Use default ARN for monitoring if none defined

LeoDiazL · LeoDiazL · commit 8433fc25cc08 · 2025-10-03T14:56:50.000-03:00
diff --git a/action.yaml b/action.yaml
@@ -1367,9 +1367,9 @@ runs:
         AWS_RDS_DB_APPLY_IMMEDIATELY: ${{ inputs.aws_rds_db_apply_immediately }}
         AWS_RDS_DB_PERFORMANCE_INSIGHTS_ENABLE: ${{ inputs.aws_rds_db_performance_insights_enable }}
         AWS_RDS_DB_PERFORMANCE_INSIGHTS_RETENTION: ${{ inputs.aws_rds_db_performance_insights_retention }}
+        AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID: ${{ inputs.aws_rds_db_performance_insights_kms_key_id }}
         AWS_RDS_DB_MONITORING_INTERVAL: ${{ inputs.aws_rds_db_monitoring_interval }}
         AWS_RDS_DB_MONITORING_ROLE_ARN: ${{ inputs.aws_rds_db_monitoring_role_arn }}
-        AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID: ${{ inputs.aws_rds_db_performance_insights_kms_key_id }}
         AWS_RDS_DB_INSIGHTS_MODE: ${{ inputs.aws_rds_db_insights_mode }}
         AWS_RDS_DB_ALLOW_MAJOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_allow_major_version_upgrade }}
         AWS_RDS_DB_AUTO_MINOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_auto_minor_version_upgrade }}
diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -82,7 +82,7 @@ resource "aws_db_instance" "default" {
   performance_insights_kms_key_id            = var.aws_rds_db_performance_insights_enable ? var.aws_rds_db_performance_insights_kms_key_id : null
   # Updgrades
   monitoring_interval                        = var.aws_rds_db_monitoring_interval
-  monitoring_role_arn                        = var.aws_rds_db_monitoring_role_arn
+  monitoring_role_arn                        = var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : data.aws_iam_role.monitoring[0].arn
   database_insights_mode                     = var.aws_rds_db_insights_mode
   allow_major_version_upgrade                = var.aws_rds_db_allow_major_version_upgrade
   auto_minor_version_upgrade                 = var.aws_rds_db_auto_minor_version_upgrade
@@ -94,6 +94,11 @@ resource "aws_db_instance" "default" {
   }
 }
 
+data "aws_iam_role" "monitoring" {
+  count = var.aws_rds_db_monitoring_role_arn != "" ? 1 : 0
+  name  = "rds-monitoring-role"
+}
+
 // Creates a secret manager secret for the databse credentials
 resource "aws_secretsmanager_secret" "rds_database_credentials" {
   name   = "${var.aws_resource_identifier_supershort}-rdsdb-pub-${random_string.random_sm.result}"
