From c85d3b0e372c725f2953b180d12b917f72df360f Mon Sep 17 00:00:00 2001
From: Melissa Greenbaum <69476188+magreenbaum@users.noreply.github.com>
Date: Sat, 2 Mar 2024 12:00:18 -0500
Subject: [PATCH] feat: Self managed active directory arguments (#541)
---
README.md | 10 +++++++-
examples/blue-green-deployment/README.md | 4 ++--
examples/blue-green-deployment/versions.tf | 2 +-
examples/complete-mssql/README.md | 4 ++--
examples/complete-mssql/versions.tf | 2 +-
examples/complete-mysql/README.md | 4 ++--
examples/complete-mysql/versions.tf | 2 +-
examples/complete-oracle/README.md | 4 ++--
examples/complete-oracle/versions.tf | 2 +-
examples/complete-postgres/README.md | 4 ++--
examples/complete-postgres/versions.tf | 2 +-
.../cross-region-replica-postgres/README.md | 4 ++--
.../cross-region-replica-postgres/versions.tf | 2 +-
examples/enhanced-monitoring/README.md | 4 ++--
examples/enhanced-monitoring/versions.tf | 2 +-
examples/groups/README.md | 2 +-
examples/groups/versions.tf | 2 +-
examples/replica-mysql/README.md | 4 ++--
examples/replica-mysql/versions.tf | 2 +-
examples/replica-postgres/README.md | 4 ++--
examples/replica-postgres/versions.tf | 2 +-
examples/role-association-postgres/README.md | 4 ++--
.../role-association-postgres/versions.tf | 2 +-
examples/s3-import-mysql/README.md | 4 ++--
examples/s3-import-mysql/versions.tf | 2 +-
main.tf | 4 ++++
modules/db_instance/README.md | 12 ++++++++--
modules/db_instance/main.tf | 4 ++++
modules/db_instance/outputs.tf | 20 ++++++++++++++++
modules/db_instance/variables.tf | 24 +++++++++++++++++++
modules/db_instance/versions.tf | 2 +-
.../versions.tf | 2 +-
.../db_instance_role_association/README.md | 4 ++--
.../db_instance_role_association/versions.tf | 2 +-
modules/db_option_group/README.md | 4 ++--
modules/db_option_group/versions.tf | 2 +-
modules/db_parameter_group/README.md | 4 ++--
modules/db_parameter_group/versions.tf | 2 +-
modules/db_subnet_group/README.md | 4 ++--
modules/db_subnet_group/versions.tf | 2 +-
outputs.tf | 20 ++++++++++++++++
variables.tf | 24 +++++++++++++++++++
versions.tf | 2 +-
43 files changed, 165 insertions(+), 53 deletions(-)
diff --git a/README.md b/README.md
index c6177f63..37eeae0d 100644
--- a/README.md
+++ b/README.md
@@ -210,7 +210,7 @@ Users have the ability to:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
@@ -266,7 +266,11 @@ No resources.
| [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB instance is deleted | `bool` | `true` | no |
| [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true | `bool` | `false` | no |
| [domain](#input\_domain) | The ID of the Directory Service Active Directory domain to create the instance in | `string` | `null` | no |
+| [domain\_auth\_secret\_arn](#input\_domain\_auth\_secret\_arn) | (Optional, but required if domain\_fqdn is provided) The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
+| [domain\_dns\_ips](#input\_domain\_dns\_ips) | (Optional, but required if domain\_fqdn is provided) The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain\_iam\_role\_name. | `list(string)` | `null` | no |
+| [domain\_fqdn](#input\_domain\_fqdn) | The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
| [domain\_iam\_role\_name](#input\_domain\_iam\_role\_name) | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | `string` | `null` | no |
+| [domain\_ou](#input\_domain\_ou) | (Optional, but required if domain\_fqdn is provided) The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL) | `list(string)` | `[]` | no |
| [engine](#input\_engine) | The database engine to use | `string` | `null` | no |
| [engine\_version](#input\_engine\_version) | The engine version to use | `string` | `null` | no |
@@ -340,7 +344,11 @@ No resources.
