BAU: enable RDS performance insights

Author: whi-tw

infra/deployments/forms/inputs.tf

@@ -193,6 +193,7 @@ variable "environmental_settings" {
     enable_shield_advanced_healthchecks      = bool
     allow_pagerduty_alerts                   = bool
     redis_multi_az_enabled                   = bool
+    enable_rds_performance_insights          = bool
   })
 }
 

infra/deployments/forms/rds/main.tf

@@ -20,6 +20,8 @@ module "rds" {
   seconds_until_auto_pause = var.environmental_settings.pause_databases_after_inactivity_seconds
   backup_retention_period  = var.environmental_settings.database_backup_retention_period_days
 
+  performance_insights_enabled = var.environmental_settings.enable_rds_performance_insights
+
   apps_list = {
     forms-admin = { username = "forms-admin-app" }
   }
@@ -42,6 +44,8 @@ module "forms_runner_rds" {
   seconds_until_auto_pause = var.environmental_settings.pause_databases_after_inactivity_seconds
   backup_retention_period  = var.environmental_settings.database_backup_retention_period_days
 
+  performance_insights_enabled = var.environmental_settings.enable_rds_performance_insights
+
   apps_list = {
     forms-runner       = { username = "forms-runner-app" }
     forms-runner-queue = { username = "forms-runner-app-queue" }

infra/deployments/forms/tfvars/dev.tfvars

@@ -22,6 +22,7 @@ environmental_settings = {
   enable_shield_advanced_healthchecks      = false
   allow_pagerduty_alerts                   = false
   redis_multi_az_enabled                   = false
+  enable_rds_performance_insights          = false
 }
 root_domain = "dev.forms.service.gov.uk"
 additional_dns_records = [

infra/deployments/forms/tfvars/production.tfvars

@@ -45,6 +45,7 @@ environmental_settings = {
   enable_shield_advanced_healthchecks = true
   allow_pagerduty_alerts              = true
   redis_multi_az_enabled              = true
+  enable_rds_performance_insights     = true
 }
 root_domain = "forms.service.gov.uk"
 additional_dns_records = [

infra/deployments/forms/tfvars/staging.tfvars

@@ -24,6 +24,7 @@ environmental_settings = {
   enable_shield_advanced_healthchecks = false
   allow_pagerduty_alerts              = false
   redis_multi_az_enabled              = false
+  enable_rds_performance_insights     = false
 }
 root_domain             = "staging.forms.service.gov.uk"
 additional_dns_records  = []

infra/deployments/forms/tfvars/user-research.tfvars

@@ -22,6 +22,7 @@ environmental_settings = {
   enable_shield_advanced_healthchecks      = false
   allow_pagerduty_alerts                   = false
   redis_multi_az_enabled                   = false
+  enable_rds_performance_insights          = false
 }
 root_domain             = "research.forms.service.gov.uk"
 additional_dns_records  = []

infra/modules/rds/rds.tf

@@ -57,6 +57,11 @@ resource "aws_rds_cluster" "cluster_aurora_v2" {
   backup_retention_period   = var.backup_retention_period
   deletion_protection       = true
 
+  database_insights_mode = var.performance_insights_enabled ? "advanced" : null
+
+  performance_insights_enabled          = var.performance_insights_enabled
+  performance_insights_retention_period = var.performance_insights_enabled ? 465 : null
+
   serverlessv2_scaling_configuration {
     max_capacity = var.max_capacity
     min_capacity = var.min_capacity
@@ -91,8 +96,6 @@ resource "aws_rds_cluster" "cluster_aurora_v2" {
 
 resource "aws_rds_cluster_instance" "member" {
   #checkov:skip=CKV_AWS_118:We don't currently have enhanced monitoring
-  #checkov:skip=CKV_AWS_353:We don't currently use performance insights
-  #checkov:skip=CKV_AWS_354:We don't currently use performance insights
 
   cluster_identifier = aws_rds_cluster.cluster_aurora_v2.id
   engine             = "aurora-postgresql"

infra/modules/rds/variables.tf

@@ -81,3 +81,9 @@ variable "database_identifier" {
   type        = string
   description = "The name of the database in the cluster"
 }
+
+variable "performance_insights_enabled" {
+  type        = bool
+  description = "Whether to enable Performance Insights for the RDS instance"
+  default     = false
+}