false
 }
 variable "default_auth_scheme" {
  description = "Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. Defaults to NONE"
  type        = string
  default     = null
 }
 variable "engine_family" {
  description = "The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL`"
  type        = string
@ -74,7 +97,10 @@ variable "proxy_tags" {
  default     = {}
 }
-# Proxy Default Target Group
+################################################################################
 # Default Target Group
 ################################################################################
 variable "connection_borrow_timeout" {
  description = "The number of seconds for a proxy to wait for a connection to become available in the connection pool"
  type        = number
@ -105,7 +131,10 @@ variable "session_pinning_filters" {
  default     = []
 }
-# Proxy Target
+################################################################################
 # Target(s)
 ################################################################################
 variable "target_db_instance" {
  description = "Determines whether DB instance is targeted by proxy"
  type        = bool
@ -130,11 +159,20 @@ variable "db_cluster_identifier" {
  default     = ""
 }
-# Proxy endpoints
+################################################################################
 # Endpoint(s)
 ################################################################################
 variable "endpoints" {
-  description = "Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`)"
+  description = "Map of DB proxy endpoints to create and their attributes"
-  type        = any
+  type = map(object({
-  default     = {}
+    name                   = optional(string)
    vpc_subnet_ids         = list(string)
    vpc_security_group_ids = optional(list(string))
    target_role            = optional(string)
    tags                   = optional(map(string), {})
  }))
  default = {}
 }
 ################################################################################
@ -159,6 +197,12 @@ variable "log_group_kms_key_id" {
  default     = null
 }
 variable "log_group_class" {
  description = "Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS`"
  type        = string
  default     = null
 }
 variable "log_group_tags" {
  description = "A map of tags to apply to the CloudWatch log group"
  type        = map(string)
@ -223,7 +267,10 @@ variable "iam_role_tags" {
  default     = {}
 }
-# IAM Policy
+################################################################################
 # IAM Role Policy
 ################################################################################
 variable "create_iam_policy" {
  description = "Determines whether an IAM policy is created"
  type        = bool
--- a/versions.tf
+++ b/versions.tf
@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 6.15"
    }
  }
 }
--- a/wrappers/README.md
+++ b/wrappers/README.md
@ -0,0 +1,100 @@
 # Wrapper for the root module
 The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
 You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
 This wrapper does not implement any extra functionality.
 ## Usage with Terragrunt
 `terragrunt.hcl`:
 ```hcl
 terraform {
  source = "tfr:///terraform-aws-modules/rds-proxy/aws//wrappers"
  # Alternative source:
  # source = "git::git@github.com:terraform-aws-modules/terraform-aws-rds-proxy.git//wrappers?ref=master"
 }
 inputs = {
  defaults = { # Default values
    create = true
    tags = {
      Terraform   = "true"
      Environment = "dev"
    }
  }
  items = {
    my-item = {
      # omitted... can be any argument supported by the module
    }
    my-second-item = {
      # omitted... can be any argument supported by the module
    }
    # omitted...
  }
 }
 ```
 ## Usage with Terraform
 ```hcl
 module "wrapper" {
  source = "terraform-aws-modules/rds-proxy/aws//wrappers"
  defaults = { # Default values
    create = true
    tags = {
      Terraform   = "true"
      Environment = "dev"
