Add DB Proxy (#49)

* Add DB Proxy feature for both RDS and Aurora

* Fixing var naming

* Fixing "" to bool values

* Index and name changes

* Fix resource name

* Adding missing indexes due to conditionals

* Trying other approach

* Alternative #2

* Skipping check

* Fixes here and there

* Typo in var name

* 1liner

* Adding some dep

* Ignoring count for now

* lower resource id for db

* Changing input

* Fixing engine family name

* Fixing not null

* Fixing secret for proxy connection

* Fixing skip final snapshot

* Fixing var check

* Fixes

* Fixes 2

* Logic invert

* Changing the way

* fix 2

* Debug

* Output var value

* debug 2

* Not null

* Forcing deletion

* Forcing a name

* Removing

* Debugging cleanup

* Cleanup, summary fix

* Output var fix

* Lifecycle fixes

* Alternative summary out

* Option #2

Author: LeoDiazL

README.md

@@ -223,26 +223,33 @@ The following inputs can be used as `step.with` keys
 #### **RDS Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
-| `aws_rds_db_enable`| Boolean | Set to `true` to enable an RDS DB|
+| `aws_rds_db_enable`| Boolean | Set to `true` to enable an RDS DB. |
+| `aws_rds_db_proxy`| Boolean | Set to `true` to add a RDS DB Proxy. |
 | `aws_rds_db_name`| String | The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. |
+| `aws_rds_db_user`| String | Username for the db. Defaults to `dbuser`. |
 | `aws_rds_db_engine`| String | Which Database engine to use. Defaults to `postgres`. |
 | `aws_rds_db_engine_version`| String | Which Database engine version to use. |
 | `aws_rds_db_security_group_name`| String | The name of the database security group. Defaults to `SG for ${aws_resource_identifier} - RDS`. |
+| `aws_rds_db_allowed_security_groups` | String | Comma separated list of security groups to add to the DB SG. | 
+| `aws_rds_db_ingress_allow_all` | Boolean | Allow incoming traffic from 0.0.0.0/0. Defaults to `true`. |
+| `aws_rds_db_publicly_accessible` | Boolean | Allow the database to be publicly accessible. Defaults to `false`. |
 | `aws_rds_db_port`| String | Port where the DB listens to. |
 | `aws_rds_db_subnets`| String | Specify which subnets to use as a list of strings.  Example: `i-1234,i-5678,i-9101`. |
 | `aws_rds_db_allocated_storage`| String | Storage size. Defaults to `10`. |
 | `aws_rds_db_max_allocated_storage`| String | Max storage size. Defaults to `0` to disable auto-scaling. |
 | `aws_rds_db_instance_class`| String | DB instance server type. Defaults to `db.t3.micro`. |
-| `aws_rds_db_user`| String | Username for the db. Defaults to `dbuser`. |
-| `aws_rds_cloudwatch_logs_exports`| String | Set of log types to enable for exporting to CloudWatch logs. Defaults to `postgresql`. MySQL and MariaDB: `audit, error, general, slowquery`. PostgreSQL: `postgresql, upgrade`. MSSQL: `agent , error`. Oracle: `alert, audit, listener, trace`. |
-| `aws_rds_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to RDS provisioned resources.|
+| `aws_rds_db_final_snapshot` | String | If wanted, add a snapshot name. Leave emtpy if not. |
+| `aws_rds_db_restore_snapshot_identifier` | String | Name of the snapshot to create the databse from. |
+| `aws_rds_db_cloudwatch_logs_exports`| String | Set of log types to enable for exporting to CloudWatch logs. Defaults to `postgresql`. MySQL and MariaDB: `audit, error, general, slowquery`. PostgreSQL: `postgresql, upgrade`. MSSQL: `agent , error`. Oracle: `alert, audit, listener, trace`. |
+| `aws_rds_db_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to RDS provisioned resources.|
 <hr/>
 <br/>
 
