data "aws_rds_certificate" "latest" { latest_valid_till = true id = "rds-ca-rsa4096-g1" } locals { # GovCloud and Commercial use different CA certs ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-rsa4096-g1" } output "ca_cert_identifier" { value = { "current" : local.ca_cert_identifier, "latest" : data.aws_rds_certificate.latest.id } } module "jira_db" { source = "terraform-aws-modules/rds/aws" version = "v4.2.0" identifier = var.identifier # this is the RDS identifier, not the DB name db_name = "jira" # the DB name engine = "postgres" auto_minor_version_upgrade = true allow_major_version_upgrade = false # The three of these must be consistent engine_version = var.environment == "test" ? "12" : "12.8" # If you do not specify the minor version, it uses the latest. If you do specify # the minor version, turn off auto_minor_version_upgrade. family = "postgres12" # DB parameter group major_engine_version = "12" # DB option group instance_class = local.instance_type allocated_storage = var.jira_rds_storage storage_encrypted = true kms_key_id = module.jira_key.key_arn ca_cert_identifier = local.ca_cert_identifier # NOTE: Do NOT use 'user' as the value for 'username' as it throws: # "Error creating DB Instance: InvalidParameterValue: MasterUsername # user cannot be used as it is a reserved word used by the engine" username = "jira" password = "YourPwdShouldBeLongAndSecure!" port = "5432" vpc_security_group_ids = [aws_security_group.jira_rds_sg.id] backup_window = "00:00-03:00" maintenance_window = "Mon:03:00-Mon:06:00" # Backup retention is from 0 to 35 backup_retention_period = var.environment == "test" ? 0 : 35 tags = merge(local.standard_tags, var.tags) enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"] # DB subnet group subnet_ids = var.subnets create_db_subnet_group = true # Snapshot name upon DB deletion final_snapshot_identifier_prefix = "${var.identifier}-final-snapshot" # Database Deletion Protection deletion_protection = var.instance_termination_protection }