Enhanced monitoring for RDS (#101)

* Adding Enhanced monitoring
* Use default ARN for monitoring if none defined

Author: LeoDiazL

README.md

@@ -291,6 +291,8 @@ The following inputs can be used as `step.with` keys
 | `aws_rds_db_performance_insights_enable` | Boolean | Enables performance insights for the database. Defaults to `false`. |
 | `aws_rds_db_performance_insights_retention` | String | KMS key ID to use for encrypting performance insights data. |
 | `aws_rds_db_performance_insights_kms_key_id` | String | Number of days to retain performance insights data. Defaults to `7`. |
+| `aws_rds_db_monitoring_interval` | String | The interval, in seconds, between points when metrics are collected. Defaults to `0` (disabled). Valid values are `0,1,5,10,15,30,60`. |
+| `aws_rds_db_monitoring_role_arn` | String | The ARN of the IAM role that provides access to the Enhanced Monitoring metrics. If empty will use the standard `rds-monitoring-role`. |
 | `aws_rds_db_insights_mode` | String | The mode for Performance Insights. Could be `standard` (default) or `advanced`. |
 | `aws_rds_db_allow_major_version_upgrade` | Boolean | Indicates that major version upgrades are allowed. Defaults to `false`. |
 | `aws_rds_db_auto_minor_version_upgrade` | Boolean | Indicates that minor version upgrades are allowed. Defaults to `true`. |

action.yaml

@@ -480,6 +480,12 @@ inputs:
   aws_rds_db_performance_insights_kms_key_id:
     description: 'KMS key ID to use for encrypting performance insights data.'
     required: false
+  aws_rds_db_monitoring_interval:
+    description: 'The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable, set to 0.'
+    required: false
+  aws_rds_db_monitoring_role_arn:
+    description: 'The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs.'
+    required: false
   aws_rds_db_insights_mode:
     description: 'The mode for Performance Insights.'
     required: false
@@ -1362,6 +1368,8 @@ runs:
         AWS_RDS_DB_PERFORMANCE_INSIGHTS_ENABLE: ${{ inputs.aws_rds_db_performance_insights_enable }}
         AWS_RDS_DB_PERFORMANCE_INSIGHTS_RETENTION: ${{ inputs.aws_rds_db_performance_insights_retention }}
         AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID: ${{ inputs.aws_rds_db_performance_insights_kms_key_id }}
+        AWS_RDS_DB_MONITORING_INTERVAL: ${{ inputs.aws_rds_db_monitoring_interval }}
+        AWS_RDS_DB_MONITORING_ROLE_ARN: ${{ inputs.aws_rds_db_monitoring_role_arn }}
         AWS_RDS_DB_INSIGHTS_MODE: ${{ inputs.aws_rds_db_insights_mode }}
         AWS_RDS_DB_ALLOW_MAJOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_allow_major_version_upgrade }}
         AWS_RDS_DB_AUTO_MINOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_auto_minor_version_upgrade }}

operations/_scripts/generate/generate_vars_terraform.sh

@@ -208,6 +208,8 @@ if [[ $(alpha_only "$AWS_RDS_DB_ENABLE") == true ]]; then
   aws_rds_db_performance_insights_enable=$(generate_var aws_rds_db_performance_insights_enable $AWS_RDS_DB_PERFORMANCE_INSIGHTS_ENABLE)
   aws_rds_db_performance_insights_retention=$(generate_var aws_rds_db_performance_insights_retention $AWS_RDS_DB_PERFORMANCE_INSIGHTS_RETENTION)
   aws_rds_db_performance_insights_kms_key_id=$(generate_var aws_rds_db_performance_insights_kms_key_id $AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID)
+  aws_rds_db_monitoring_interval=$(generate_var aws_rds_db_monitoring_interval $AWS_RDS_DB_MONITORING_INTERVAL)
+  aws_rds_db_monitoring_role_arn=$(generate_var aws_rds_db_monitoring_role_arn $AWS_RDS_DB_MONITORING_ROLE_ARN)
   aws_rds_db_insights_mode=$(generate_var aws_rds_db_insights_mode $AWS_RDS_DB_INSIGHTS_MODE)
   aws_rds_db_allow_major_version_upgrade=$(generate_var aws_rds_db_allow_major_version_upgrade $AWS_RDS_DB_ALLOW_MAJOR_VERSION_UPGRADE)
   aws_rds_db_auto_minor_version_upgrade=$(generate_var aws_rds_db_auto_minor_version_upgrade $AWS_RDS_DB_AUTO_MINOR_VERSION_UPGRADE)
@@ -575,6 +577,8 @@ $aws_rds_db_apply_immediately
 $aws_rds_db_performance_insights_enable
 $aws_rds_db_performance_insights_retention
 $aws_rds_db_performance_insights_kms_key_id
+$aws_rds_db_monitoring_interval
+$aws_rds_db_monitoring_role_arn
 $aws_rds_db_insights_mode
 $aws_rds_db_allow_major_version_upgrade
 $aws_rds_db_auto_minor_version_upgrade

