luciano/terraform-aws-rds-proxy
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-rds-proxy.git synced 2025-12-17 08:21:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: luciano:v4.1.0
Branches Tags
luciano:master
luciano:v4.2.1
luciano:v4.2.0
luciano:v4.1.0
luciano:v4.0.0
luciano:v3.2.1
luciano:v3.2.0
luciano:v3.1.1
luciano:v3.1.0
luciano:v3.0.0
luciano:v2.1.2
luciano:v2.1.1
luciano:v2.1.0
luciano:v2.0.1
luciano:v2.0.0
luciano:v1.0.2
luciano:v1.0.1
luciano:v1.0.0
...
compare: luciano:master
Branches Tags
luciano:master
luciano:v4.2.1
luciano:v4.2.0
luciano:v4.1.0
luciano:v4.0.0
luciano:v3.2.1
luciano:v3.2.0
luciano:v3.1.1
luciano:v3.1.0
luciano:v3.0.0
luciano:v2.1.2
luciano:v2.1.1
luciano:v2.1.0
luciano:v2.0.1
luciano:v2.0.0
luciano:v1.0.2
luciano:v1.0.1
luciano:v1.0.0

4 commits
v4.1.0 ... master

Author SHA1 Message Date
semantic-release-bot
cf3a8f41f6 chore(release): version 4.2.1 [skip ci] 
## [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.2.0...v4.2.1) (2025-10-21)

### Bug Fixes

* Update CI workflow versions to latest ([#40](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/40)) ([5deff22](5deff22cf4))
 2025-10-21 09:10:15 +00:00
Bryant Biggs
5deff22cf4
fix: Update CI workflow versions to latest (#40) 2025-10-21 11:09:40 +02:00
semantic-release-bot
c0b0204344 chore(release): version 4.2.0 [skip ci] 
## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.1.0...v4.2.0) (2025-10-14)

### Features

* Support `default_auth_scheme` ([#39](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/39)) ([c2073a0](c2073a031c))
 2025-10-14 13:10:34 +00:00
Melissa Greenbaum
c2073a031c
feat: Support default_auth_scheme (#39) 2025-10-14 08:10:07 -05:00
23 changed files with 168 additions and 65 deletions
Show stats Expand all files Collapse all files

2
.github/workflows/pr-title.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/action-semantic-pull-request@v5.5.3
- uses: amannn/action-semantic-pull-request@v6.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

111
.github/workflows/pre-commit.yml vendored
View file

@ -7,8 +7,8 @@ on:
- master
env:
TERRAFORM_DOCS_VERSION: v0.19.0
TFLINT_VERSION: v0.53.0
TERRAFORM_DOCS_VERSION: v0.20.0
TFLINT_VERSION: v0.59.1
jobs:
collectInputs:
@ -18,11 +18,11 @@ jobs:
directories: ${{ steps.dirs.outputs.directories }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Get root directories
id: dirs
uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
uses: clowdhaus/terraform-composite-actions/directories@v1.14.0
preCommitMinVersions:
name: Min TF pre-commit
@ -32,27 +32,49 @@ jobs:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
steps:
- name: Install rmz
uses: jaxxstorm/action-install-gh-release@v2.1.0
with:
repo: SUPERCILEX/fuc
asset-name: x86_64-unknown-linux-gnu-rmz
rename-to: rmz
chmod: 0755
extension-matching: disable
# https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
- name: Delete unnecessary files
run: |
rm -rf /opt/hostedtoolcache/CodeQL
rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
rm -rf /opt/hostedtoolcache/Ruby
rm -rf /opt/hostedtoolcache/go
formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
BEFORE=$(getAvailableSpace)
ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz
rmz -f /opt/hostedtoolcache/CodeQL &
rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk &
rmz -f /opt/hostedtoolcache/PyPy &
rmz -f /opt/hostedtoolcache/Ruby &
rmz -f /opt/hostedtoolcache/go &
wait
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
echo "=> Saved $(formatByteCount $SAVED)"
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.3.1
uses: clowdhaus/terraform-min-max@v2.1.0
with:
directory: ${{ matrix.directory }}
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
@ -61,7 +83,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}
@ -72,26 +94,73 @@ jobs:
runs-on: ubuntu-latest
needs: collectInputs
steps:
- name: Install rmz
uses: jaxxstorm/action-install-gh-release@v2.1.0
with:
repo: SUPERCILEX/fuc
asset-name: x86_64-unknown-linux-gnu-rmz
rename-to: rmz
chmod: 0755
extension-matching: disable
# https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
- name: Delete unnecessary files
run: |
rm -rf /opt/hostedtoolcache/CodeQL
rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
rm -rf /opt/hostedtoolcache/Ruby
rm -rf /opt/hostedtoolcache/go
formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
BEFORE=$(getAvailableSpace)
ln -s /opt/hostedtoolcache/SUPERCILEX/x86_64-unknown-linux-gnu-rmz/latest/linux-x64/rmz /usr/local/bin/rmz
rmz -f /opt/hostedtoolcache/CodeQL &
rmz -f /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk &
rmz -f /opt/hostedtoolcache/PyPy &
rmz -f /opt/hostedtoolcache/Ruby &
rmz -f /opt/hostedtoolcache/go &
sudo rmz -f /usr/local/lib/android &
if [[ ${{ github.repository }} == terraform-aws-modules/terraform-aws-security-group ]]; then
sudo rmz -f /usr/share/dotnet &
sudo rmz -f /usr/local/.ghcup &
sudo apt-get -qq remove -y 'azure-.*'
sudo apt-get -qq remove -y 'cpp-.*'
sudo apt-get -qq remove -y 'dotnet-runtime-.*'
sudo apt-get -qq remove -y 'google-.*'
sudo apt-get -qq remove -y 'libclang-.*'
sudo apt-get -qq remove -y 'libllvm.*'
sudo apt-get -qq remove -y 'llvm-.*'
sudo apt-get -qq remove -y 'mysql-.*'
sudo apt-get -qq remove -y 'postgresql-.*'
sudo apt-get -qq remove -y 'php.*'
sudo apt-get -qq remove -y 'temurin-.*'
sudo apt-get -qq remove -y kubectl firefox mono-devel
sudo apt-get -qq autoremove -y
sudo apt-get -qq clean
fi
wait
AFTER=$(getAvailableSpace)
SAVED=$((AFTER-BEFORE))
echo "=> Saved $(formatByteCount $SAVED)"
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v1.3.1
uses: clowdhaus/terraform-min-max@v2.1.0
- name: Hide template dir
# Special to this repo, we don't want to check this dir
if: ${{ github.repository == 'terraform-aws-modules/terraform-aws-security-group' }}
run: rm -rf modules/_templates
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
tflint-version: ${{ env.TFLINT_VERSION }}

