terraform-community-modules / tf_aws_rds Goto Github PK

Hey all!
I've been bumping against this for some time now and haven't found any satisfying solution.

I'm running several RDS instances (Postgres and MySQL). Default parameter group settings were fine until now. I'd like to override some settings on one of the RDS instance, but all my instances are being managed by tf_aws_rds module, so if I add some parameter to module, all my instances will be altered. Which of course I don't want to do.

Do you have any ideas or working solutions on that?

Thanks a lot!
Grzegorz

I tried specifying storage type "io1" and got this error:

* aws_db_instance.main_rds_instance: Error creating DB Instance: InvalidParameterCombination: The storage type io1 requires iops to be specified.

I guess that needs adding to the module.

Commit 5ebc8bf introduces a conflict between the default value of backup_window and that of the new maintenance_window parameter.

They must not overlap.

@antonbabenko

I found database subnet group is created in both modules (tf_aws_vpc and tf_aws_rds).

Should we remove ours? So any databases in that VPC will share the same subnet group, it looks neat.

I think using the DB endpoint as a variable elsewhere can be quite common use case.

name Database access not unique and conflicts when you use the module to set up multiple RDS instances in the same account.

resource "aws_security_group" "main_db_access" {
  name = "Database access"
  description = "Allow access to the database"
  vpc_id = "${var.rds_vpc_id}"
}```

proposed solution: add the `rds_instance_identifier` to the name.

Pull request forthcoming.

I think in most use cases, we allow access of the DB from another security group (app tier for example). Actually I must provide a cidr_block for the security group to use the module even if I don't want to.

I would be nice to have the choice between cidr_blocks or source_security_group_id for the allow_rule. As these two options create a conflict, I think two rules should be used , one for the cidr_blocks and the other for the source_security_group_id. Then it's just a matter of count = 0|1 based on the value of the variables (that's my actual workaround).

Please don't include the

provider "aws" { ... }

block, as it forces the user to specify those values from a var, and the default mechanism (cli>env>creds etc) will thus not be used. See https://groups.google.com/d/msg/terraform-tool/e9eIdaPE1p0/pPMPxEmACgAJ

@solarce
@antonbabenko
@hakamadare

Not sure how to contact you and the group owner of terraform-community-modules. I am using terraform every day for last 2 years and want to join the group to help.