Adding aws_rds_db_ca_cert_identifier

bitovi · Nov 10, 2023 · c057b23 · c057b23
1 parent 89611ad
commit c057b23
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -231,6 +231,7 @@ The following inputs can be used as `step.with` keys
 | `aws_rds_db_user`| String | Username for the db. Defaults to `dbuser`. |
 | `aws_rds_db_engine`| String | Which Database engine to use. Defaults to `postgres`. |
 | `aws_rds_db_engine_version`| String | Which Database engine version to use. |
+| `aws_rds_db_ca_cert_identifier`| String | Certificate to use with the database. Defaults to `rds-ca-ecc384-g1`.|
 | `aws_rds_db_security_group_name`| String | The name of the database security group. Defaults to `SG for ${aws_resource_identifier} - RDS`. |
 | `aws_rds_db_allowed_security_groups` | String | Comma separated list of security groups to add to the DB SG. | 
 | `aws_rds_db_ingress_allow_all` | Boolean | Allow incoming traffic from 0.0.0.0/0. Defaults to `true`. |

diff --git a/action.yaml b/action.yaml
@@ -326,6 +326,9 @@ inputs:
   aws_rds_db_engine_version:
     description: 'Which Database engine version to use.'
     required: false
+  aws_rds_db_ca_cert_identifier:
+    description: 'Certificate to use with the database. Defaults to rds-ca-ecc384-g1'
+    required: false
   aws_rds_db_security_group_name:
     description: 'The name of the database security group. Defaults to SG for aws_resource_identifier - RDS.'
     required: false
@@ -1026,6 +1029,7 @@ runs:
         AWS_RDS_DB_USER: ${{ inputs.aws_rds_db_user }}
         AWS_RDS_DB_ENGINE: ${{ inputs.aws_rds_db_engine }}
         AWS_RDS_DB_ENGINE_VERSION: ${{ inputs.aws_rds_db_engine_version }}
+        AWS_RDS_DB_CA_CERT_IDENTIFIER: ${{ inputs.aws_rds_db_ca_cert_identifier }}
         AWS_RDS_DB_SECURITY_GROUP_NAME: ${{ inputs.aws_rds_db_security_group_name }}
         AWS_RDS_DB_ALLOWED_SECURITY_GROUPS: ${{ inputs.aws_rds_db_allowed_security_groups }}
         AWS_RDS_DB_INGRESS_ALLOW_ALL: ${{ inputs.aws_rds_db_ingress_allow_all }}

diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh
@@ -167,6 +167,7 @@ if [[ $(alpha_only "$AWS_RDS_DB_ENABLE") == true ]]; then
   aws_rds_db_user=$(generate_var aws_rds_db_user $AWS_RDS_DB_USER)
   aws_rds_db_engine=$(generate_var aws_rds_db_engine $AWS_RDS_DB_ENGINE)
   aws_rds_db_engine_version=$(generate_var aws_rds_db_engine_version $AWS_RDS_DB_ENGINE_VERSION)
+  aws_rds_db_ca_cert_identifier=$(generate_var aws_rds_db_ca_cert_identifier $AWS_RDS_DB_CA_CERT_IDENTIFIER)
   aws_rds_db_security_group_name=$(generate_var aws_rds_db_security_group_name $AWS_RDS_DB_SECURITY_GROUP_NAME)
   aws_rds_db_allowed_security_groups=$(generate_var aws_rds_db_allowed_security_groups $AWS_RDS_DB_ALLOWED_SECURITY_GROUPS)
   aws_rds_db_ingress_allow_all=$(generate_var aws_rds_db_ingress_allow_all $AWS_RDS_DB_INGRESS_ALLOW_ALL)
@@ -462,6 +463,7 @@ $aws_rds_db_name
 $aws_rds_db_user
 $aws_rds_db_engine
 $aws_rds_db_engine_version
+$aws_rds_db_ca_cert_identifier
 $aws_rds_db_security_group_name
 $aws_rds_db_allowed_security_groups
 $aws_rds_db_ingress_allow_all

diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf
@@ -426,6 +426,12 @@ variable "aws_rds_db_engine_version" {
   default     = null
 }
 
+variable "aws_rds_db_ca_cert_identifier" {
+  type        = string
+  description = "Certificate to use with the database"
+  default     = "rds-ca-ecc384-g1"
+}
+
 variable "aws_rds_db_security_group_name" {
   type        = string
   description = "The name of the database security group. Defaults to SG for aws_resource_identifier - RDS"

diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -137,6 +137,7 @@ module "rds" {
   aws_rds_db_identifier                  = var.aws_rds_db_identifier != "" ? var.aws_rds_db_identifier : lower(var.aws_resource_identifier)
   aws_rds_db_engine                      = var.aws_rds_db_engine
   aws_rds_db_engine_version              = var.aws_rds_db_engine_version
+  aws_rds_db_ca_cert_identifier          = var.aws_rds_db_ca_cert_identifier
   aws_rds_db_security_group_name         = var.aws_rds_db_security_group_name
   aws_rds_db_allowed_security_groups     = var.aws_rds_db_allowed_security_groups
   aws_rds_db_ingress_allow_all           = var.aws_rds_db_ingress_allow_all

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -56,6 +56,7 @@ resource "aws_db_instance" "default" {
   identifier                       = var.aws_rds_db_identifier
   engine                           = var.aws_rds_db_engine
   engine_version                   = var.aws_rds_db_engine_version
+  ca_cert_identifier               = var.aws_rds_db_ca_cert_identifier
   db_subnet_group_name             = aws_db_subnet_group.selected.name
   db_name                          = var.aws_rds_db_name != null ? var.aws_rds_db_name : null
   port                             = var.aws_rds_db_port != null ? tonumber(var.aws_rds_db_port) : null

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds_vars.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds_vars.tf
@@ -3,6 +3,7 @@ variable "aws_rds_db_name" {}
 variable "aws_rds_db_user" {}
 variable "aws_rds_db_engine" {}
 variable "aws_rds_db_engine_version" {}
+variable "aws_rds_db_ca_cert_identifier" {}
 variable "aws_rds_db_security_group_name" {}
 variable "aws_rds_db_allowed_security_groups" {}
 variable "aws_rds_db_ingress_allow_all" {}