xoap-io · Imiler · Apr 7, 2025 · Apr 7, 2025
diff --git a/README.md b/README.md
@@ -136,15 +136,16 @@ Please be aware that this is mainly a copy operation which means all your curren
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_backup"></a> [backup](#input\_backup) | The backup configuration for the RDS instance | <pre>object({<br>    enabled        = bool<br>    retention_days = number<br>  })</pre> | n/a | yes |
-| <a name="input_context"></a> [context](#input\_context) | Default context for naming and tagging purpose | <pre>object({<br>    organization = string<br>    environment  = string<br>    account      = string<br>    product      = string<br>    tags         = map(string)<br>  })</pre> | n/a | yes |
+| <a name="input_backup"></a> [backup](#input\_backup) | The backup configuration for the RDS instance | <pre>object({<br/>    enabled        = bool<br/>    retention_days = number<br/>  })</pre> | n/a | yes |
+| <a name="input_backup_kms_key"></a> [backup\_kms\_key](#input\_backup\_kms\_key) | The  backup kms key for AWS RDS | `string` | n/a | yes |
+| <a name="input_context"></a> [context](#input\_context) | Default context for naming and tagging purpose | <pre>object({<br/>    organization = string<br/>    environment  = string<br/>    account      = string<br/>    product      = string<br/>    tags         = map(string)<br/>  })</pre> | n/a | yes |
 | <a name="input_enable_performance_insights"></a> [enable\_performance\_insights](#input\_enable\_performance\_insights) | Whether to enable Performance Insights | `bool` | n/a | yes |
-| <a name="input_instance"></a> [instance](#input\_instance) | The RDS instance to create | <pre>object({<br>    type                 = string<br>    engine               = string<br>    engine_version       = string<br>    major_engine_version = string<br>    family               = string<br>    multi_az             = bool<br>    publicly_accessible  = bool<br>    deletion_protection  = bool<br>    allow_upgrades       = bool<br>    port                 = number<br>  })</pre> | n/a | yes |
-| <a name="input_logging"></a> [logging](#input\_logging) | The logging configuration for the RDS instance | <pre>object({<br>    enabled = bool<br>    types   = set(string)<br>  })</pre> | n/a | yes |
+| <a name="input_instance"></a> [instance](#input\_instance) | The RDS instance to create | <pre>object({<br/>    type                 = string<br/>    engine               = string<br/>    engine_version       = string<br/>    major_engine_version = string<br/>    family               = string<br/>    multi_az             = bool<br/>    publicly_accessible  = bool<br/>    deletion_protection  = bool<br/>    allow_upgrades       = bool<br/>    port                 = number<br/>  })</pre> | n/a | yes |
+| <a name="input_logging"></a> [logging](#input\_logging) | The logging configuration for the RDS instance | <pre>object({<br/>    enabled = bool<br/>    types   = set(string)<br/>  })</pre> | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | The name of the RDS instance | `string` | n/a | yes |
 | <a name="input_parameters"></a> [parameters](#input\_parameters) | The parameters to pass to the RDS instance | `map(string)` | n/a | yes |
-| <a name="input_storage"></a> [storage](#input\_storage) | The storage configuration for the RDS instance | <pre>object({<br>    max_allocated_storage = number<br>    allocated_storage     = number<br>    kms_arn               = string<br>  })</pre> | n/a | yes |
-| <a name="input_vpc"></a> [vpc](#input\_vpc) | The VPC to create the RDS instance in | <pre>object({<br>    id              = string<br>    subnets         = list(string)<br>    security_groups = list(string)<br>  })</pre> | n/a | yes |
+| <a name="input_storage"></a> [storage](#input\_storage) | The storage configuration for the RDS instance | <pre>object({<br/>    max_allocated_storage = number<br/>    allocated_storage     = number<br/>    kms_arn               = string<br/>  })</pre> | n/a | yes |
