[aurora-postgres] add intra_security_group_traffic_enabled (#876)

Co-authored-by: cloudpossebot <[email protected]>
cloudposse · Oct 16, 2023 · b4365db · b4365db
1 parent 8ceb111
commit b4365db
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 33 deletions.
diff --git a/modules/aurora-postgres/README.md b/modules/aurora-postgres/README.md
@@ -317,6 +317,7 @@ components:
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `false` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EC2 instance type for Postgres cluster | `string` | n/a | yes |
+| <a name="input_intra_security_group_traffic_enabled"></a> [intra\_security\_group\_traffic\_enabled](#input\_intra\_security\_group\_traffic\_enabled) | Whether to allow traffic between resources inside the database's security group. | `bool` | `false` | no |
 | <a name="input_kms_alias_name_ssm"></a> [kms\_alias\_name\_ssm](#input\_kms\_alias\_name\_ssm) | KMS alias name for SSM | `string` | `"alias/aws/ssm"` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |

diff --git a/modules/aurora-postgres/cluster-regional.tf b/modules/aurora-postgres/cluster-regional.tf
@@ -17,39 +17,40 @@ module "aurora_postgres_cluster" {
   admin_user     = local.admin_user
   admin_password = local.admin_password
 
-  db_name                             = local.database_name
-  publicly_accessible                 = var.publicly_accessible
-  db_port                             = var.database_port
-  vpc_id                              = local.vpc_id
-  subnets                             = local.private_subnet_ids
-  zone_id                             = local.zone_id
-  cluster_dns_name                    = local.cluster_dns_name
-  reader_dns_name                     = local.reader_dns_name
-  security_groups                     = local.allowed_security_groups
-  allowed_cidr_blocks                 = local.allowed_cidr_blocks
-  iam_database_authentication_enabled = var.iam_database_authentication_enabled
-  storage_encrypted                   = var.storage_encrypted
-  kms_key_arn                         = var.storage_encrypted ? module.kms_key_rds.key_arn : null
-  performance_insights_kms_key_id     = var.performance_insights_enabled ? module.kms_key_rds.key_arn : null
-  maintenance_window                  = var.maintenance_window
-  enabled_cloudwatch_logs_exports     = var.enabled_cloudwatch_logs_exports
-  enhanced_monitoring_role_enabled    = var.enhanced_monitoring_role_enabled
-  enhanced_monitoring_attributes      = var.enhanced_monitoring_attributes
-  performance_insights_enabled        = var.performance_insights_enabled
-  rds_monitoring_interval             = var.rds_monitoring_interval
-  autoscaling_enabled                 = var.autoscaling_enabled
-  autoscaling_policy_type             = var.autoscaling_policy_type
-  autoscaling_target_metrics          = var.autoscaling_target_metrics
-  autoscaling_target_value            = var.autoscaling_target_value
-  autoscaling_scale_in_cooldown       = var.autoscaling_scale_in_cooldown
-  autoscaling_scale_out_cooldown      = var.autoscaling_scale_out_cooldown
-  autoscaling_min_capacity            = var.autoscaling_min_capacity
-  autoscaling_max_capacity            = var.autoscaling_max_capacity
-  scaling_configuration               = var.scaling_configuration
-  serverlessv2_scaling_configuration  = var.serverlessv2_scaling_configuration
-  skip_final_snapshot                 = var.skip_final_snapshot
-  deletion_protection                 = var.deletion_protection
-  snapshot_identifier                 = var.snapshot_identifier
+  db_name                              = local.database_name
+  publicly_accessible                  = var.publicly_accessible
+  db_port                              = var.database_port
+  vpc_id                               = local.vpc_id
+  subnets                              = local.private_subnet_ids
+  zone_id                              = local.zone_id
+  cluster_dns_name                     = local.cluster_dns_name
+  reader_dns_name                      = local.reader_dns_name
+  security_groups                      = local.allowed_security_groups
+  intra_security_group_traffic_enabled = var.intra_security_group_traffic_enabled
+  allowed_cidr_blocks                  = local.allowed_cidr_blocks
+  iam_database_authentication_enabled  = var.iam_database_authentication_enabled
+  storage_encrypted                    = var.storage_encrypted
+  kms_key_arn                          = var.storage_encrypted ? module.kms_key_rds.key_arn : null
+  performance_insights_kms_key_id      = var.performance_insights_enabled ? module.kms_key_rds.key_arn : null
+  maintenance_window                   = var.maintenance_window
+  enabled_cloudwatch_logs_exports      = var.enabled_cloudwatch_logs_exports
+  enhanced_monitoring_role_enabled     = var.enhanced_monitoring_role_enabled
+  enhanced_monitoring_attributes       = var.enhanced_monitoring_attributes
+  performance_insights_enabled         = var.performance_insights_enabled
+  rds_monitoring_interval              = var.rds_monitoring_interval
+  autoscaling_enabled                  = var.autoscaling_enabled
+  autoscaling_policy_type              = var.autoscaling_policy_type
+  autoscaling_target_metrics           = var.autoscaling_target_metrics
+  autoscaling_target_value             = var.autoscaling_target_value
+  autoscaling_scale_in_cooldown        = var.autoscaling_scale_in_cooldown
+  autoscaling_scale_out_cooldown       = var.autoscaling_scale_out_cooldown
+  autoscaling_min_capacity             = var.autoscaling_min_capacity
+  autoscaling_max_capacity             = var.autoscaling_max_capacity
+  scaling_configuration                = var.scaling_configuration
+  serverlessv2_scaling_configuration   = var.serverlessv2_scaling_configuration
+  skip_final_snapshot                  = var.skip_final_snapshot
+  deletion_protection                  = var.deletion_protection
+  snapshot_identifier                  = var.snapshot_identifier
 
   cluster_parameters = [
     {

diff --git a/modules/aurora-postgres/variables.tf b/modules/aurora-postgres/variables.tf
@@ -329,3 +329,9 @@ variable "serverlessv2_scaling_configuration" {
   default     = null
   description = "Nested attribute with scaling properties for ServerlessV2. Only valid when `engine_mode` is set to `provisioned.` This is required for Serverless v2"
 }
+
+variable "intra_security_group_traffic_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether to allow traffic between resources inside the database's security group."
+}