Add performance insights for DB's (Aurora and RDS)

README.md

@@ -288,6 +288,15 @@ The following inputs can be used as `step.with` keys
 | `aws_rds_db_multi_az` | Boolean| Specifies if the RDS instance is multi-AZ. Defaults to `false`. |
 | `aws_rds_db_maintenance_window` | String | The window to perform maintenance in. Eg: `Mon:00:00-Mon:03:00` |
 | `aws_rds_db_apply_immediately` | Boolean | Specifies whether any database modifications are applied immediately, or during the next maintenance window. Defaults to `false`.|
+| `aws_rds_db_performance_insights_enable` | Boolean | Enables performance insights for the database. Defaults to `false`. |
+| `aws_rds_db_performance_insights_retention` | String | KMS key ID to use for encrypting performance insights data. |
+| `aws_rds_db_performance_insights_kms_key_id` | String | Number of days to retain performance insights data. Defaults to `7`. |
+| `aws_rds_db_insights_mode` | String | The mode for Performance Insights. Could be `standard` (default) or `advanced`. |
+| `aws_rds_db_allow_major_version_upgrade` | Boolean | Indicates that major version upgrades are allowed. Defaults to `false`. |
+| `aws_rds_db_auto_minor_version_upgrade` | Boolean | Indicates that minor version upgrades are allowed. Defaults to `true`. |
+| `aws_rds_db_backup_retention_period` | String | The number of days to retain backups for. Must be between 0 (disabled) and 35. Defaults to `0`. |
+| `aws_rds_db_backup_window` | String | The window during which backups are taken. Eg: `"09:46-10:16"`. |
+| `aws_rds_db_copy_tags_to_snapshot` | Boolean | Indicates whether to copy tags to snapshots. Defaults to `false`. |
 | `aws_rds_db_additional_tags` | JSON | Add additional tags to the terraform [default tags](https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider), any tags put here will be added to RDS provisioned resources.|
 <hr/>
 <br/>
@@ -344,6 +353,9 @@ The following inputs can be used as `step.with` keys
 | `aws_aurora_db_ca_cert_identifier` | String | Certificate to use with the database. Defaults to `rds-ca-ecc384-g1`. |
 | `aws_aurora_db_maintenance_window` | String | Maintenance window. |
 | `aws_aurora_db_publicly_accessible` | Boolean | Make database publicly accessible. Defaults to `false`. | 
+| `aws_aurora_performance_insights_enable`| Boolean | Enables performance insights for the database. Defaults to false. |
+| `aws_aurora_performance_insights_kms_key_id`| String | KMS key ID to use for encrypting performance insights data. |
+| `aws_aurora_performance_insights_retention`| String | Number of days to retain performance insights data. Defaults to 7. |
 | `aws_aurora_additional_tags` | JSON | A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`. |
 <hr/>
 <br/>