 #### **Aurora Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
 | `aws_aurora_enable` | Boolean | Set to `true` to enable an [Aurora database](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html). (Postgres or MySQL). |
+| `aws_aurora_proxy`| Boolean | Set to `true` to add an Aurora DB Proxy |
 | `aws_aurora_engine` | String |  Which Database engine to use. Default is `aurora-postgresql`.|
 | `aws_aurora_engine_version` | String |  Specify database version.  More information [Postgres](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) or [MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/Welcome.html). Default is `11.17`. (Postgres) |
 | `aws_aurora_database_group_family` | String | Specify aws database group family. Default is `aurora-postgresql11`. See [this](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-parameter-group.html).|
@@ -261,6 +268,26 @@ The following inputs can be used as `step.with` keys
 <hr/>
 <br/>
 
+#### **DB Proxy Inputs**
+| Name             | Type    | Description                        |
+|------------------|---------|------------------------------------|
+| `aws_db_proxy_enable` | Boolean | Set to `true` to enable a database proxy. |
+| `aws_db_proxy_name` | String | Name of the database proxy.  Defaults to `aws_resource_identifier` |
+| `aws_db_proxy_database_id` | String |  Specify the ID of the databse to use. |
+| `aws_db_proxy_cluster` | Boolean | Set to true if you are creating this for an RDS Cluster. Defaults to `false`. |
+| `aws_db_proxy_secret_name` | String | AWS Secrets manager containing database details and credentials. | 
+| `aws_db_proxy_client_password_auth_type` | String | Overrides auth type. Using `MYSQL_NATIVE_PASSWORD`, `POSTGRES_SCRAM_SHA_256`, and `SQL_SERVER_AUTHENTICATION` depending on the database family. |
+| `aws_db_proxy_tls` | Boolean | Make TLS a requirement for connections. Defaults to `true`.|
+| `aws_db_proxy_security_group_name` | String | Name for the proxy security group. Defaults to `aws_resource_identifier`. |
+| `aws_db_proxy_database_security_group_allow` | Boolean | If true, will add an incoming rule from every security group associated with the DB. |
+| `aws_db_proxy_allowed_security_group` | String | Comma separated list fo allowed security groups to add.|
+| `aws_db_proxy_allow_all_incoming` | Boolean | Allow all incoming traffic to the DB Proxy. Mind that the proxy is only available from the internal network except manually exposed. Defaults to `ƒalse`.| 
+| `aws_db_proxy_cloudwatch_enable` | Boolean | Toggle Cloudwatch logs. Will be stored in `/aws/rds/proxy/rds_proxy.name`. |
+| `aws_db_proxy_cloudwatch_retention_days` | String | Number of days to retain cloudwatch logs. Defaults to `14`. |
+| `aws_db_proxy_additional_tags` | JSON | Add additional tags to the ter added to aurora provisioned resources.|
+<hr/>
+<br/>
+
 #### **Docker Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|

action.yaml

@@ -308,9 +308,15 @@ inputs:
   aws_rds_db_enable:
     description: 'Set to true to enable an RDS DB.'
     required: false
+  aws_rds_db_proxy:
+    description: 'Set to true to add a RDS DB Proxy'
+    required: false
   aws_rds_db_name:
     description: 'The name of the database to create when the DB instance is created.'
     required: false
+  aws_rds_db_user:
+    description: 'Username for the db. Defaults to dbuser.'
+    required: false
   aws_rds_db_engine:
     description: 'Which Database engine to use. Default is postgres'
     required: false
@@ -320,6 +326,15 @@ inputs:
   aws_rds_db_security_group_name:
     description: 'The name of the database security group. Defaults to SG for aws_resource_identifier - RDS.'
     required: false
+  aws_rds_db_allowed_security_groups:
+    description: 'Comma separated list of security groups to add to the DB SG'
+    required: false
+  aws_rds_db_ingress_allow_all:
+    description: 'Allow incoming traffic from 0.0.0.0/0.'
+    required: false
+  aws_rds_db_publicly_accessible:
+    description: 'Allow the database to be publicly accessible.'
+    required: false
   aws_rds_db_port:
     description: ' Port where the DB listens to.'
     required: false
@@ -335,20 +350,26 @@ inputs:
   aws_rds_db_instance_class:
     description: 'DB instance server type. Defaults to db.t3.micro.'
     required: false
-  aws_rds_db_user:
-    description: 'Username for the db. Defaults to dbuser.'
+  aws_rds_db_final_snapshot:
+    description: 'Generates a snapshot of the database before deletion.'
+    required: false
+  aws_rds_db_restore_snapshot_identifier:
+    description: 'Name of the snapshot to restore the database from.'
     required: false
-  aws_rds_cloudwatch_logs_exports:
+  aws_rds_db_cloudwatch_logs_exports:
     description: 'Set of log types to enable for exporting to CloudWatch logs.'
     required: false
-  aws_rds_additional_tags:
+  aws_rds_db_additional_tags:
     description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
     required: false
 
