Merge pull request #6 from opzkit/monitoring

feat: enhanced monitoring
opzkit · Jan 12, 2022 · fbded83 · fbded83
2 parents 47dad32 + 4575c75
commit fbded83
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/iam.tf b/iam.tf
@@ -0,0 +1,26 @@
+resource "aws_iam_role" "rds_enhanced_monitoring" {
+  count              = var.enhanced_monitoring ? 1 : 0
+  name               = "${var.identifier}-rds-enhanced-monitoring"
+  assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json
+}
+
+resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
+  count      = var.enhanced_monitoring ? 1 : 0
+  role       = aws_iam_role.rds_enhanced_monitoring[0].name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+}
+
+data "aws_iam_policy_document" "rds_enhanced_monitoring" {
+  statement {
+    actions = [
+      "sts:AssumeRole",
+    ]
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["monitoring.rds.amazonaws.com"]
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -48,11 +48,13 @@ resource "aws_rds_cluster" "default" {
 }
 
 resource "aws_rds_cluster_instance" "writer" {
-  cluster_identifier = aws_rds_cluster.default.cluster_identifier
-  identifier         = "${var.identifier}-writer"
-  instance_class     = var.writer_instance_type
-  engine             = aws_rds_cluster.default.engine
-  engine_version     = aws_rds_cluster.default.engine_version
+  cluster_identifier  = aws_rds_cluster.default.cluster_identifier
+  identifier          = "${var.identifier}-writer"
+  instance_class      = var.writer_instance_type
+  engine              = aws_rds_cluster.default.engine
+  engine_version      = aws_rds_cluster.default.engine_version
+  monitoring_interval = var.enhanced_monitoring ? 60 : 0
+  monitoring_role_arn = var.enhanced_monitoring ? aws_iam_role.rds_enhanced_monitoring[0].arn : null
 }
 
 resource "aws_rds_cluster_parameter_group" "cluster_parameters" {

diff --git a/vars.tf b/vars.tf
@@ -57,3 +57,9 @@ variable "kms_key_arn" {
   default     = ""
   description = "KMS key to use for encryption"
 }
+
+variable "enhanced_monitoring" {
+  type        = bool
+  default     = false
+  description = "Enable enhanced monitor on the instance"
+}