action.yaml

@@ -471,6 +471,33 @@ inputs:
   aws_rds_db_apply_immediately:
     description: 'Specifies whether any database modifications are applied immediately, or during the next maintenance window'
     required: false
+  aws_rds_db_performance_insights_enable:
+    description: 'Enables performance insights for the database. Defaults to false.'
+    required: false
+  aws_rds_db_performance_insights_retention:
+    description: 'Number of days to retain performance insights data. Defaults to 7.'
+    required: false
+  aws_rds_db_performance_insights_kms_key_id:
+    description: 'KMS key ID to use for encrypting performance insights data.'
+    required: false
+  aws_rds_db_insights_mode:
+    description: 'The mode for Performance Insights.'
+    required: false
+  aws_rds_db_allow_major_version_upgrade:
+    description: 'Indicates that major version upgrades are allowed.'
+    required: false
+  aws_rds_db_auto_minor_version_upgrade:
+    description: 'Indicates that minor version upgrades are allowed.'
+    required: false
+  aws_rds_db_backup_retention_period:
+    description: 'The number of days to retain backups for. Must be between 0 (disabled) and 35.'
+    required: false
+  aws_rds_db_backup_window:
+    description: 'The window during which backups are taken.'
+    required: false
+  aws_rds_db_copy_tags_to_snapshot:
+    description: 'Indicates whether to copy tags to snapshots.'
+    required: false
   aws_rds_db_additional_tags:
     description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
     required: false
@@ -611,6 +638,15 @@ inputs:
   aws_aurora_db_maintenance_window:
     description: 'Maintenance window.'
     required: false
+  aws_aurora_performance_insights_enable:
+    description: 'Enables performance insights for the database. Defaults to false.'
+    required: false
+  aws_aurora_performance_insights_kms_key_id:
+    description: 'KMS key ID to use for encrypting performance insights data.'
+    required: false
+  aws_aurora_performance_insights_retention:
+    description: 'Number of days to retain performance insights data. Defaults to 7.'
+    required: false
   aws_aurora_additional_tags:
     description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
     required: false
@@ -1323,6 +1359,15 @@ runs:
         AWS_RDS_DB_MULTI_AZ: ${{ inputs.aws_rds_db_multi_az }}
         AWS_RDS_DB_MAINTENANCE_WINDOWS: ${{ inputs.aws_rds_db_maintenance_window }}
         AWS_RDS_DB_APPLY_IMMEDIATELY: ${{ inputs.aws_rds_db_apply_immediately }}
+        AWS_RDS_DB_PERFORMANCE_INSIGHTS_ENABLE: ${{ inputs.aws_rds_db_performance_insights_enable }}
+        AWS_RDS_DB_PERFORMANCE_INSIGHTS_RETENTION: ${{ inputs.aws_rds_db_performance_insights_retention }}
+        AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID: ${{ inputs.aws_rds_db_performance_insights_kms_key_id }}
+        AWS_RDS_DB_INSIGHTS_MODE: ${{ inputs.aws_rds_db_insights_mode }}
+        AWS_RDS_DB_ALLOW_MAJOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_allow_major_version_upgrade }}
+        AWS_RDS_DB_AUTO_MINOR_VERSION_UPGRADE: ${{ inputs.aws_rds_db_auto_minor_version_upgrade }}
+        AWS_RDS_DB_BACKUP_RETENTION_PERIOD: ${{ inputs.aws_rds_db_backup_retention_period }}
+        AWS_RDS_DB_BACKUP_WINDOW: ${{ inputs.aws_rds_db_backup_window }}
+        AWS_RDS_DB_COPY_TAGS_TO_SNAPSHOT: ${{ inputs.aws_rds_db_copy_tags_to_snapshot }}
         AWS_RDS_DB_ADDITIONAL_TAGS: ${{ inputs.aws_rds_db_additional_tags }}
 
         # AWS AURORA
@@ -1370,6 +1415,9 @@ runs:
         AWS_AURORA_DB_APPLY_IMMEDIATELY: ${{ inputs.aws_aurora_db_apply_immediately }}
         AWS_AURORA_DB_CA_CERT_IDENTIFIER: ${{ inputs.aws_aurora_db_ca_cert_identifier }}
         AWS_AURORA_DB_MAINTENANCE_WINDOW: ${{ inputs.aws_aurora_db_maintenance_window }}
+        AWS_AURORA_PERFORMANCE_INSIGHTS_ENABLE: ${{ inputs.aws_aurora_performance_insights_enable }}
+        AWS_AURORA_PERFORMANCE_INSIGHTS_KMS_KEY_ID: ${{ inputs.aws_aurora_performance_insights_kms_key_id }}
+        AWS_AURORA_PERFORMANCE_INSIGHTS_RETENTION: ${{ inputs.aws_aurora_performance_insights_retention }}
         AWS_AURORA_ADDITIONAL_TAGS: ${{ inputs.aws_aurora_additional_tags }}
 