   # AWS Aurora
   aws_aurora_enable:
     description: 'Set to "true" to enable a postgres database'
     required: false
+  aws_aurora_proxy:
+    description: 'Set to true to add a RDS DB Proxy'
+    required: false
   aws_aurora_engine: 
     description: 'Which Database engine to use'
     required: false
@@ -395,6 +416,50 @@ inputs:
     description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
     required: false
 
+  # RDS Proxy
+  aws_db_proxy_enable:
+    description: 'Toggle DB Proxy creation'
+    required: false
+  aws_db_proxy_name:
+    description: 'DB Proxy name'
+    required: false
+  aws_db_proxy_database_id:
+    description: 'Database ID to create proxy for'
+    required: false
+  aws_db_proxy_cluster:
+    description: 'Define if Database is a cluster or not'
+    required: false
+  aws_db_proxy_secret_name:
+    description: 'Name of the secret containing DB parameters to connect to'
+    required: false
+  aws_db_proxy_client_password_auth_type:
+    description: 'Auth type to use, will use the following, depending on DB the family. MYSQL_NATIVE_PASSWORD, POSTGRES_SCRAM_SHA_256, and SQL_SERVER_AUTHENTICATION'
+    required: false
+  aws_db_proxy_tls:
+    description: 'Toogle TLS enforcement for connection'
+    required: false
+  aws_db_proxy_security_group_name:
+    description: 'Name for the proxy security group. Default to aws_resource_identifier if none.'
+    required: false
+  aws_db_proxy_database_security_group_allow:
+    description: 'Will add an incoming rule from every security group associated with the DB'
+    required: false
+  aws_db_proxy_allowed_security_group:
+    description: 'Comma separated list of SG Ids to add.'
+    required: false
+  aws_db_proxy_allow_all_incoming:
+    description: 'Allow all incoming traffic to the DB Proxy. Mind that the proxy is only available from the internal network except manually exposed.'
+    required: false
+  aws_db_proxy_cloudwatch_enable:
+    description: 'Toggle Cloudwatch logs. Will be stored in /aws/rds/proxy/rds_proxy.name'
+    required: false
+  aws_db_proxy_cloudwatch_retention_days:
+    description: 'Number of days to retain logs'
+    required: false
+  aws_db_proxy_additional_tags:
+    description: 'A list of strings that will be added to created resources'
+    required: false
+
   # Docker 
   docker_install: 
     description: 'Define if docker should be installed. After this, docker-compose up will be excecuted.'
@@ -676,6 +741,23 @@ outputs:
   db_secret_details_name:
     description: "ECS DNS URL"
     value: ${{ steps.deploy.outputs.db_secret_details_name }}
+  db_proxy_rds_endpoing:
+    description: "Database proxy endpoint"
+    value: ${{ steps.deploy.outputs.db_proxy_rds }}
+  # Aurora
+  aurora_db_endpoint:
+    description: "ECS ALB DNS Record"
+    value: ${{ steps.deploy.outputs.aurora_endpoint }}
+  aurora_db_secret_details_name:
+    description: "ECS DNS URL"
+    value: ${{ steps.deploy.outputs.aurora_secret_details_name }}
+  aurora_proxy_endpoint:
+    description: "Database proxy endpoint"
+    value: ${{ steps.deploy.outputs.db_proxy_aurora }}
+  # DB Proxy
+  db_proxy_endpoint:
+    description: "Database proxy endpoint"
+    value: ${{ steps.deploy.outputs.db_proxy_endpoint }}
   # ECS
   ecs_load_balancer_dns:
     description: "ECS ALB DNS Record"
@@ -819,21 +901,28 @@ runs:
 