24
.github/workflows/release.yml vendored
View file

@ -20,18 +20,26 @@ jobs:
if: github.repository_owner == 'terraform-aws-modules'
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
persist-credentials: false
fetch-depth: 0
- name: Release
uses: cycjimmy/semantic-release-action@v4
- name: Set correct Node.js version
uses: actions/setup-node@v6
with:
semantic_version: 23.0.2
extra_plugins: |
@semantic-release/changelog@6.0.3
@semantic-release/git@10.0.1
conventional-changelog-conventionalcommits@7.0.2
node-version: 24
- name: Install dependencies
run: |
npm install \
@semantic-release/changelog@6.0.3 \
@semantic-release/git@10.0.1 \
conventional-changelog-conventionalcommits@9.1.0
- name: Release
uses: cycjimmy/semantic-release-action@v5
with:
semantic_version: 25.0.0
env:
GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}

2
.github/workflows/stale-actions.yaml vendored
View file

@ -7,7 +7,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
- uses: actions/stale@v10
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Staling issues and PR's

24
.gitignore vendored
View file

@ -1,13 +1,13 @@
# Local .terraform directories
**/.terraform/*
# Terraform lockfile
.terraform.lock.hcl
# .tfstate files
*.tfstate
*.tfstate.*
# terraform lockfile
.terraform.lock.hcl
# Crash log files
crash.log
@ -15,7 +15,6 @@ crash.log
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
#
*.tfvars
# Ignore override files as they are usually used to override resources locally and so
@ -25,13 +24,16 @@ override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
#
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# Lambda build artifacts
builds/
__pycache__/
*.zip
.tox
# Local editors/macos files
.DS_Store
.idea

2
.pre-commit-config.yaml
View file

@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.100.1
rev: v1.103.0
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each

13
CHANGELOG.md
View file

@ -2,6 +2,19 @@
All notable changes to this project will be documented in this file.
## [4.2.1](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.2.0...v4.2.1) (2025-10-21)
### Bug Fixes
* Update CI workflow versions to latest ([#40](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/40)) ([5deff22](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/5deff22cf4c471ce824c016687c3b933cd8b783c))
## [4.2.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.1.0...v4.2.0) (2025-10-14)
### Features
* Support `default_auth_scheme` ([#39](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/issues/39)) ([c2073a0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/commit/c2073a031c947270dac3f17c7f76e2996cd1b5b1))
## [4.1.0](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/compare/v4.0.0...v4.1.0) (2025-10-01)