         # AWS DB PROXY

operations/_scripts/generate/generate_vars_terraform.sh

@@ -205,6 +205,15 @@ if [[ $(alpha_only "$AWS_RDS_DB_ENABLE") == true ]]; then
   aws_rds_db_multi_az=$(generate_var aws_rds_db_multi_az $AWS_RDS_DB_MULTI_AZ)
   aws_rds_db_maintenance_window=$(generate_var aws_rds_db_maintenance_window $AWS_RDS_DB_MAINTENANCE_WINDOWS)
   aws_rds_db_apply_immediately=$(generate_var aws_rds_db_apply_immediately $AWS_RDS_DB_APPLY_IMMEDIATELY)
+  aws_rds_db_performance_insights_enable=$(generate_var aws_rds_db_performance_insights_enable $AWS_RDS_DB_PERFORMANCE_INSIGHTS_ENABLE)
+  aws_rds_db_performance_insights_retention=$(generate_var aws_rds_db_performance_insights_retention $AWS_RDS_DB_PERFORMANCE_INSIGHTS_RETENTION)
+  aws_rds_db_performance_insights_kms_key_id=$(generate_var aws_rds_db_performance_insights_kms_key_id $AWS_RDS_DB_PERFORMANCE_INSIGHTS_KMS_KEY_ID)
+  aws_rds_db_insights_mode=$(generate_var aws_rds_db_insights_mode $AWS_RDS_DB_INSIGHTS_MODE)
+  aws_rds_db_allow_major_version_upgrade=$(generate_var aws_rds_db_allow_major_version_upgrade $AWS_RDS_DB_ALLOW_MAJOR_VERSION_UPGRADE)
+  aws_rds_db_auto_minor_version_upgrade=$(generate_var aws_rds_db_auto_minor_version_upgrade $AWS_RDS_DB_AUTO_MINOR_VERSION_UPGRADE)
+  aws_rds_db_backup_retention_period=$(generate_var aws_rds_db_backup_retention_period $AWS_RDS_DB_BACKUP_RETENTION_PERIOD)
+  aws_rds_db_backup_window=$(generate_var aws_rds_db_backup_window $AWS_RDS_DB_BACKUP_WINDOW)
+  aws_rds_db_copy_tags_to_snapshot=$(generate_var aws_rds_db_copy_tags_to_snapshot $AWS_RDS_DB_COPY_TAGS_TO_SNAPSHOT)
   aws_rds_db_additional_tags=$(generate_var aws_rds_db_additional_tags $AWS_RDS_DB_ADDITIONAL_TAGS)
 fi
 
@@ -254,6 +263,9 @@ if [[ $(alpha_only "$AWS_AURORA_ENABLE") == true ]]; then
   aws_aurora_db_apply_immediately=$(generate_var aws_aurora_db_apply_immediately $AWS_AURORA_DB_APPLY_IMMEDIATELY)
   aws_aurora_db_ca_cert_identifier=$(generate_var aws_aurora_db_ca_cert_identifier $AWS_AURORA_DB_CA_CERT_IDENTIFIER)
   aws_aurora_db_maintenance_window=$(generate_var aws_aurora_db_maintenance_window $AWS_AURORA_DB_MAINTENANCE_WINDOW)
+  aws_aurora_performance_insights_enable=$(generate_var aws_aurora_performance_insights_enable $AWS_AURORA_PERFORMANCE_INSIGHTS_ENABLE)
+  aws_aurora_performance_insights_kms_key_id=$(generate_var aws_aurora_performance_insights_kms_key_id $AWS_AURORA_PERFORMANCE_INSIGHTS_KMS_KEY_ID)
+  aws_aurora_performance_insights_retention=$(generate_var aws_aurora_performance_insights_retention $AWS_AURORA_PERFORMANCE_INSIGHTS_RETENTION)
   aws_aurora_additional_tags=$(generate_var aws_aurora_additional_tags $AWS_AURORA_ADDITIONAL_TAGS)
 fi
 
