Merge pull request #4945 from stack72/aws-rds-enhanced-monitoring
provider/aws: Enabled Enhanced Monitoring for RDS
This commit is contained in:
commit
d5fb018250
|
@ -270,6 +270,18 @@ func resourceAwsDbInstance() *schema.Resource {
|
||||||
Optional: true,
|
Optional: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"monitoring_role_arn": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
|
||||||
|
"monitoring_interval": &schema.Schema{
|
||||||
|
Type: schema.TypeInt,
|
||||||
|
Optional: true,
|
||||||
|
Default: 0,
|
||||||
|
},
|
||||||
|
|
||||||
"tags": tagsSchema(),
|
"tags": tagsSchema(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -311,6 +323,14 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
||||||
opts.DBSubnetGroupName = aws.String(attr.(string))
|
opts.DBSubnetGroupName = aws.String(attr.(string))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if attr, ok := d.GetOk("monitoring_role_arn"); ok {
|
||||||
|
opts.MonitoringRoleArn = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := d.GetOk("monitoring_interval"); ok {
|
||||||
|
opts.MonitoringInterval = aws.Int64(int64(attr.(int)))
|
||||||
|
}
|
||||||
|
|
||||||
log.Printf("[DEBUG] DB Instance Replica create configuration: %#v", opts)
|
log.Printf("[DEBUG] DB Instance Replica create configuration: %#v", opts)
|
||||||
_, err := conn.CreateDBInstanceReadReplica(&opts)
|
_, err := conn.CreateDBInstanceReadReplica(&opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -504,6 +524,14 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
||||||
opts.PubliclyAccessible = aws.Bool(attr.(bool))
|
opts.PubliclyAccessible = aws.Bool(attr.(bool))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if attr, ok := d.GetOk("monitoring_role_arn"); ok {
|
||||||
|
opts.MonitoringRoleArn = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := d.GetOk("monitoring_interval"); ok {
|
||||||
|
opts.MonitoringInterval = aws.Int64(int64(attr.(int)))
|
||||||
|
}
|
||||||
|
|
||||||
log.Printf("[DEBUG] DB Instance create configuration: %#v", opts)
|
log.Printf("[DEBUG] DB Instance create configuration: %#v", opts)
|
||||||
var err error
|
var err error
|
||||||
_, err = conn.CreateDBInstance(&opts)
|
_, err = conn.CreateDBInstance(&opts)
|
||||||
|
@ -585,6 +613,14 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
d.Set("status", v.DBInstanceStatus)
|
d.Set("status", v.DBInstanceStatus)
|
||||||
d.Set("storage_encrypted", v.StorageEncrypted)
|
d.Set("storage_encrypted", v.StorageEncrypted)
|
||||||
|
|
||||||
|
if v.MonitoringInterval != nil {
|
||||||
|
d.Set("monitoring_interval", v.MonitoringInterval)
|
||||||
|
}
|
||||||
|
|
||||||
|
if v.MonitoringRoleArn != nil {
|
||||||
|
d.Set("monitoring_role_arn", v.MonitoringRoleArn)
|
||||||
|
}
|
||||||
|
|
||||||
// list tags for resource
|
// list tags for resource
|
||||||
// set tags
|
// set tags
|
||||||
conn := meta.(*AWSClient).rdsconn
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
@ -774,6 +810,18 @@ func resourceAwsDbInstanceUpdate(d *schema.ResourceData, meta interface{}) error
|
||||||
requestUpdate = true
|
requestUpdate = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if d.HasChange("monitoring_role_arn") {
|
||||||
|
d.SetPartial("monitoring_role_arn")
|
||||||
|
req.MonitoringRoleArn = aws.String(d.Get("monitoring_role_arn").(string))
|
||||||
|
requestUpdate = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if d.HasChange("monitoring_interval") {
|
||||||
|
d.SetPartial("monitoring_interval")
|
||||||
|
req.MonitoringInterval = aws.Int64(int64(d.Get("monitoring_interval").(int)))
|
||||||
|
requestUpdate = true
|
||||||
|
}
|
||||||
|
|
||||||
if d.HasChange("vpc_security_group_ids") {
|
if d.HasChange("vpc_security_group_ids") {
|
||||||
if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
|
if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
|
||||||
var s []*string
|
var s []*string
|
||||||
|
|
|
@ -109,6 +109,26 @@ func TestAccAWSDBInstanceNoSnapshot(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccAWSDBInstance_enhancedMonitoring(t *testing.T) {
|
||||||
|
var dbInstance rds.DBInstance
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckAWSDBInstanceNoSnapshot,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccSnapshotInstanceConfig_enhancedMonitoring,
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckAWSDBInstanceExists("aws_db_instance.enhanced_monitoring", &dbInstance),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"aws_db_instance.enhanced_monitoring", "monitoring_interval", "5"),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func testAccCheckAWSDBInstanceDestroy(s *terraform.State) error {
|
func testAccCheckAWSDBInstanceDestroy(s *terraform.State) error {
|
||||||
conn := testAccProvider.Meta().(*AWSClient).rdsconn