| [db\_instance\_ca\_cert\_identifier](#output\_db\_instance\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance |
| [db\_instance\_cloudwatch\_log\_groups](#output\_db\_instance\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes |
| [db\_instance\_domain](#output\_db\_instance\_domain) | The ID of the Directory Service Active Directory domain the instance is joined to |
+| [db\_instance\_domain\_auth\_secret\_arn](#output\_db\_instance\_domain\_auth\_secret\_arn) | The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain |
+| [db\_instance\_domain\_dns\_ips](#output\_db\_instance\_domain\_dns\_ips) | The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers |
+| [db\_instance\_domain\_fqdn](#output\_db\_instance\_domain\_fqdn) | The fully qualified domain name (FQDN) of an self managed Active Directory domain |
| [db\_instance\_domain\_iam\_role\_name](#output\_db\_instance\_domain\_iam\_role\_name) | The name of the IAM role to be used when making API calls to the Directory Service |
+| [db\_instance\_domain\_ou](#output\_db\_instance\_domain\_ou) | The self managed Active Directory organizational unit for your DB instance to join |
| [db\_instance\_endpoint](#output\_db\_instance\_endpoint) | The connection endpoint |
| [db\_instance\_engine](#output\_db\_instance\_engine) | The database engine |
| [db\_instance\_engine\_version\_actual](#output\_db\_instance\_engine\_version\_actual) | The running version of the database |
diff --git a/examples/blue-green-deployment/README.md b/examples/blue-green-deployment/README.md
index ecb73d5e..48434afb 100644
--- a/examples/blue-green-deployment/README.md
+++ b/examples/blue-green-deployment/README.md
@@ -27,13 +27,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/blue-green-deployment/versions.tf b/examples/blue-green-deployment/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/blue-green-deployment/versions.tf
+++ b/examples/blue-green-deployment/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/complete-mssql/README.md b/examples/complete-mssql/README.md
index 1eb795dc..05a8a40b 100644
--- a/examples/complete-mssql/README.md
+++ b/examples/complete-mssql/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/complete-mssql/versions.tf b/examples/complete-mssql/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/complete-mssql/versions.tf
+++ b/examples/complete-mssql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/complete-mysql/README.md b/examples/complete-mysql/README.md
index b839444b..caf2d798 100644
--- a/examples/complete-mysql/README.md
+++ b/examples/complete-mysql/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/complete-mysql/versions.tf b/examples/complete-mysql/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/complete-mysql/versions.tf
+++ b/examples/complete-mysql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/complete-oracle/README.md b/examples/complete-oracle/README.md
index 8fa07b7e..3b667c06 100644
--- a/examples/complete-oracle/README.md
+++ b/examples/complete-oracle/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/complete-oracle/versions.tf b/examples/complete-oracle/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/complete-oracle/versions.tf
+++ b/examples/complete-oracle/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/complete-postgres/README.md b/examples/complete-postgres/README.md
index 2f31452b..e9eb041a 100644
--- a/examples/complete-postgres/README.md
+++ b/examples/complete-postgres/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/complete-postgres/versions.tf b/examples/complete-postgres/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/complete-postgres/versions.tf
+++ b/examples/complete-postgres/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/cross-region-replica-postgres/README.md b/examples/cross-region-replica-postgres/README.md
index 1c82047a..ac8edc4c 100644
--- a/examples/cross-region-replica-postgres/README.md
+++ b/examples/cross-region-replica-postgres/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/cross-region-replica-postgres/versions.tf b/examples/cross-region-replica-postgres/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/cross-region-replica-postgres/versions.tf
+++ b/examples/cross-region-replica-postgres/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/enhanced-monitoring/README.md b/examples/enhanced-monitoring/README.md
index 69cffb64..1cd48c16 100644
--- a/examples/enhanced-monitoring/README.md
+++ b/examples/enhanced-monitoring/README.md
@@ -22,13 +22,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/enhanced-monitoring/versions.tf b/examples/enhanced-monitoring/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/enhanced-monitoring/versions.tf
+++ b/examples/enhanced-monitoring/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/groups/README.md b/examples/groups/README.md
index bd36dc72..1f5b86f2 100644
