-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlocals.tf
98 lines (90 loc) · 4.52 KB
/
locals.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
locals {
vpc_security_group_ids = var.create_security_group ? [module.security_group[0].security_group_id] : var.vpc_security_group_ids
enabled_cloudwatch_logs_exports = ((var.engine == "mysql" || var.engine == "mariadb") && var.slow_queries.enabled) ? ["slowquery"] : (var.engine == "postgres" && var.slow_queries.enabled) ? ["postgresql"] : var.enabled_cloudwatch_logs_exports
# Cloudwatch log groups from which log based metrics are created in case slow queries are enabled
cloudwatch_log_groups = var.slow_queries.enabled ? { for type in local.enabled_cloudwatch_logs_exports : type => "/aws/rds/instance/${var.identifier}/${type}" } : {}
create_db_parameter_group = var.slow_queries.enabled ? true : var.create_db_parameter_group
parameter_group_name = local.create_db_parameter_group ? "${var.identifier}-${var.engine}" : null
postgres_slow_queries_duration = var.slow_queries.query_duration * 1000
port = (endswith(var.engine, "mysql") || endswith(var.engine, "mariadb")) ? 3306 : endswith(var.engine, "postgres") ? 5432 : var.port
default_params_mysql = [
{
name = "slow_query_log"
value = "1"
},
{
name = "log_output"
value = "FILE"
},
{
name = "long_query_time"
value = var.slow_queries.query_duration
},
]
default_params_postgres = [
{
name = "log_min_duration_statement" //This setting causes PostgreSQL to log any query that takes longer than `local.slow_queries_duration` seconds to execute. It includes both the query text and its duration.
value = local.postgres_slow_queries_duration
},
{
name = "log_statement" //This setting prevents the logging of every single SQL statement and logs those ones which correspond to parameter group's configuration.
value = "none"
},
{
name = "log_duration" //When enabled, this logs the duration of every completed statement.
value = "1"
},
]
# Maps from the default parameters for easier merging
params_mysql = { for p in local.default_params_mysql : p.name => p.value }
params_postgres = { for p in local.default_params_postgres : p.name => p.value }
# Create a map from the user parameters
user_params_map = { for p in var.parameters : p.name => p.value if p.context == "instance" }
cluster_params_map = [for p in var.parameters : p if p.context == "cluster"]
# Merge the two maps, with user parameters overriding defaults
merged_params_map = merge(
((var.engine == "mysql" || var.engine == "mariadb") && var.slow_queries.enabled) ? local.params_mysql : {},
(var.engine == "postgres" && var.slow_queries.enabled) ? local.params_postgres : {},
local.user_params_map
)
# Convert the merged map back to a list of maps
combined_parameters = [for name, value in local.merged_params_map : { name = name, value = value }]
is_aurora = startswith(var.engine, "aurora")
engine_family = (endswith(var.engine, "mysql") || endswith(var.engine, "mariadb")) ? "MYSQL" : (endswith(var.engine, "postgres") ? "POSTGRESQL" : "")
// SampleCount statistic adds 2 to the real count in case the engine is postgres, so 7 means 5 + 2
slow_queries_alert_threshold = var.engine == "postgres" ? 7 : 5
ingress_with_cidr_blocks = concat(
var.ingress_with_cidr_blocks,
var.create_security_group && var.set_vpc_security_group_rules ? [ # make cluster available within vpc private network
{
description = "${local.port} from VPC"
from_port = local.port
to_port = local.port
protocol = "tcp"
cidr_blocks = data.aws_vpc.this[0].cidr_block
}
] : [],
var.create_security_group && var.publicly_accessible ? [ # expose rds to public, NOTE: you need also to place instances on public subnets
{
description = "Accessible from everywhere"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = "0.0.0.0/0"
}
] : []
)
egress_with_cidr_blocks = concat(
var.egress_with_cidr_blocks,
var.create_security_group && var.set_vpc_security_group_rules && var.proxy.enabled ? [ # this egress rule needed for rds proxy
{
description = "${local.port} to VPC"
from_port = local.port
to_port = local.port
protocol = "tcp"
cidr_blocks = data.aws_vpc.this[0].cidr_block
}
] : [],
)
credentials_secret_arn = try(module.db[0].db_instance_master_user_secret_arn, module.db_aurora[0].cluster_master_user_secret.secret_arn, null)
}