|
conn := testAccProvider.Meta().(*AWSClient).rdsconn
|
||||||
|
|
||||||
|
@ -452,3 +472,59 @@ resource "aws_db_instance" "no_snapshot" {
|
||||||
final_snapshot_identifier = "foobarbaz-test-terraform-final-snapshot-2"
|
final_snapshot_identifier = "foobarbaz-test-terraform-final-snapshot-2"
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
|
var testAccSnapshotInstanceConfig_enhancedMonitoring = `
|
||||||
|
provider "aws" {
|
||||||
|
region = "us-east-1"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role" "enhanced_policy_role" {
|
||||||
|
name = "enhanced-monitoring-role"
|
||||||
|
assume_role_policy = <<EOF
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Sid": "",
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {
|
||||||
|
"Service": "monitoring.rds.amazonaws.com"
|
||||||
|
},
|
||||||
|
"Action": "sts:AssumeRole"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_policy_attachment" "test-attach" {
|
||||||
|
name = "enhanced-monitoring-attachment"
|
||||||
|
roles = [
|
||||||
|
"${aws_iam_role.enhanced_policy_role.name}",
|
||||||
|
]
|
||||||
|
|
||||||
|
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_db_instance" "enhanced_monitoring" {
|
||||||
|
identifier = "foobarbaz-test-terraform-enhanced-monitoring"
|
||||||
|
depends_on = ["aws_iam_policy_attachment.test-attach"]
|
||||||
|
|
||||||
|
allocated_storage = 5
|
||||||
|
engine = "mysql"
|
||||||
|
engine_version = "5.6.21"
|
||||||
|
instance_class = "db.t2.small"
|
||||||
|
name = "baz"
|
||||||
|
password = "barbarbarbar"
|
||||||
|
username = "foo"
|
||||||
|
backup_retention_period = 1
|
||||||
|
|
||||||
|
parameter_group_name = "default.mysql5.6"
|
||||||
|
|
||||||
|
monitoring_role_arn = "${aws_iam_role.enhanced_policy_role.arn}"
|
||||||
|
monitoring_interval = "5"
|
||||||
|
|
||||||
|
skip_final_snapshot = true
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
|
@ -3,10 +3,13 @@ package aws
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||||
"github.com/aws/aws-sdk-go/service/iam"
|
"github.com/aws/aws-sdk-go/service/iam"
|
||||||
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -210,6 +213,39 @@ func attachPolicyToRoles(conn *iam.IAM, roles []*string, arn string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var attachmentErr error
|
||||||
|
attachmentErr = resource.Retry(2*time.Minute, func() error {
|
||||||
|
|
||||||
|
input := iam.ListRolePoliciesInput{
|
||||||
|
RoleName: r,
|
||||||
|
}
|
||||||
|
|
||||||
|
attachedPolicies, err := conn.ListRolePolicies(&input)
|
||||||
|
if err != nil {
|
||||||
|
return &resource.RetryError{Err: err}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(attachedPolicies.PolicyNames) > 0 {
|
||||||
|
var foundPolicy bool
|
||||||
|
for _, policyName := range attachedPolicies.PolicyNames {
|
||||||
|
if strings.HasSuffix(arn, *policyName) {
|
||||||
|
foundPolicy = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !foundPolicy {
|
||||||
|
return &resource.RetryError{Err: fmt.Errorf("Policy (%q) not yet found", arn)}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
|
||||||
|
if attachmentErr != nil {
|
||||||
|
return attachmentErr
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,6 +99,10 @@ database, and to use this value as the source database. This correlates to the
|
||||||
* `license_model` - (Optional, but required for some DB engines, i.e. Oracle SE1) License model information for this DB instance.
|
* `license_model` - (Optional, but required for some DB engines, i.e. Oracle SE1) License model information for this DB instance.
|
||||||
* `auto_minor_version_upgrade` - (Optional) Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Defaults to true.
|
* `auto_minor_version_upgrade` - (Optional) Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Defaults to true.
|
||||||
* `allow_major_version_upgrade` - (Optional) Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible.
|
* `allow_major_version_upgrade` - (Optional) Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible.
|
||||||
|
* `monitoring_role_arn` - (Optional) The ARN for the IAM role that permits RDS to send
|
||||||
|
enhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)
|
||||||
|
what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.
|
||||||
|
* `monitoring_interval` - (Optional) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.
|
||||||
|
|
||||||
~> **NOTE:** Removing the `replicate_source_db` attribute from an existing RDS
|
~> **NOTE:** Removing the `replicate_source_db` attribute from an existing RDS
|
||||||
Replicate database managed by Terraform will promote the database to a fully
|
Replicate database managed by Terraform will promote the database to a fully
|
||||||
|
|
Loading…
Reference in New Issue