    }
  }
  items = {
    my-item = {
      # omitted... can be any argument supported by the module
    }
    my-second-item = {
      # omitted... can be any argument supported by the module
    }
    # omitted...
  }
 }
 ```
 ## Example: Manage multiple S3 buckets in one Terragrunt layer
 `eu-west-1/s3-buckets/terragrunt.hcl`:
 ```hcl
 terraform {
  source = "tfr:///terraform-aws-modules/s3-bucket/aws//wrappers"
  # Alternative source:
  # source = "git::git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git//wrappers?ref=master"
 }
 inputs = {
  defaults = {
    force_destroy = true
    attach_elb_log_delivery_policy        = true
    attach_lb_log_delivery_policy         = true
    attach_deny_insecure_transport_policy = true
    attach_require_latest_tls_policy      = true
  }
  items = {
    bucket1 = {
      bucket = "my-random-bucket-1"
    }
    bucket2 = {
      bucket = "my-random-bucket-2"
      tags = {
        Secure = "probably"
      }
    }
  }
 }
 ```
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@ -0,0 +1,52 @@
 module "wrapper" {
  source = "../"
  for_each = var.items
  auth = try(each.value.auth, var.defaults.auth, {
    default = {
      auth_scheme = "SECRETS"
    }
  })
  connection_borrow_timeout      = try(each.value.connection_borrow_timeout, var.defaults.connection_borrow_timeout, null)
  create                         = try(each.value.create, var.defaults.create, true)
  create_iam_policy              = try(each.value.create_iam_policy, var.defaults.create_iam_policy, true)
  create_iam_role                = try(each.value.create_iam_role, var.defaults.create_iam_role, true)
  db_cluster_identifier          = try(each.value.db_cluster_identifier, var.defaults.db_cluster_identifier, "")
  db_instance_identifier         = try(each.value.db_instance_identifier, var.defaults.db_instance_identifier, "")
  debug_logging                  = try(each.value.debug_logging, var.defaults.debug_logging, false)
  default_auth_scheme            = try(each.value.default_auth_scheme, var.defaults.default_auth_scheme, null)
  endpoints                      = try(each.value.endpoints, var.defaults.endpoints, {})
  engine_family                  = try(each.value.engine_family, var.defaults.engine_family, "")
  iam_policy_name                = try(each.value.iam_policy_name, var.defaults.iam_policy_name, "")
  iam_role_description           = try(each.value.iam_role_description, var.defaults.iam_role_description, "")
  iam_role_force_detach_policies = try(each.value.iam_role_force_detach_policies, var.defaults.iam_role_force_detach_policies, true)
  iam_role_max_session_duration  = try(each.value.iam_role_max_session_duration, var.defaults.iam_role_max_session_duration, 43200)
  iam_role_name                  = try(each.value.iam_role_name, var.defaults.iam_role_name, "")
  iam_role_path                  = try(each.value.iam_role_path, var.defaults.iam_role_path, null)
  iam_role_permissions_boundary  = try(each.value.iam_role_permissions_boundary, var.defaults.iam_role_permissions_boundary, null)
  iam_role_tags                  = try(each.value.iam_role_tags, var.defaults.iam_role_tags, {})
  idle_client_timeout            = try(each.value.idle_client_timeout, var.defaults.idle_client_timeout, 1800)
  init_query                     = try(each.value.init_query, var.defaults.init_query, "")
  kms_key_arns                   = try(each.value.kms_key_arns, var.defaults.kms_key_arns, [])
  log_group_class                = try(each.value.log_group_class, var.defaults.log_group_class, null)
  log_group_kms_key_id           = try(each.value.log_group_kms_key_id, var.defaults.log_group_kms_key_id, null)
  log_group_retention_in_days    = try(each.value.log_group_retention_in_days, var.defaults.log_group_retention_in_days, 30)
  log_group_tags                 = try(each.value.log_group_tags, var.defaults.log_group_tags, {})
  manage_log_group               = try(each.value.manage_log_group, var.defaults.manage_log_group, true)
  max_connections_percent        = try(each.value.max_connections_percent, var.defaults.max_connections_percent, 90)
  max_idle_connections_percent   = try(each.value.max_idle_connections_percent, var.defaults.max_idle_connections_percent, 50)
  name                           = try(each.value.name, var.defaults.name, "")
  proxy_tags                     = try(each.value.proxy_tags, var.defaults.proxy_tags, {})
  region                         = try(each.value.region, var.defaults.region, null)
  require_tls                    = try(each.value.require_tls, var.defaults.require_tls, true)
  role_arn                       = try(each.value.role_arn, var.defaults.role_arn, "")
  session_pinning_filters        = try(each.value.session_pinning_filters, var.defaults.session_pinning_filters, [])
  tags                           = try(each.value.tags, var.defaults.tags, {})
  target_db_cluster              = try(each.value.target_db_cluster, var.defaults.target_db_cluster, false)
  target_db_instance             = try(each.value.target_db_instance, var.defaults.target_db_instance, false)
  use_policy_name_prefix         = try(each.value.use_policy_name_prefix, var.defaults.use_policy_name_prefix, false)
  use_role_name_prefix           = try(each.value.use_role_name_prefix, var.defaults.use_role_name_prefix, false)
  vpc_security_group_ids         = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, [])
  vpc_subnet_ids                 = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, [])
 }
--- a/wrappers/outputs.tf
+++ b/wrappers/outputs.tf
@ -0,0 +1,5 @@
 output "wrapper" {
  description = "Map of outputs of a wrapper."
  value       = module.wrapper
  # sensitive = false # No sensitive module output found
 }
--- a/wrappers/variables.tf
+++ b/wrappers/variables.tf
@ -0,0 +1,11 @@
 variable "defaults" {
  description = "Map of default values which will be used for each item."
  type        = any
  default     = {}
 }
 variable "items" {
  description = "Maps of items to create a wrapper from. Values are passed through to the module."