@@ -560,6 +572,15 @@ $aws_rds_db_cloudwatch_logs_exports
 $aws_rds_db_multi_az
 $aws_rds_db_maintenance_window
 $aws_rds_db_apply_immediately
+$aws_rds_db_performance_insights_enable
+$aws_rds_db_performance_insights_retention
+$aws_rds_db_performance_insights_kms_key_id
+$aws_rds_db_insights_mode
+$aws_rds_db_allow_major_version_upgrade
+$aws_rds_db_auto_minor_version_upgrade
+$aws_rds_db_backup_retention_period
+$aws_rds_db_backup_window
+$aws_rds_db_copy_tags_to_snapshot
 $aws_rds_db_additional_tags
 
 #-- AURORA --#
@@ -607,6 +628,9 @@ $aws_aurora_db_instance_class
 $aws_aurora_db_apply_immediately
 $aws_aurora_db_ca_cert_identifier
 $aws_aurora_db_maintenance_window
+$aws_aurora_performance_insights_enable
+$aws_aurora_performance_insights_kms_key_id
+$aws_aurora_performance_insights_retention
 $aws_aurora_additional_tags
 
 #-- DB PROXY --#

operations/deployment/terraform/aws/aws_variables.tf

@@ -713,6 +713,60 @@ variable "aws_rds_db_apply_immediately" {
   default     = false
 }
 
+variable "aws_rds_db_performance_insights_enable" {
+  type        = bool
+  description = "Specifies whether to enable Performance Insights for the DB instance."
+  default     = false
+}
+
+variable "aws_rds_db_performance_insights_retention" {
+  type        = string
+  description = "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years)."
+  default     = "7"
+}
+
+variable "aws_rds_db_performance_insights_kms_key_id" {
+  type        = string
+  description = "The ARN for the KMS key to encrypt performance insights data."
+  default     = ""
+}
+
+variable "aws_rds_db_insights_mode" {
+  type        = string
+  description = "The mode for Performance Insights."
+  default     = "standard"
+}
+
+variable "aws_rds_db_allow_major_version_upgrade" {
+  type        = bool
+  description = "Indicates that major version upgrades are allowed."
+  default     = false
+}
+
+variable "aws_rds_db_auto_minor_version_upgrade" {
+  type        = bool
+  description = "Indicates that minor version upgrades are allowed."
+  default     = true
+}
+
+variable "aws_rds_db_backup_retention_period" {
+  type        = string
+  description = "The number of days to retain backups for. Must be between 0 (disabled) and 35."
+  default     = 0
+}
+
+variable "aws_rds_db_backup_window" {
+  type        = string
+  description = "The window during which backups are taken."
+  default     = ""
+}
+
+variable "aws_rds_db_copy_tags_to_snapshot" {
+  type        = bool
+  description = "Indicates whether to copy tags to snapshots."
+  default     = false
+}
+
 variable "aws_rds_db_additional_tags" {
   type        = string
   description = "A list of strings that will be added to created resources"
@@ -989,6 +1043,24 @@ variable "aws_aurora_db_maintenance_window" {
   default     = ""
 }
 
+variable "aws_aurora_performance_insights_enable" {
+  type        = bool
+  description = "Specifies whether to enable Performance Insights for the DB instance."
+  default     = false
+}
+
+variable "aws_aurora_performance_insights_retention" {
+  type        = string
+  description = "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years)."
+  default     = "7"
+}
+
+variable "aws_aurora_performance_insights_kms_key_id" {
+  type        = string
+  description = "The ARN for the KMS key to encrypt performance insights data."
+  default     = ""
+}
+
 variable "aws_aurora_additional_tags" {
   type        = string
   description = "A list of strings that will be added to created resources"

