data "aws_rds_certificate" "latest" {
  latest_valid_till = true
}

locals {
  # GovCloud and Commercial use different CA certs
  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
}

output "ca_cert_identifier" {
  value = {
    "current": local.ca_cert_identifier,
    "latest":  data.aws_rds_certificate.latest.id
  }
}

module "jira_db" {
  source = "terraform-aws-modules/rds/aws"
  version = "~> v2.0"

  identifier = var.identifier # this is the RDS identifier, not the DB name
  name = "jira" # the DB name

  engine             = "postgres"
  engine_version     = "11.8"
  instance_class     = var.instance_type
  allocated_storage  = var.jira_rds_storage
  storage_encrypted  = true
  kms_key_id = module.jira_key.key_arn
  ca_cert_identifier = local.ca_cert_identifier

  # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
  # "Error creating DB Instance: InvalidParameterValue: MasterUsername
  # user cannot be used as it is a reserved word used by the engine"
  username = "jira"

  password = "YourPwdShouldBeLongAndSecure!"
  port     = "5432"

  vpc_security_group_ids = [ aws_security_group.jira_rds_sg.id ]

  # FTD: Should these be reversed? Backup _before_ maintenance?
  maintenance_window = "Mon:00:00-Mon:03:00"
  backup_window      = "03:00-06:00"

  # disable backups to create DB faster
  backup_retention_period = 0

  tags = merge(var.standard_tags, var.tags)

  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]

  # DB subnet group
  subnet_ids = var.subnets

  # DB parameter group
  family = "postgres11"

  # DB option group
  major_engine_version = "11"

  # Snapshot name upon DB deletion
  final_snapshot_identifier = "${var.identifier}-final-snapshot"

  # Database Deletion Protection
  deletion_protection = var.instance_termination_protection
}