--- a/examples/groups/README.md
+++ b/examples/groups/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
diff --git a/examples/groups/versions.tf b/examples/groups/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/groups/versions.tf
+++ b/examples/groups/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/replica-mysql/README.md b/examples/replica-mysql/README.md
index d8fbd865..39b2621f 100644
--- a/examples/replica-mysql/README.md
+++ b/examples/replica-mysql/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/replica-mysql/versions.tf b/examples/replica-mysql/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/replica-mysql/versions.tf
+++ b/examples/replica-mysql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/replica-postgres/README.md b/examples/replica-postgres/README.md
index ec3b98b2..0584e1ea 100644
--- a/examples/replica-postgres/README.md
+++ b/examples/replica-postgres/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/replica-postgres/versions.tf b/examples/replica-postgres/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/replica-postgres/versions.tf
+++ b/examples/replica-postgres/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/role-association-postgres/README.md b/examples/role-association-postgres/README.md
index b5721a46..838f91e5 100644
--- a/examples/role-association-postgres/README.md
+++ b/examples/role-association-postgres/README.md
@@ -10,13 +10,13 @@ Further database configurations for creating extension and invoking from postgre
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/role-association-postgres/versions.tf b/examples/role-association-postgres/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/role-association-postgres/versions.tf
+++ b/examples/role-association-postgres/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/examples/s3-import-mysql/README.md b/examples/s3-import-mysql/README.md
index b125d8c3..81f79a88 100644
--- a/examples/s3-import-mysql/README.md
+++ b/examples/s3-import-mysql/README.md
@@ -49,13 +49,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/examples/s3-import-mysql/versions.tf b/examples/s3-import-mysql/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/examples/s3-import-mysql/versions.tf
+++ b/examples/s3-import-mysql/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/main.tf b/main.tf
index 7e04815d..f06f12f4 100644
--- a/main.tf
+++ b/main.tf
@@ -77,7 +77,11 @@ module "db_instance" {
password = var.manage_master_user_password ? null : var.password
port = var.port
domain = var.domain
+ domain_auth_secret_arn = var.domain_auth_secret_arn
+ domain_dns_ips = var.domain_dns_ips
+ domain_fqdn = var.domain_fqdn
domain_iam_role_name = var.domain_iam_role_name
+ domain_ou = var.domain_ou
iam_database_authentication_enabled = var.iam_database_authentication_enabled
custom_iam_instance_profile = var.custom_iam_instance_profile
manage_master_user_password = var.manage_master_user_password
diff --git a/modules/db_instance/README.md b/modules/db_instance/README.md
index 860e318e..0edf1309 100644
--- a/modules/db_instance/README.md
+++ b/modules/db_instance/README.md
@@ -6,14 +6,14 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
| [random](#requirement\_random) | >= 3.1 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
| [random](#provider\_random) | >= 3.1 |
## Modules
@@ -59,7 +59,11 @@ No modules.
| [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB instance is deleted | `bool` | `true` | no |
| [deletion\_protection](#input\_deletion\_protection) | The database can't be deleted when this value is set to true. | `bool` | `false` | no |
| [domain](#input\_domain) | The ID of the Directory Service Active Directory domain to create the instance in | `string` | `null` | no |
+| [domain\_auth\_secret\_arn](#input\_domain\_auth\_secret\_arn) | (Optional, but required if domain\_fqdn is provided) The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
+| [domain\_dns\_ips](#input\_domain\_dns\_ips) | (Optional, but required if domain\_fqdn is provided) The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain\_iam\_role\_name. | `list(string)` | `null` | no |
+| [domain\_fqdn](#input\_domain\_fqdn) | The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
| [domain\_iam\_role\_name](#input\_domain\_iam\_role\_name) | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | `string` | `null` | no |
+| [domain\_ou](#input\_domain\_ou) | (Optional, but required if domain\_fqdn is provided) The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain\_iam\_role\_name. | `string` | `null` | no |
| [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | `list(string)` | `[]` | no |
| [engine](#input\_engine) | The database engine to use | `string` | `null` | no |
| [engine\_version](#input\_engine\_version) | The engine version to use | `string` | `null` | no |
@@ -122,7 +126,11 @@ No modules.