5
README.md
View file

@ -63,13 +63,13 @@ Examples codified under the [`examples`](https://github.com/terraform-aws-module
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
## Modules
@ -105,6 +105,7 @@ No modules.
| <a name="input_db_cluster_identifier"></a> [db\_cluster\_identifier](#input\_db\_cluster\_identifier) | DB cluster identifier | `string` | `""` | no |
| <a name="input_db_instance_identifier"></a> [db\_instance\_identifier](#input\_db\_instance\_identifier) | DB instance identifier | `string` | `""` | no |
| <a name="input_debug_logging"></a> [debug\_logging](#input\_debug\_logging) | Whether the proxy includes detailed information about SQL statements in its logs | `bool` | `false` | no |
| <a name="input_default_auth_scheme"></a> [default\_auth\_scheme](#input\_default\_auth\_scheme) | Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM\_AUTH. Defaults to NONE | `string` | `null` | no |
| <a name="input_endpoints"></a> [endpoints](#input\_endpoints) | Map of DB proxy endpoints to create and their attributes | <pre>map(object({<br/> name = optional(string)<br/> vpc_subnet_ids = list(string)<br/> vpc_security_group_ids = optional(list(string))<br/> target_role = optional(string)<br/> tags = optional(map(string), {})<br/> }))</pre> | `{}` | no |
| <a name="input_engine_family"></a> [engine\_family](#input\_engine\_family) | The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL` | `string` | `""` | no |
| <a name="input_iam_policy_name"></a> [iam\_policy\_name](#input\_iam\_policy\_name) | The name of the role policy. If omitted, Terraform will assign a random, unique name | `string` | `""` | no |

12
examples/README.md
View file

@ -1,6 +1,8 @@
# AWS RDS Proxy Terraform Examples
# Examples
- [IAM auth. w/ MySQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql-iam-cluster)
- [IAM auth. w/ MySQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/mysql-iam-instance)
- [IAM auth. w/ PostgreSQL Aurora cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql-iam-cluster)
- [IAM auth. w/ PostgreSQL RDS instance](https://github.com/terraform-aws-modules/terraform-aws-rds-proxy/tree/master/examples/postgresql-iam-instance)
Please note - the examples provided serve two primary means:
1. Show users working examples of the various ways in which the module can be configured and features supported
2. A means of testing/validating module changes
Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc.

4
examples/mysql-iam-cluster/README.md
View file

@ -31,13 +31,13 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
## Modules

2
examples/mysql-iam-cluster/versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
}
}

4
examples/mysql-iam-instance/README.md
View file

@ -31,14 +31,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
## Modules

2
examples/mysql-iam-instance/versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
random = {
source = "hashicorp/random"

4
examples/postgresql-iam-cluster/README.md
View file

@ -31,13 +31,13 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
## Modules

2
examples/postgresql-iam-cluster/main.tf
View file

@ -88,7 +88,7 @@ module "rds" {
name = local.name
engine = "aurora-postgresql"
engine_version = "14.7"
engine_version = "17.5"
master_username = "root"
# When using RDS Proxy w/ IAM auth - Database must be username/password auth, not IAM

2
examples/postgresql-iam-cluster/versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
}
}

4
examples/postgresql-iam-instance/README.md
View file

@ -31,14 +31,14 @@ An EC2 instance configuration has been provided for use in validating the exampl
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.15 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.15 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.0 |
## Modules

2
examples/postgresql-iam-instance/versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
random = {
source = "hashicorp/random"

1
main.tf
View file

@ -21,6 +21,7 @@ resource "aws_db_proxy" "this" {
}
debug_logging = var.debug_logging
default_auth_scheme = var.default_auth_scheme
engine_family = var.engine_family
idle_client_timeout = var.idle_client_timeout
name = var.name

6
variables.tf
View file

@ -49,6 +49,12 @@ variable "debug_logging" {
default = false
}
variable "default_auth_scheme" {
description = "Default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. Defaults to NONE"
type = string
default = null
}
variable "engine_family" {
description = "The kind of database engine that the proxy will connect to. Valid values are `MYSQL` or `POSTGRESQL`"
type = string

2
versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
}
}

1
wrappers/main.tf
View file

@ -15,6 +15,7 @@ module "wrapper" {
db_cluster_identifier = try(each.value.db_cluster_identifier, var.defaults.db_cluster_identifier, "")
db_instance_identifier = try(each.value.db_instance_identifier, var.defaults.db_instance_identifier, "")
debug_logging = try(each.value.debug_logging, var.defaults.debug_logging, false)
default_auth_scheme = try(each.value.default_auth_scheme, var.defaults.default_auth_scheme, null)
endpoints = try(each.value.endpoints, var.defaults.endpoints, {})
engine_family = try(each.value.engine_family, var.defaults.engine_family, "")
iam_policy_name = try(each.value.iam_policy_name, var.defaults.iam_policy_name, "")

2
wrappers/versions.tf
View file

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.0"
version = ">= 6.15"
}
}
}