+| <a name="input_vpc"></a> [vpc](#input\_vpc) | The VPC to create the RDS instance in | <pre>object({<br/>    id              = string<br/>    subnets         = list(string)<br/>    security_groups = list(string)<br/>  })</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -50,34 +50,36 @@ resource "aws_db_option_group" "this" {
   }
 }
 resource "aws_db_instance" "this" {
-  engine                              = var.instance.engine
-  engine_version                      = var.instance.engine_version
-  instance_class                      = var.instance.type
-  identifier                          = module.this_label.id
-  username                            = local.admin_user
-  password                            = random_password.this.result
-  skip_final_snapshot                 = false
-  allocated_storage                   = var.storage.allocated_storage
-  max_allocated_storage               = var.storage.max_allocated_storage
-  storage_encrypted                   = var.storage.kms_arn != ""
-  kms_key_id                          = var.storage.kms_arn
-  final_snapshot_identifier           = module.this_label_snapshot.id
-  multi_az                            = var.instance.multi_az
-  publicly_accessible                 = var.instance.publicly_accessible
-  deletion_protection                 = var.instance.deletion_protection
-  auto_minor_version_upgrade          = var.instance.allow_upgrades
-  allow_major_version_upgrade         = true
-  db_subnet_group_name                = aws_db_subnet_group.this.id
-  parameter_group_name                = aws_db_parameter_group.this.id
-  option_group_name                   = aws_db_option_group.this.id
-  maintenance_window                  = var.backup.enabled == true ? "Mon:00:00-Mon:03:00" : null
-  backup_window                       = var.backup.enabled == true ? "03:00-06:00" : null
-  backup_retention_period             = var.backup.enabled == true ? var.backup.retention_days : 0
+  engine                      = var.instance.engine
+  engine_version              = var.instance.engine_version
+  instance_class              = var.instance.type
+  identifier                  = module.this_label.id
+  username                    = local.admin_user
+  password                    = random_password.this.result
+  skip_final_snapshot         = false
+  allocated_storage           = var.storage.allocated_storage
+  max_allocated_storage       = var.storage.max_allocated_storage
+  storage_encrypted           = var.storage.kms_arn != ""
+  kms_key_id                  = var.storage.kms_arn
+  final_snapshot_identifier   = module.this_label_snapshot.id
+  multi_az                    = var.instance.multi_az
+  publicly_accessible         = var.instance.publicly_accessible
+  deletion_protection         = var.instance.deletion_protection
+  auto_minor_version_upgrade  = var.instance.allow_upgrades
+  allow_major_version_upgrade = true
+  db_subnet_group_name        = aws_db_subnet_group.this.id
+  parameter_group_name        = aws_db_parameter_group.this.id
+  option_group_name           = aws_db_option_group.this.id
+  maintenance_window          = var.backup.enabled == true ? "Mon:00:00-Mon:03:00" : null
+  backup_window               = var.backup.enabled == true ? "03:00-06:00" : null
+  backup_retention_period     = var.backup.enabled == true ? var.backup.retention_days : 0
+
   vpc_security_group_ids              = var.vpc.security_groups
   performance_insights_enabled        = var.enable_performance_insights
   apply_immediately                   = true
   iam_database_authentication_enabled = true
-  enabled_cloudwatch_logs_exports     = var.logging.types
+  enabled_cloudwatch_logs_exports     = var.instance.engine == "mariadb" ? ["audit", "error", "general", "slowquery"] : var.instance.engine == "postgres" ? ["postgresql", "upgrade"] : []
+
   tags = {
     Name        = module.this_label.id
     Restriction = "Restricted"

diff --git a/variables.tf b/variables.tf
@@ -33,6 +33,10 @@ variable "storage" {
   })
   description = "The storage configuration for the RDS instance"
 }
+variable "backup_kms_key" {
+  type        = string
+  description = "The  backup kms key for AWS RDS"
+}
 variable "backup" {
   type = object({
     enabled        = bool