         # AWS RDS
         AWS_RDS_DB_ENABLE: ${{ inputs.aws_rds_db_enable }}
+        AWS_RDS_DB_PROXY: ${{ inputs.aws_rds_db_proxy }}
         AWS_RDS_DB_NAME: ${{ inputs.aws_rds_db_name }}
+        AWS_RDS_DB_USER: ${{ inputs.aws_rds_db_user }}
         AWS_RDS_DB_ENGINE: ${{ inputs.aws_rds_db_engine }}
         AWS_RDS_DB_ENGINE_VERSION: ${{ inputs.aws_rds_db_engine_version }}
         AWS_RDS_DB_SECURITY_GROUP_NAME: ${{ inputs.aws_rds_db_security_group_name }}
+        AWS_RDS_DB_ALLOWED_SECURITY_GROUPS: ${{ inputs.aws_rds_db_allowed_security_groups }}
+        AWS_RDS_DB_INGRESS_ALLOW_ALL: ${{ inputs.aws_rds_db_ingress_allow_all }}
+        AWS_RDS_DB_PUBLICLY_ACCESSIBLE: ${{ inputs.aws_rds_db_publicly_accessible }}
         AWS_RDS_DB_PORT: ${{ inputs.aws_rds_db_port }}
         AWS_RDS_DB_SUBNETS: ${{ inputs.aws_rds_db_subnets }}
         AWS_RDS_DB_ALLOCATED_STORAGE: ${{ inputs.aws_rds_db_allocated_storage }}
         AWS_RDS_DB_MAX_ALLOCATED_STORAGE: ${{ inputs.aws_rds_db_max_allocated_storage }}
         AWS_RDS_DB_INSTANCE_CLASS: ${{ inputs.aws_rds_db_instance_class }}
-        AWS_RDS_DB_USER: ${{ inputs.aws_rds_db_user }}
-        AWS_RDS_CLOUDWATCH_LOGS_EXPORTS: ${{ inputs.aws_rds_cloudwatch_logs_exports }}
-        AWS_RDS_ADDITIONAL_TAGS: ${{ inputs.aws_rds_additional_tags }}
+        AWS_RDS_DB_FINAL_SNAPSHOT: ${{ inputs.aws_rds_db_final_snapshot }}
+        AWS_RDS_DB_RESTORE_SNAPSHOT_IDENTIFIER: ${{ inputs.aws_rds_db_restore_snapshot_identifier }}
+        AWS_RDS_DB_CLOUDWATCH_LOGS_EXPORTS: ${{ inputs.aws_rds_db_cloudwatch_logs_exports }}
+        AWS_RDS_DB_ADDITIONAL_TAGS: ${{ inputs.aws_rds_db_additional_tags }}
 
         # AWS AURORA
         AWS_AURORA_ENABLE: ${{ inputs.aws_aurora_enable }}
+        AWS_AURORA_PROXY: ${{ inputs.aws_aurora_proxy }}
         AWS_AURORA_ENGINE:  ${{ inputs.aws_aurora_engine }}
         AWS_AURORA_ENGINE_VERSION:  ${{ inputs.aws_aurora_engine_version }}
         AWS_AURORA_DATABASE_GROUP_FAMILY:  ${{ inputs.aws_aurora_database_group_family }}
@@ -850,6 +939,22 @@ runs:
         AWS_AURORA_DATABASE_FINAL_SNAPSHOT: ${{ inputs.aws_aurora_database_final_snapshot }}
         AWS_AURORA_ADDITIONAL_TAGS: ${{ inputs.aws_aurora_additional_tags }}
 
