Skip to content

Commit

Permalink
Merge pull request #35 from ministryofjustice/ssl_true
Browse files Browse the repository at this point in the history
Set force_ssl, default to "true"
  • Loading branch information
vijay-veeranki authored Sep 5, 2019
2 parents 3873852 + 136978f commit 3a4e4e6
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 7 deletions.
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ The outputs of this module should allow a user to connect to the database instan

When upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`, as default is set to false.

Some engines can't apply some parameters without a reboot(ex postgres9.x cant apply force_ssl immediate), and you will need to specify "pending-reboot" here.

**IMPORTANT NOTE: From version 4.0, this module does not support Live-0 deployment. Be sure to use the previous one (3.1) is you need to deploy to Live-0.**

## Usage
Expand Down Expand Up @@ -60,10 +62,11 @@ For more details, be sure to read [this example](example/rds.tf)
| db_backup_retention_period | The days to retain backups. Must be 1 or greater to be a source for a Read Replica | string | `7` | yes
| db_iops | The amount of provisioned IOPS. Setting this implies a storage_type of io1 | string | `0` | ** Required if 'db_storage_type' is set to io1 ** |
| db_name | The name of the database to be created on the instance (if empty, it will be the generated random identifier) | string | | no |
| force_ssl | Enforce SSL connections | boolean | `false` | no |
| force_ssl | Enforce SSL connections | boolean | `true` | no |
| snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console. | string | | no |
| providers | provider (and region) creating the resources | arrays of string | default provider | no |
| rds_family | rds configuration version | string | `postgres10` | no |
| apply_method | Indicates when to apply parameter updates | string | `immediate` | no |


### Tags
Expand Down
9 changes: 6 additions & 3 deletions example/rds.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,23 +15,26 @@ variable "cluster_state_bucket" {}
*
*/
module "example_team_rds" {
source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.5"
source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=4.6"
cluster_name = "${var.cluster_name}"
cluster_state_bucket = "${var.cluster_state_bucket}"
team_name = "example-repo"
business-unit = "example-bu"
application = "exampleapp"
is-production = "false"
# change the postgres version as you see fit.
db_engine_version = "10"
db_engine_version = "10"
environment-name = "development"
infrastructure-support = "[email protected]"
force_ssl = "true"

# rds_family should be one of: postgres9.4, postgres9.5, postgres9.6, postgres10, postgres11
# Pick the one that defines the postgres version the best
rds_family = "postgres10"

# Some engines can't apply some parameters without a reboot(ex postgres9.x cant apply force_ssl immediate).
# You will need to specify "pending-reboot" here, as default is set to "immediate".
apply_method = "pending-reboot"

# use "allow_major_version_upgrade" when upgrading the major version of an engine
allow_major_version_upgrade = "true"

Expand Down
5 changes: 3 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,8 @@ resource "aws_db_parameter_group" "custom_parameters" {
family = "${var.rds_family}"

parameter {
name = "rds.force_ssl"
value = "${var.force_ssl ? 1 : 0}"
name = "rds.force_ssl"
value = "${var.force_ssl ? 1 : 0}"
apply_method = "${var.apply_method}"
}
}
7 changes: 6 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,15 @@ variable "allow_major_version_upgrade" {

variable "force_ssl" {
description = "Enforce SSL connections, set to true to enable"
default = "false"
default = "true"
}

variable "rds_family" {
description = "Maps the postgres version with the rds family, a family often covers several versions"
default = "postgres10"
}

variable "apply_method" {
description = "Indicates when to apply parameter updates, some engines can't apply some parameters without a reboot, so set to pending-reboot"
default = "immediate"
}

0 comments on commit 3a4e4e6

Please sign in to comment.