Please suggest how to control execution of certain providers depending on inputs.
In below example during creating rds-cluster I want to control what provider to do configuration routine such as:
- if engine is aurora-postgresql and engine_version > 14 => create certain users;
- else skip (so can after implement mysql functionality later)
Working code sample. Can’t find the way to wrap roles creation into clear control flow as:
- current implementation will try to initiate
pgprovider and will fail in case with mysql engine. - On the other hand module with custom provider doesn’t support count.
Tree
├── README.md
├── backend.tf
├── data.tf
├── database_roles.tf
├── main.tf
├── output.tf
├── provider.tf
├── provider_config.tf
├── random.tf
├── route53.tf
├── secretmanager.tf
├── security.tf
├── terragrunt-debug.tfvars.json
└── variables.tf
Contents:
variables.tf
╰─❯ grep "variable" variables.tf
variable "environment" {
variable "aws_region" {
variable "vpc_tag_name" {
variable "private_subnet_names" {
variable "serverless_enabled" {
variable "multi_az_deployment_enabled" {
variable "identifier" {
variable "local_tags" {
variable "user_mgmt_lambda_arn" {
variable "user_mgmt_lambda_role_name" {
variable "password_rotation_days" {
variable "use_random_password" {
variable "engine" {
variable "engine_version" {
variable "database_name" {
variable "master_username" {
variable "master_password" {
variable "port" {
variable "network_type" {
variable "create_rds_sg" {
variable "vpc_security_group_ids" {
variable "db_subnet_group_name" {
variable "skip_final_snapshot" {
variable "final_snapshot_identifier" {
variable "copy_tags_to_snapshot" {
variable "backup_retention_period" {
variable "preferred_backup_window" {
variable "snapshot_identifier" {
variable "serverlessv2_scaling_configuration" {
variable "availability_zones" {
variable "enabled_cloudwatch_logs_exports" {
variable "kms_key_id" {
variable "storage_encrypted" {
variable "cluster_timeouts" {
variable "deletion_protection" {
variable "tags" {
variable "cluster_tags" {
variable "apply_immediately" {
variable "allow_major_version_upgrade" {
variable "preferred_maintenance_window" {
variable "custom_identifier_enabled" {
variable "count_instances" {
variable "instance_class" {
variable "monitoring_interval" {
variable "monitoring_role_arn" {
variable "ca_cert_identifier" {
variable "auto_minor_version_upgrade" {
variable "client_cidr_blocks" {
variable "r53_private_zone_name" {
variable "r53_private_aliases" {
variable "default_r53_ttl" {
variable "performance_insights_enabled" {
variable "performance_insights_retention_period" {
variable "database_all_ro_role" {
variable "database_all_rw_role" {
main.tf
resource "aws_db_subnet_group" "private" {
resource "aws_rds_cluster" "cluster" {
resource "aws_rds_cluster_instance" "instance" {
provider.tf
terraform {
required_version = ">= 1.0"
required_providers {
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.19.0"
}
aws = {
source = "hashicorp/aws"
version = ">= 4.67"
}
}
}
database_roles.tf
locals {
pg_new_engine = var.engine == "aurora-postgresql" && var.engine_version > 14 ? 1 : 0
pg_old_engine = 0
ms_engine = 0
}
provider "postgresql" {
host = aws_rds_cluster.cluster.endpoint
port = var.port
database = var.database_name
username = var.master_username
password = length(var.snapshot_identifier) > 0 ? null : local.master_password
sslmode = "require"
connect_timeout = 15
superuser = false
}
resource "postgresql_role" "ro_all" {
count = local.pg_new_engine
name = var.database_all_ro_role
roles = ["rds_iam", "pg_read_all_data"]
login = true
}
resource "postgresql_role" "rw_all" {
count = local.pg_new_engine
name = var.database_all_rw_role
roles = ["rds_iam", "pg_write_all_data"]
login = true
}