operations/deployment/terraform/aws/bitovi_main.tf

@@ -167,30 +167,39 @@ module "rds" {
   source = "../modules/aws/rds"
   count  = var.aws_rds_db_enable ? 1 : 0
   # RDS
-  aws_rds_db_name                        = var.aws_rds_db_name
-  aws_rds_db_user                        = var.aws_rds_db_user
-  aws_rds_db_identifier                  = var.aws_rds_db_identifier != "" ? var.aws_rds_db_identifier : lower(var.aws_resource_identifier)
-  aws_rds_db_engine                      = var.aws_rds_db_engine
-  aws_rds_db_engine_version              = var.aws_rds_db_engine_version
-  aws_rds_db_ca_cert_identifier          = var.aws_rds_db_ca_cert_identifier
-  aws_rds_db_security_group_name         = var.aws_rds_db_security_group_name
-  aws_rds_db_allowed_security_groups     = var.aws_rds_db_allowed_security_groups
-  aws_rds_db_ingress_allow_all           = var.aws_rds_db_ingress_allow_all
-  aws_rds_db_publicly_accessible         = var.aws_rds_db_publicly_accessible
-  aws_rds_db_port                        = var.aws_rds_db_port
-  aws_rds_db_subnets                     = var.aws_rds_db_subnets
-  aws_rds_db_allocated_storage           = var.aws_rds_db_allocated_storage
-  aws_rds_db_max_allocated_storage       = var.aws_rds_db_max_allocated_storage
-  aws_rds_db_storage_encrypted           = var.aws_rds_db_storage_encrypted
-  aws_rds_db_storage_type                = var.aws_rds_db_storage_type
-  aws_rds_db_kms_key_id                  = var.aws_rds_db_kms_key_id
-  aws_rds_db_instance_class              = var.aws_rds_db_instance_class
-  aws_rds_db_final_snapshot              = var.aws_rds_db_final_snapshot
-  aws_rds_db_restore_snapshot_identifier = var.aws_rds_db_restore_snapshot_identifier
-  aws_rds_db_cloudwatch_logs_exports     = var.aws_rds_db_cloudwatch_logs_exports
-  aws_rds_db_multi_az                    = var.aws_rds_db_multi_az
-  aws_rds_db_maintenance_window          = var.aws_rds_db_maintenance_window
-  aws_rds_db_apply_immediately           = var.aws_rds_db_apply_immediately
+  aws_rds_db_name                            = var.aws_rds_db_name
+  aws_rds_db_user                            = var.aws_rds_db_user
+  aws_rds_db_identifier                      = var.aws_rds_db_identifier != "" ? var.aws_rds_db_identifier : lower(var.aws_resource_identifier)
+  aws_rds_db_engine                          = var.aws_rds_db_engine
+  aws_rds_db_engine_version                  = var.aws_rds_db_engine_version
+  aws_rds_db_ca_cert_identifier              = var.aws_rds_db_ca_cert_identifier
+  aws_rds_db_security_group_name             = var.aws_rds_db_security_group_name
+  aws_rds_db_allowed_security_groups         = var.aws_rds_db_allowed_security_groups
+  aws_rds_db_ingress_allow_all               = var.aws_rds_db_ingress_allow_all
+  aws_rds_db_publicly_accessible             = var.aws_rds_db_publicly_accessible
+  aws_rds_db_port                            = var.aws_rds_db_port
+  aws_rds_db_subnets                         = var.aws_rds_db_subnets
+  aws_rds_db_allocated_storage               = var.aws_rds_db_allocated_storage
+  aws_rds_db_max_allocated_storage           = var.aws_rds_db_max_allocated_storage
+  aws_rds_db_storage_encrypted               = var.aws_rds_db_storage_encrypted
+  aws_rds_db_storage_type                    = var.aws_rds_db_storage_type
+  aws_rds_db_kms_key_id                      = var.aws_rds_db_kms_key_id
+  aws_rds_db_instance_class                  = var.aws_rds_db_instance_class
+  aws_rds_db_final_snapshot                  = var.aws_rds_db_final_snapshot
+  aws_rds_db_restore_snapshot_identifier     = var.aws_rds_db_restore_snapshot_identifier
+  aws_rds_db_cloudwatch_logs_exports         = var.aws_rds_db_cloudwatch_logs_exports
+  aws_rds_db_multi_az                        = var.aws_rds_db_multi_az
+  aws_rds_db_maintenance_window              = var.aws_rds_db_maintenance_window
+  aws_rds_db_apply_immediately               = var.aws_rds_db_apply_immediately
+  aws_rds_db_performance_insights_enable     = var.aws_rds_db_performance_insights_enable
+  aws_rds_db_performance_insights_retention  = var.aws_rds_db_performance_insights_retention
+  aws_rds_db_performance_insights_kms_key_id = var.aws_rds_db_performance_insights_kms_key_id
+  aws_rds_db_insights_mode                   = var.aws_rds_db_insights_mode
+  aws_rds_db_allow_major_version_upgrade     = var.aws_rds_db_allow_major_version_upgrade
+  aws_rds_db_auto_minor_version_upgrade      = var.aws_rds_db_auto_minor_version_upgrade
+  aws_rds_db_backup_retention_period         = var.aws_rds_db_backup_retention_period
+  aws_rds_db_backup_window                   = var.aws_rds_db_backup_window
+  aws_rds_db_copy_tags_to_snapshot           = var.aws_rds_db_copy_tags_to_snapshot
   # Others
   #aws_ec2_security_group                 = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : ""
   aws_selected_vpc_id                    = module.vpc.aws_selected_vpc_id
@@ -289,6 +298,11 @@ module "aurora_rds" {
   aws_aurora_db_apply_immediately      = var.aws_aurora_db_apply_immediately
   aws_aurora_db_ca_cert_identifier     = var.aws_aurora_db_ca_cert_identifier
   aws_aurora_db_maintenance_window     = var.aws_aurora_db_maintenance_window
+  # Extras
+  aws_aurora_performance_insights_enable     = var.aws_aurora_performance_insights_enable
+  aws_aurora_performance_insights_kms_key_id = var.aws_aurora_performance_insights_kms_key_id
+  aws_aurora_performance_insights_retention  = var.aws_aurora_performance_insights_retention
+  # Others
   # Incoming
   #aws_ec2_security_group               = var.aws_ec2_instance_create ? module.ec2[0].aws_security_group_ec2_sg_id : ""
   aws_selected_vpc_id                  = module.vpc.aws_selected_vpc_id

