Enable Performance insights (#15)

* feat: enable Performance Insights For database instace types that supports Performance Insights we enable it by default. A 7 day retention of data is free of charge and a longer retention can be set by variables * chore: remove unused terrascan file and update the used one to not check examples folder
opzkit · Nov 22, 2022 · beff1da · beff1da
1 parent ea42b25
commit beff1da
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 51 deletions.
diff --git a/.github/terrascan.yaml b/.github/terrascan.yaml
diff --git a/main.tf b/main.tf
@@ -45,42 +45,71 @@ resource "aws_rds_cluster" "default" {
   storage_encrypted               = true
   db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.cluster_parameters.name
   kms_key_id                      = var.kms_key_arn == "" ? null : var.kms_key_arn
+  enabled_cloudwatch_logs_exports = ["error", "general", "slowquery"]
 }
 
 resource "aws_rds_cluster_instance" "writer" {
-  cluster_identifier  = aws_rds_cluster.default.cluster_identifier
-  identifier          = "${var.identifier}-writer"
-  instance_class      = var.writer_instance_type
-  engine              = aws_rds_cluster.default.engine
-  engine_version      = aws_rds_cluster.default.engine_version
-  monitoring_interval = var.enhanced_monitoring ? 60 : 0
-  monitoring_role_arn = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null
+  cluster_identifier                    = aws_rds_cluster.default.cluster_identifier
+  identifier                            = "${var.identifier}-writer"
+  instance_class                        = var.writer_instance_type
+  engine                                = aws_rds_cluster.default.engine
+  engine_version                        = aws_rds_cluster.default.engine_version
+  monitoring_interval                   = var.enhanced_monitoring ? 60 : 0
+  monitoring_role_arn                   = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null
+  performance_insights_kms_key_id       = var.kms_key_arn == "" ? null : var.kms_key_arn
+  performance_insights_enabled          = local.performance_insights_writer_enabled
+  performance_insights_retention_period = local.performance_insights_writer_enabled ? var.performance_insights_retention_period : null
 }
 
-
 resource "aws_rds_cluster_instance" "reader" {
-  count               = var.reader_instance_type == null ? 0 : 1
-  cluster_identifier  = aws_rds_cluster.default.cluster_identifier
-  identifier          = "${var.identifier}-reader"
-  instance_class      = var.reader_instance_type
-  engine              = aws_rds_cluster.default.engine
-  engine_version      = aws_rds_cluster.default.engine_version
-  monitoring_interval = var.enhanced_monitoring ? 60 : 0
-  monitoring_role_arn = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null
-  promotion_tier      = 1
-
+  count                                 = var.reader_instance_type == null ? 0 : 1
+  cluster_identifier                    = aws_rds_cluster.default.cluster_identifier
+  identifier                            = "${var.identifier}-reader"
+  instance_class                        = var.reader_instance_type
+  engine                                = aws_rds_cluster.default.engine
+  engine_version                        = aws_rds_cluster.default.engine_version
+  monitoring_interval                   = var.enhanced_monitoring ? 60 : 0
+  monitoring_role_arn                   = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null
+  promotion_tier                        = 1
+  performance_insights_kms_key_id       = var.kms_key_arn == "" ? null : var.kms_key_arn
+  performance_insights_enabled          = local.performance_insights_reader_enabled
+  performance_insights_retention_period = local.performance_insights_reader_enabled ? var.performance_insights_retention_period : null
 }
 
 resource "aws_rds_cluster_parameter_group" "cluster_parameters" {
   family = "aurora-mysql5.7"
   name   = "${var.identifier}-cluster-parameters"
 
   dynamic "parameter" {
-    for_each = var.cluster_parameters
+    for_each = merge(var.cluster_parameters, local.default_cluster_parameters)
     content {
       name         = parameter.key
       value        = parameter.value
       apply_method = "pending-reboot"
     }
   }
 }
+
+locals {
+  default_cluster_parameters = {
+    "performance_schema" = 1
+  }
+
+  performance_insights_reader_enabled = lookup(
+    local.instance_types_performance_insights_enabled,
+    try(regex("(db\\..*)\\..*", var.reader_instance_type)[0],
+      ""
+    ),
+  true)
+  performance_insights_writer_enabled = lookup(
+    local.instance_types_performance_insights_enabled,
+    try(regex("(db\\..*)\\..*", var.writer_instance_type)[0],
+      ""
+    ),
+  true)
+
+  instance_types_performance_insights_enabled = {
+    "db.t2" : false,
+    "db.t3" : false,
+  }
+}
diff --git a/secret.tf b/secret.tf
@@ -17,7 +17,7 @@ locals {
     DB_READER_HOST = local.reader_instance_endpoint
   }
   reader_instance_endpoint = var.reader_instance_type == null ? "" : aws_rds_cluster_instance.reader[0].endpoint
-  password = random_password.password.result
+  password                 = random_password.password.result
 }
 
 resource "random_password" "password" {

diff --git a/vars.tf b/vars.tf
@@ -68,4 +68,12 @@ variable "reader_instance_type" {
   type        = string
   description = "Instance type of writers"
   default     = null
-}
+}
+
+variable "performance_insights_retention_period" {
+  default     = 7
+  description = <<EOT
+  Performance insights is enabled by default, not all instance types are supported: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.Overview.Engines.html.
+  Performance insights retention period in days, 7 days is free of charge. Read more here: https://aws.amazon.com/rds/performance-insights/pricing
+EOT
+}