operations/deployment/terraform/aws/aws_variables.tf

@@ -731,6 +731,18 @@ variable "aws_rds_db_performance_insights_kms_key_id" {
   default     = ""
 }
 
+variable "aws_rds_db_monitoring_interval" {
+  type        = string
+  description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting specify 0."
+  default     = "0"
+}
+
+variable "aws_rds_db_monitoring_role_arn" {
+  type        = string
+  description = "The ARN of the IAM role that provides access to the Enhanced Monitoring metrics."
+  default     = ""
+}
+
 variable "aws_rds_db_insights_mode" {
   type        = string
   description = "The mode for Performance Insights."

operations/deployment/terraform/aws/bitovi_main.tf

@@ -194,6 +194,8 @@ module "rds" {
   aws_rds_db_performance_insights_enable     = var.aws_rds_db_performance_insights_enable
   aws_rds_db_performance_insights_retention  = var.aws_rds_db_performance_insights_retention
   aws_rds_db_performance_insights_kms_key_id = var.aws_rds_db_performance_insights_kms_key_id
+  aws_rds_db_monitoring_interval             = var.aws_rds_db_monitoring_interval
+  aws_rds_db_monitoring_role_arn             = var.aws_rds_db_monitoring_role_arn
   aws_rds_db_insights_mode                   = var.aws_rds_db_insights_mode
   aws_rds_db_allow_major_version_upgrade     = var.aws_rds_db_allow_major_version_upgrade
   aws_rds_db_auto_minor_version_upgrade      = var.aws_rds_db_auto_minor_version_upgrade

operations/deployment/terraform/modules/aws/rds/aws_rds.tf

@@ -81,6 +81,8 @@ resource "aws_db_instance" "default" {
   performance_insights_retention_period      = var.aws_rds_db_performance_insights_enable ? var.aws_rds_db_performance_insights_retention : null
   performance_insights_kms_key_id            = var.aws_rds_db_performance_insights_enable ? var.aws_rds_db_performance_insights_kms_key_id : null
   # Updgrades
+  monitoring_interval                        = var.aws_rds_db_monitoring_interval
+  monitoring_role_arn                        = var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : data.aws_iam_role.monitoring[0].arn
   database_insights_mode                     = var.aws_rds_db_insights_mode
   allow_major_version_upgrade                = var.aws_rds_db_allow_major_version_upgrade
   auto_minor_version_upgrade                 = var.aws_rds_db_auto_minor_version_upgrade
@@ -92,6 +94,11 @@ resource "aws_db_instance" "default" {
   }
 }
 
+data "aws_iam_role" "monitoring" {
+  count = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  name  = "rds-monitoring-role"
+}
+
 // Creates a secret manager secret for the databse credentials
 resource "aws_secretsmanager_secret" "rds_database_credentials" {
   name   = "${var.aws_resource_identifier_supershort}-rdsdb-pub-${random_string.random_sm.result}"

operations/deployment/terraform/modules/aws/rds/aws_rds_vars.tf

@@ -25,6 +25,8 @@ variable "aws_rds_db_apply_immediately" {}
 variable "aws_rds_db_performance_insights_enable" {}
 variable "aws_rds_db_performance_insights_retention" {}
 variable "aws_rds_db_performance_insights_kms_key_id" {}
+variable "aws_rds_db_monitoring_interval" {}
+variable "aws_rds_db_monitoring_role_arn" {}
 variable "aws_rds_db_insights_mode" {}
 variable "aws_rds_db_allow_major_version_upgrade" {}
 variable "aws_rds_db_auto_minor_version_upgrade" {}