+        # AWS DB PROXY
+        AWS_DB_PROXY_ENABLE: ${{ inputs.aws_db_proxy_enable }}
+        AWS_DB_PROXY_NAME : ${{ inputs.aws_db_proxy_name }}
+        AWS_DB_PROXY_DATABASE_ID : ${{ inputs.aws_db_proxy_database_id }}
+        AWS_DB_PROXY_CLUSTER : ${{ inputs.aws_db_proxy_cluster }}
+        AWS_DB_PROXY_SECRET_NAME : ${{ inputs.aws_db_proxy_secret_name }}
+        AWS_DB_PROXY_CLIENT_PASSWORD_AUTH_TYPE : ${{ inputs.aws_db_proxy_client_password_auth_type }}
+        AWS_DB_PROXY_TLS : ${{ inputs.aws_db_proxy_tls }}
+        AWS_DB_PROXY_SECURITY_GROUP_NAME : ${{ inputs.aws_db_proxy_security_group_name }}
+        AWS_DB_PROXY_DATABASE_SECURITY_GROUP_ALLOW : ${{ inputs.aws_db_proxy_database_security_group_allow }}
+        AWS_DB_PROXY_ALLOWED_SECURITY_GROUP : ${{ inputs.aws_db_proxy_allowed_security_group }}
+        AWS_DB_PROXY_ALLOW_ALL_INCOMING : ${{ inputs.aws_db_proxy_allow_all_incoming }}
+        AWS_DB_PROXY_CLOUDWATCH_ENABLE : ${{ inputs.aws_db_proxy_cloudwatch_enable }}
+        AWS_DB_PROXY_CLOUDWATCH_RETENTION_DAYS : ${{ inputs.aws_db_proxy_cloudwatch_retention_days }}
+        AWS_DB_PROXY_ADDITIONAL_TAGS: ${{ inputs.aws_db_proxy_additional_tags }}
+
         # Docker
         DOCKER_INSTALL: ${{ inputs.docker_install }}
         DOCKER_REMOVE_ORPHANS: ${{ inputs.docker_remove_orphans }}
@@ -967,6 +1072,11 @@ runs:
         AWS_ELB_LISTEN_PORT: ${{ inputs.aws_elb_listen_port }}
         RDS_ENDPOINT: ${{ steps.deploy.outputs.db_endpoint }}
         RDS_SECRETS_NAME: ${{ steps.deploy.outputs.db_secret_details_name }}
+        RDS_PROXY: ${{ steps.deploy.outputs.db_proxy_rds }}
+        AURORA_ENDPOINT: ${{ steps.deploy.outputs.aurora_endpoint }}
+        AURORA_SECRETS_NAME: ${{ steps.deploy.outputs.aurora_secret_details_name }}
+        AURORA_PROXY: ${{ steps.deploy.outputs.db_proxy_aurora }}
+        DB_PROXY: ${{ steps.deploy.outputs.db_proxy_endpoint }}
         ECS_ALB_DNS: ${{ steps.deploy.outputs.ecs_load_balancer_dns }}
         ECS_DNS:  ${{ steps.deploy.outputs.ecs_dns_record }}
         ECR_REPO_ARN: ${{ steps.deploy.outputs.ecr_repository_arn }}

operations/_scripts/deploy/deploy.sh

@@ -79,6 +79,7 @@ if [[ $(alpha_only "$TF_STATE_BUCKET_DESTROY") == true ]] && ! [[ $(alpha_only "
      [[ $(alpha_only "$AWS_EFS_ENABLE") == true ]] || 
      [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]] ||
      [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]] || 
+     [[ $(alpha_only "$AWS_DB_PROXY_ENABLE") == true ]] ||
      [[ $(alpha_only "$AWS_ECR_REPO_CREATE") == true ]] ||
      [[ $(alpha_only "$AWS_EKS_CREATE") == true ]]; then 
     export TF_STATE_BUCKET_DESTROY="false"

operations/_scripts/deploy/summary.sh

@@ -13,6 +13,11 @@
 # AWS_ELB_LISTEN_PORT
 # RDS_ENDPOINT
 # RDS_SECRETS_NAME
+# RDS_PROXY
+# AURORA_ENDPOINT
+# AURORA_SECRETS_NAME
+# AURORA_PROXY
+# DB_PROXY
 # ECS_ALB_DNS
 # ECS_DNS
 # ECR_REPO_ARN
@@ -33,7 +38,9 @@
 # 9 - success, destroy infrastructure
 # 10 - success, ECR created
 # 11 - success. RDS created
-# 12 - success, ECS created
+# 12 - success, Aurora created
+# 13 - success, DB Proxy created
+# 14 - success, ECS created
 # 500 - cancelled
 