operations/deployment/terraform/modules/aws/aurora/aws_aurora.tf

@@ -91,7 +91,10 @@ resource "aws_rds_cluster" "aurora" {
   db_cluster_instance_class           = var.aws_aurora_cluster_db_instance_class
   vpc_security_group_ids              = [aws_security_group.aurora_security_group.id]
   port                                = var.aws_aurora_database_port
-
+  # Extras
+  performance_insights_enabled          = var.aws_aurora_performance_insights_enable
+  performance_insights_retention_period = var.aws_aurora_performance_insights_enable ? var.aws_aurora_performance_insights_retention : null
+  performance_insights_kms_key_id       = var.aws_aurora_performance_insights_enable ? var.aws_aurora_performance_insights_kms_key_id : null
   dynamic "restore_to_point_in_time" {
      for_each = length(var.aws_aurora_restore_to_point_in_time) > 0 ? [var.aws_aurora_restore_to_point_in_time] : []
 

operations/deployment/terraform/modules/aws/aurora/aws_aurora_vars.tf

@@ -46,6 +46,10 @@ variable "aws_aurora_db_apply_immediately" {}
 variable "aws_aurora_db_ca_cert_identifier" {}
 variable "aws_aurora_db_maintenance_window" {}
 variable "aws_aurora_db_publicly_accessible" {}
+# Extras
+variable "aws_aurora_performance_insights_enable" {}
+variable "aws_aurora_performance_insights_retention" {}
+variable "aws_aurora_performance_insights_kms_key_id" {}
 # Incoming
 variable "aws_selected_vpc_id" {}
 variable "aws_subnets_vpc_subnets_ids" {}