From b4365db9247c3067496e6f2944fb83e32089a824 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Mon, 16 Oct 2023 19:29:44 +0200 Subject: [PATCH] [aurora-postgres] add intra_security_group_traffic_enabled (#876) Co-authored-by: cloudpossebot --- modules/aurora-postgres/README.md | 1 + modules/aurora-postgres/cluster-regional.tf | 67 +++++++++++---------- modules/aurora-postgres/variables.tf | 6 ++ 3 files changed, 41 insertions(+), 33 deletions(-) diff --git a/modules/aurora-postgres/README.md b/modules/aurora-postgres/README.md index dd7dee3da..5934bccb5 100644 --- a/modules/aurora-postgres/README.md +++ b/modules/aurora-postgres/README.md @@ -317,6 +317,7 @@ components: | [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [instance\_type](#input\_instance\_type) | EC2 instance type for Postgres cluster | `string` | n/a | yes | +| [intra\_security\_group\_traffic\_enabled](#input\_intra\_security\_group\_traffic\_enabled) | Whether to allow traffic between resources inside the database's security group. | `bool` | `false` | no | | [kms\_alias\_name\_ssm](#input\_kms\_alias\_name\_ssm) | KMS alias name for SSM | `string` | `"alias/aws/ssm"` | no | | [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | | [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | diff --git a/modules/aurora-postgres/cluster-regional.tf b/modules/aurora-postgres/cluster-regional.tf index ad825ca40..d9de0f7bb 100644 --- a/modules/aurora-postgres/cluster-regional.tf +++ b/modules/aurora-postgres/cluster-regional.tf @@ -17,39 +17,40 @@ module "aurora_postgres_cluster" { admin_user = local.admin_user admin_password = local.admin_password - db_name = local.database_name - publicly_accessible = var.publicly_accessible - db_port = var.database_port - vpc_id = local.vpc_id - subnets = local.private_subnet_ids - zone_id = local.zone_id - cluster_dns_name = local.cluster_dns_name - reader_dns_name = local.reader_dns_name - security_groups = local.allowed_security_groups - allowed_cidr_blocks = local.allowed_cidr_blocks - iam_database_authentication_enabled = var.iam_database_authentication_enabled - storage_encrypted = var.storage_encrypted - kms_key_arn = var.storage_encrypted ? module.kms_key_rds.key_arn : null - performance_insights_kms_key_id = var.performance_insights_enabled ? module.kms_key_rds.key_arn : null - maintenance_window = var.maintenance_window - enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports - enhanced_monitoring_role_enabled = var.enhanced_monitoring_role_enabled - enhanced_monitoring_attributes = var.enhanced_monitoring_attributes - performance_insights_enabled = var.performance_insights_enabled - rds_monitoring_interval = var.rds_monitoring_interval - autoscaling_enabled = var.autoscaling_enabled - autoscaling_policy_type = var.autoscaling_policy_type - autoscaling_target_metrics = var.autoscaling_target_metrics - autoscaling_target_value = var.autoscaling_target_value - autoscaling_scale_in_cooldown = var.autoscaling_scale_in_cooldown - autoscaling_scale_out_cooldown = var.autoscaling_scale_out_cooldown - autoscaling_min_capacity = var.autoscaling_min_capacity - autoscaling_max_capacity = var.autoscaling_max_capacity - scaling_configuration = var.scaling_configuration - serverlessv2_scaling_configuration = var.serverlessv2_scaling_configuration - skip_final_snapshot = var.skip_final_snapshot - deletion_protection = var.deletion_protection - snapshot_identifier = var.snapshot_identifier + db_name = local.database_name + publicly_accessible = var.publicly_accessible + db_port = var.database_port + vpc_id = local.vpc_id + subnets = local.private_subnet_ids + zone_id = local.zone_id + cluster_dns_name = local.cluster_dns_name + reader_dns_name = local.reader_dns_name + security_groups = local.allowed_security_groups + intra_security_group_traffic_enabled = var.intra_security_group_traffic_enabled + allowed_cidr_blocks = local.allowed_cidr_blocks + iam_database_authentication_enabled = var.iam_database_authentication_enabled + storage_encrypted = var.storage_encrypted + kms_key_arn = var.storage_encrypted ? module.kms_key_rds.key_arn : null + performance_insights_kms_key_id = var.performance_insights_enabled ? module.kms_key_rds.key_arn : null + maintenance_window = var.maintenance_window + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + enhanced_monitoring_role_enabled = var.enhanced_monitoring_role_enabled + enhanced_monitoring_attributes = var.enhanced_monitoring_attributes + performance_insights_enabled = var.performance_insights_enabled + rds_monitoring_interval = var.rds_monitoring_interval + autoscaling_enabled = var.autoscaling_enabled + autoscaling_policy_type = var.autoscaling_policy_type + autoscaling_target_metrics = var.autoscaling_target_metrics + autoscaling_target_value = var.autoscaling_target_value + autoscaling_scale_in_cooldown = var.autoscaling_scale_in_cooldown + autoscaling_scale_out_cooldown = var.autoscaling_scale_out_cooldown + autoscaling_min_capacity = var.autoscaling_min_capacity + autoscaling_max_capacity = var.autoscaling_max_capacity + scaling_configuration = var.scaling_configuration + serverlessv2_scaling_configuration = var.serverlessv2_scaling_configuration + skip_final_snapshot = var.skip_final_snapshot + deletion_protection = var.deletion_protection + snapshot_identifier = var.snapshot_identifier cluster_parameters = [ { diff --git a/modules/aurora-postgres/variables.tf b/modules/aurora-postgres/variables.tf index d852a49f9..e3cae7258 100644 --- a/modules/aurora-postgres/variables.tf +++ b/modules/aurora-postgres/variables.tf @@ -329,3 +329,9 @@ variable "serverlessv2_scaling_configuration" { default = null description = "Nested attribute with scaling properties for ServerlessV2. Only valid when `engine_mode` is set to `provisioned.` This is required for Serverless v2" } + +variable "intra_security_group_traffic_enabled" { + type = bool + default = false + description = "Whether to allow traffic between resources inside the database's security group." +}