From c814b06ed3bfd6adf6c9e791bbd93a6e579cafbc Mon Sep 17 00:00:00 2001
From: Loren Yu <loren@navapbc.com>
Date: Mon, 27 Nov 2023 10:39:25 -0800
Subject: [PATCH] Enable db query logging (#479)

* Attach cluster parameter group to db cluster

## Context

We [created a cluster parameter group in the database
module](https://github.com/navapbc/template-infra/blob/5dedfb0a4618a6302741ab25ed8be0d872cc075c/infra/modules/database/main.tf#L71-L87)
but never attached it to the db cluster resource, so the db cluster
didn't pick up the parameters. This means that query logging was never
enabled. This change attaches the parameter group to the cluster which
enables query logging.
---
 infra/modules/database/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infra/modules/database/main.tf b/infra/modules/database/main.tf
index 79e62e0cf..572e0863f 100644
--- a/infra/modules/database/main.tf
+++ b/infra/modules/database/main.tf
@@ -31,6 +31,8 @@ resource "aws_rds_cluster" "db" {
   storage_encrypted           = true
   kms_key_id                  = aws_kms_key.db.arn
 
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.rds_query_logging.name
+
   # checkov:skip=CKV_AWS_128:Auth decision needs to be ironed out
   # checkov:skip=CKV_AWS_162:Auth decision needs to be ironed out
   iam_database_authentication_enabled = true