 # Function to process and return the result as a string
@@ -87,14 +94,31 @@ if [[ $SUCCESS == 'success' ]]; then
   elif [[ -n $RDS_ENDPOINT ]] && [[ -n $RDS_SECRETS_NAME ]]; then
     SUMMARY_CODE=11
     result_string="## Deploy Complete! :rocket:
-    RDS Endpoint: ${RDS_ENDPOINT}
+    RDS URL: ${RDS_ENDPOINT}
     RDS Details Secret Manager name: ${RDS_SECRETS_NAME}"
-  elif [[ -n $ECS_ALB_DNS ]] && ![[ -n $ECS_DNS ]]; then
+    if [[ -n $RDS_PROXY ]]; then
+      result_string+="
+    RDS Proxy URL: ${RDS_PROXY}"
+    fi
+  elif [[ -n $AURORA_ENDPOINT ]] && [[ -n $AURORA_SECRETS_NAME ]]; then
     SUMMARY_CODE=12
     result_string="## Deploy Complete! :rocket:
+    Aurora URL: ${AURORA_ENDPOINT}
+    Aurora Details Secret Manager name: ${AURORA_SECRETS_NAME}"
+    if [[ -n $AURORA_PROXY ]]; then
+      result_string+="
+      Aurora Proxy URL: ${AURORA_PROXY}"
+    fi
+  elif [[ -n $DB_PROXY ]]; then
+    SUMMARY_CODE=13
+    result_string="## Deploy Complete! :rocket:
+    DB Proxy URL: ${DB_PROXY}"
+  elif [[ -n $ECS_ALB_DNS ]] && ![[ -n $ECS_DNS ]]; then
+    SUMMARY_CODE=14
+    result_string="## Deploy Complete! :rocket:
     ECS LB Endpoint: ${ECS_ALB_DNS}"
   elif [[ -n $ECS_ALB_DNS ]] && [[ -n $ECS_DNS ]]; then
-    SUMMARY_CODE=12
+    SUMMARY_CODE=14
     result_string="## Deploy Complete! :rocket:
     ECS LB Endpoing: ${ECS_ALB_DNS}
     ECS Public DNS: ${ECS_DNS}"

operations/_scripts/generate/generate_bitops_config.sh

@@ -81,7 +81,8 @@ if ([[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]] ||
     [[ $(alpha_only "$AWS_EFS_ENABLE") == true ]] ||
     [[ $(alpha_only "$AWS_AURORA_ENABLE") == true ]] ||
     [[ $(alpha_only "$AWS_RDS_DB_ENABLE") == true ]] ||
-    [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]]) && 
+    [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]] ||
+    [[ $(alpha_only "$AWS_DB_PROXY_ENABLE") == true ]]) && 
     [[ "$(alpha_only $TF_STACK_DESTROY)" != "true" ]]; then
   # random_integer.az_select needs to be created before the "full stack" to avoid a potential state dependency locks
   targets="$targets
@@ -130,7 +131,7 @@ bitops:
       create_bitops_terraform_config aws false targets
     fi
   else
-    if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") != "" ]] || [[ $(alpha_only "$AWS_EFS_ENABLE") != "" ]] || [[ "$AWS_AURORA_ENABLE" != "" ]] || [[ "$AWS_RDS_DB_ENABLE" != "" ]] || [[ "$AWS_ECS_ENABLE" != "" ]]; then
+    if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") != "" ]] || [[ $(alpha_only "$AWS_EFS_ENABLE") != "" ]] || [[ "$AWS_AURORA_ENABLE" != "" ]] || [[ "$AWS_RDS_DB_ENABLE" != "" ]] || [[ "$AWS_ECS_ENABLE" != "" ]] || [[ "$AWS_RDS_PROXY_ENABLE" != "" ]]; then
       add_terraform_module aws
       create_bitops_terraform_config aws true targets
     fi

operations/_scripts/generate/generate_provider.sh

@@ -66,7 +66,7 @@ provider \"aws\" {
 done
 }
 
-generate_provider_aws aws ec2,r53,elb,efs,vpc,rds,aurora,ecs
+generate_provider_aws aws ec2,r53,elb,efs,vpc,rds,aurora,ecs,db_proxy
 generate_provider_aws ecr ecr
 generate_provider_aws eks