  type        = any
  default     = {}
 }
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@ -0,0 +1,10 @@
 terraform {
  required_version = ">= 1.5.7"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 6.15"
    }
  }
 }
Author	SHA1	Message	Date
semantic-release-bot	cf3a8f41f6	chore(release): version 4.2.1 [skip ci] ## [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.2.0...v4.2.1) (2025-10-21) ### Bug Fixes * Update CI workflow versions to latest ([#40](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/40)) ([`5deff22`](`5deff22cf4`))	2025-10-21 09:10:15 +00:00
Bryant Biggs	5deff22cf4	fix: Update CI workflow versions to latest (#40 )	2025-10-21 11:09:40 +02:00
semantic-release-bot	c0b0204344	chore(release): version 4.2.0 [skip ci] ## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.1.0...v4.2.0) (2025-10-14) ### Features * Support `default_auth_scheme` ([#39](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/39)) ([`c2073a0`](`c2073a031c`))	2025-10-14 13:10:34 +00:00
Melissa Greenbaum	c2073a031c	feat: Support `default_auth_scheme` (#39 )	2025-10-14 08:10:07 -05:00
semantic-release-bot	c65b5f03a7	chore(release): version 4.1.0 [skip ci] ## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.0.0...v4.1.0) (2025-10-01) ### Features * Add Terragrunt wrappers ([#38](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/38)) ([`33b43c7`](`33b43c72ab`))	2025-10-01 14:13:37 +00:00
flora-five	33b43c72ab	feat: Add Terragrunt wrappers (#38 )	2025-10-01 09:13:12 -05:00
semantic-release-bot	3cd004baa3	chore(release): version 4.0.0 [skip ci] ## [4.0.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.2.1...v4.0.0) (2025-09-16) ### ⚠ BREAKING CHANGES * Upgrade AWS provider and min required Terraform version to `6.0` and `1.5.7` respectively (#34) ### Features * Upgrade AWS provider and min required Terraform version to `6.0` and `1.5.7` respectively ([#34](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/34)) ([`47c0fca`](`47c0fcad4b`))	2025-09-16 14:29:24 +00:00
mrobinson1022	47c0fcad4b	feat!: Upgrade AWS provider and min required Terraform version to `6.0` and `1.5.7` respectively (#34 ) Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>	2025-09-16 09:28:55 -05:00
semantic-release-bot	e8ffe8f2f1	chore(release): version 3.2.1 [skip ci] ## [3.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.2.0...v3.2.1) (2025-05-22) ### Bug Fixes * Correct service principal to rds.amazonaws.com (incl China) ([#32](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/32)) ([`bbbf50c`](`bbbf50ce87`))	2025-05-22 09:51:36 +00:00
vladislav-orlovskiy	bbbf50ce87	fix: Correct service principal to rds.amazonaws.com (incl China) (#32 ) Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com> Co-authored-by: Anton Babenko <anton@antonbabenko.com>	2025-05-22 11:51:06 +02:00
semantic-release-bot	99df7e3913	chore(release): version 3.2.0 [skip ci] ## [3.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.1.1...v3.2.0) (2024-11-19) ### Features * Add CloudWatch log group name to outputs ([#28](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/28)) ([`0fc0e19`](`0fc0e19e64`)) ### Bug Fixes * Update CI workflow versions to latest ([#27](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/27)) ([`b6f22be`](`b6f22becf6`))	2024-11-19 19:29:43 +00:00
Kevin Kortum	0fc0e19e64	feat: Add CloudWatch log group name to outputs (#28 ) * feat: adds cloudwatch group name to module outputs * test: align tests with the new output	2024-11-19 13:29:15 -06:00
Bryant Biggs	b6f22becf6	fix: Update CI workflow versions to latest (#27 )	2024-10-11 18:25:27 +02:00
semantic-release-bot	56a832c60d	chore(release): version 3.1.1 [skip ci] ## [3.1.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.1.0...v3.1.1) (2024-03-06) ### Bug Fixes * Update CI workflow versions to remove deprecated runtime warnings ([#26](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/26)) ([`a31a810`](`a31a81097b`))	2024-03-06 19:15:03 +00:00
Bryant Biggs	a31a81097b	fix: Update CI workflow versions to remove deprecated runtime warnings (#26 )	2024-03-06 11:14:39 -08:00
semantic-release-bot	67116fc717	chore(release): version 3.1.0 [skip ci] ## [3.1.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v3.0.0...v3.1.0) (2023-08-30) ### Features * Add IAM role output ([#22](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/22)) ([`d18ae45`](`d18ae45d9e`))	2023-08-30 23:59:54 +00:00
Matt McLane	d18ae45d9e	feat: Add IAM role output (#22 ) Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>	2023-08-30 19:59:28 -04:00
Akihiro YAMAZAKI	4e5c8068b9	chore: Fix broken links to examples (#21 )	2023-06-27 13:19:28 +02:00