| [db\_instance\_ca\_cert\_identifier](#output\_db\_instance\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance |
| [db\_instance\_cloudwatch\_log\_groups](#output\_db\_instance\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes |
| [db\_instance\_domain](#output\_db\_instance\_domain) | The ID of the Directory Service Active Directory domain the instance is joined to |
+| [db\_instance\_domain\_auth\_secret\_arn](#output\_db\_instance\_domain\_auth\_secret\_arn) | The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain |
+| [db\_instance\_domain\_dns\_ips](#output\_db\_instance\_domain\_dns\_ips) | The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers |
+| [db\_instance\_domain\_fqdn](#output\_db\_instance\_domain\_fqdn) | The fully qualified domain name (FQDN) of an self managed Active Directory domain |
| [db\_instance\_domain\_iam\_role\_name](#output\_db\_instance\_domain\_iam\_role\_name) | The name of the IAM role to be used when making API calls to the Directory Service |
+| [db\_instance\_domain\_ou](#output\_db\_instance\_domain\_ou) | The self managed Active Directory organizational unit for your DB instance to join |
| [db\_instance\_endpoint](#output\_db\_instance\_endpoint) | The connection endpoint |
| [db\_instance\_engine](#output\_db\_instance\_engine) | The database engine |
| [db\_instance\_engine\_version\_actual](#output\_db\_instance\_engine\_version\_actual) | The running version of the database |
diff --git a/modules/db_instance/main.tf b/modules/db_instance/main.tf
index e3c5bf01..2ffcff0b 100644
--- a/modules/db_instance/main.tf
+++ b/modules/db_instance/main.tf
@@ -46,7 +46,11 @@ resource "aws_db_instance" "this" {
password = !local.is_replica && var.manage_master_user_password ? null : var.password
port = var.port
domain = var.domain
+ domain_auth_secret_arn = var.domain_auth_secret_arn
+ domain_dns_ips = var.domain_dns_ips
+ domain_fqdn = var.domain_fqdn
domain_iam_role_name = var.domain_iam_role_name
+ domain_ou = var.domain_ou
iam_database_authentication_enabled = var.iam_database_authentication_enabled
custom_iam_instance_profile = var.custom_iam_instance_profile
manage_master_user_password = !local.is_replica && var.manage_master_user_password ? var.manage_master_user_password : null
diff --git a/modules/db_instance/outputs.tf b/modules/db_instance/outputs.tf
index d50d91a9..26c4cdb7 100644
--- a/modules/db_instance/outputs.tf
+++ b/modules/db_instance/outputs.tf
@@ -89,11 +89,31 @@ output "db_instance_domain" {
value = try(aws_db_instance.this[0].domain, null)
}
+output "db_instance_domain_auth_secret_arn" {
+ description = "The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain"
+ value = try(aws_db_instance.this[0].domain_auth_secret_arn, null)
+}
+
+output "db_instance_domain_dns_ips" {
+ description = "The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers"
+ value = try(aws_db_instance.this[0].domain_dns_ips, null)
+}
+
+output "db_instance_domain_fqdn" {
+ description = "The fully qualified domain name (FQDN) of an self managed Active Directory domain"
+ value = try(aws_db_instance.this[0].domain_fqdn, null)
+}
+
output "db_instance_domain_iam_role_name" {
description = "The name of the IAM role to be used when making API calls to the Directory Service"
value = try(aws_db_instance.this[0].domain_iam_role_name, null)
}
+output "db_instance_domain_ou" {
+ description = "The self managed Active Directory organizational unit for your DB instance to join"
+ value = try(aws_db_instance.this[0].domain_ou, null)
+}
+
output "db_instance_master_user_secret_arn" {
description = "The ARN of the master user secret (Only available when manage_master_user_password is set to true)"
value = try(aws_db_instance.this[0].master_user_secret[0].secret_arn, null)
diff --git a/modules/db_instance/variables.tf b/modules/db_instance/variables.tf
index 2c1ef3c8..372d4529 100644
--- a/modules/db_instance/variables.tf
+++ b/modules/db_instance/variables.tf
@@ -80,12 +80,36 @@ variable "domain" {
default = null
}
+variable "domain_auth_secret_arn" {
+ description = "(Optional, but required if domain_fqdn is provided) The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
+variable "domain_dns_ips" {
+ description = "(Optional, but required if domain_fqdn is provided) The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name."
