data "aws_rds_certificate" "latest" {
  latest_valid_till = true
}

locals {
  # GovCloud and Commercial use different CA certs
  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
}

output "ca_cert_identifier" {
  value = {
    "current": local.ca_cert_identifier,
    "latest":  data.aws_rds_certificate.latest.id
  }
}

module "jira_db" {
  source = "terraform-aws-modules/rds/aws"
  version = "~> v3.0"

  identifier = var.identifier # this is the RDS identifier, not the DB name
  name = "jira" # the DB name

  engine             = "postgres"
  # engine_version     = "11.12" Leave this commented to use the latest from major_engine_version
  instance_class     = var.instance_type
  allocated_storage  = var.jira_rds_storage
  storage_encrypted  = true
  kms_key_id = module.jira_key.key_arn
  ca_cert_identifier = local.ca_cert_identifier

  auto_minor_version_upgrade = true
  allow_major_version_upgrade = false

  # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
  # "Error creating DB Instance: InvalidParameterValue: MasterUsername
  # user cannot be used as it is a reserved word used by the engine"
  username = "jira"

  password = "YourPwdShouldBeLongAndSecure!"
  port     = "5432"

  vpc_security_group_ids = [ aws_security_group.jira_rds_sg.id ]

  backup_window      = "00:00-03:00"
  maintenance_window = "Mon:03:00-Mon:06:00"

  # Backup retention is from 0 to 35
  backup_retention_period = var.environment == "test" ? 0 : 35

  tags = merge(var.standard_tags, var.tags)

  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]

  # DB subnet group
  subnet_ids = var.subnets

  # DB parameter group
  family = "postgres11"

  # DB option group
  major_engine_version = "11"

  # Snapshot name upon DB deletion
  final_snapshot_identifier = "${var.identifier}-final-snapshot"

  # Database Deletion Protection
  deletion_protection = var.instance_termination_protection
}