+ type = list(string)
+ default = null
+}
+
+variable "domain_fqdn" {
+ description = "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
variable "domain_iam_role_name" {
description = "(Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service"
type = string
default = null
}
+variable "domain_ou" {
+ description = "(Optional, but required if domain_fqdn is provided) The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
variable "engine" {
description = "The database engine to use"
type = string
diff --git a/modules/db_instance/versions.tf b/modules/db_instance/versions.tf
index ad493262..45bd18cd 100644
--- a/modules/db_instance/versions.tf
+++ b/modules/db_instance/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
random = {
diff --git a/modules/db_instance_automated_backups_replication/versions.tf b/modules/db_instance_automated_backups_replication/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/modules/db_instance_automated_backups_replication/versions.tf
+++ b/modules/db_instance_automated_backups_replication/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/modules/db_instance_role_association/README.md b/modules/db_instance_role_association/README.md
index 938ade19..0e0a3f7c 100644
--- a/modules/db_instance_role_association/README.md
+++ b/modules/db_instance_role_association/README.md
@@ -6,13 +6,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/modules/db_instance_role_association/versions.tf b/modules/db_instance_role_association/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/modules/db_instance_role_association/versions.tf
+++ b/modules/db_instance_role_association/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/modules/db_option_group/README.md b/modules/db_option_group/README.md
index 8f15702e..caf96fbd 100644
--- a/modules/db_option_group/README.md
+++ b/modules/db_option_group/README.md
@@ -6,13 +6,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/modules/db_option_group/versions.tf b/modules/db_option_group/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/modules/db_option_group/versions.tf
+++ b/modules/db_option_group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/modules/db_parameter_group/README.md b/modules/db_parameter_group/README.md
index cfb079ff..4b4faabf 100644
--- a/modules/db_parameter_group/README.md
+++ b/modules/db_parameter_group/README.md
@@ -6,13 +6,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/modules/db_parameter_group/versions.tf b/modules/db_parameter_group/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/modules/db_parameter_group/versions.tf
+++ b/modules/db_parameter_group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/modules/db_subnet_group/README.md b/modules/db_subnet_group/README.md
index 2b5c8e94..6a794497 100644
--- a/modules/db_subnet_group/README.md
+++ b/modules/db_subnet_group/README.md
@@ -6,13 +6,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.33 |
+| [aws](#requirement\_aws) | >= 5.36 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.33 |
+| [aws](#provider\_aws) | >= 5.36 |
## Modules
diff --git a/modules/db_subnet_group/versions.tf b/modules/db_subnet_group/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/modules/db_subnet_group/versions.tf
+++ b/modules/db_subnet_group/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}
diff --git a/outputs.tf b/outputs.tf
index 9abe42ac..b0fb26b5 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -79,11 +79,31 @@ output "db_instance_domain" {
value = module.db_instance.db_instance_domain
}
+output "db_instance_domain_auth_secret_arn" {
+ description = "The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain"
+ value = module.db_instance.db_instance_domain_auth_secret_arn
+}
+
+output "db_instance_domain_dns_ips" {
+ description = "The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers"
+ value = module.db_instance.db_instance_domain_dns_ips
+}
+
+output "db_instance_domain_fqdn" {
+ description = "The fully qualified domain name (FQDN) of an self managed Active Directory domain"
+ value = module.db_instance.db_instance_domain_fqdn
+}
+
output "db_instance_domain_iam_role_name" {
description = "The name of the IAM role to be used when making API calls to the Directory Service"
value = module.db_instance.db_instance_domain_iam_role_name
}
+output "db_instance_domain_ou" {
+ description = "The self managed Active Directory organizational unit for your DB instance to join"
+ value = module.db_instance.db_instance_domain_ou
+}
+
output "db_instance_port" {
description = "The database port"
value = module.db_instance.db_instance_port
diff --git a/variables.tf b/variables.tf
index 00840b1d..ce42b38f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -75,12 +75,36 @@ variable "domain" {
default = null
}
+variable "domain_auth_secret_arn" {
+ description = "(Optional, but required if domain_fqdn is provided) The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
+variable "domain_dns_ips" {
+ description = "(Optional, but required if domain_fqdn is provided) The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name."
+ type = list(string)
+ default = null
+}
+
+variable "domain_fqdn" {
+ description = "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
variable "domain_iam_role_name" {
description = "(Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service"
type = string
default = null
}
+variable "domain_ou" {
+ description = "(Optional, but required if domain_fqdn is provided) The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name."
+ type = string
+ default = null
+}
+
variable "engine" {
description = "The database engine to use"
type = string
diff --git a/versions.tf b/versions.tf
index 992f1b9a..3b3b588a 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.33"
+ version = ">= 5.36"
}
}
}