diff --git a/README.md b/README.md index 280c606..38498ed 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,10 @@ Terraform module to run RDS MySQL instance. * `engine_version` - MySQL version. Default is 8.0 (Default is `8.0`) * `apply_immediately` - Specifies whether any database modifications are applied immediately, or during the next maintenance window (Default is `true`) * `parameter_group_name` - Name of the DB parameter group to associate (Optional) +* `enable_audit_log` - Enable audit log (Default is `false`) +* `enable_error_log` - Enable error log (Default is `true`) +* `enable_general_log` - Enable general log (Default `true`) +* `enable_slowquery_log` - Enable slowquery log (Default `true`) ## Usage diff --git a/rds.tf b/rds.tf index ca6b685..d36ebd9 100644 --- a/rds.tf +++ b/rds.tf @@ -18,7 +18,7 @@ resource "aws_db_instance" "default" { publicly_accessible = "${local.publicly_accessible}" storage_encrypted = true apply_immediately = "${local.apply_immediately}" - enabled_cloudwatch_logs_exports = ["error", "general", "slowquery"] + enabled_cloudwatch_logs_exports = ["${local.logs_set}"] tags { Project = "${local.project}" @@ -46,7 +46,7 @@ resource "aws_db_instance" "parameterized" { publicly_accessible = "${local.publicly_accessible}" storage_encrypted = true apply_immediately = "${local.apply_immediately}" - enabled_cloudwatch_logs_exports = ["error", "general", "slowquery"] + enabled_cloudwatch_logs_exports = ["${local.logs_set}"] tags { Project = "${local.project}" diff --git a/variables.tf b/variables.tf index 9894e22..ce0e300 100644 --- a/variables.tf +++ b/variables.tf @@ -46,6 +46,26 @@ variable "backup_retention_period" { default = 3 } +variable "enable_audit_log" { + description = "Enable audit log." + default = false +} + +variable "enable_error_log" { + description = "Enable error log." + default = true +} + +variable "enable_general_log" { + description = "Enable general log." + default = true +} + +variable "enable_slowquery_log" { + description = "Enable slowquery log." + default = true +} + variable "backup_window" { description = "The daily time range (in UTC) during which automated backups are created if they are enabled." default = "05:00-07:00" @@ -72,7 +92,7 @@ locals { variable "engine_version" { description = "MySQL version. Default is 8.0" - default = "8.0" + default = 8.0 } locals { @@ -113,4 +133,10 @@ locals { address = "${local.parameter_group_name == "" ? join("", aws_db_instance.default.*.address) : join("", aws_db_instance.parameterized.*.address)}" hosted_zone_id = "${var.parameter_group_name == "" ? join("", aws_db_instance.default.*.hosted_zone_id) : join("", aws_db_instance.parameterized.*.hosted_zone_id)}" rds_id = "${var.parameter_group_name == "" ? join("", aws_db_instance.default.*.id) : join("", aws_db_instance.parameterized.*.id)}" + logs_set = ["${compact(list( + "${var.enable_audit_log ? "audit" : "" }", + "${var.enable_error_log ? "error" : "" }", + "${var.enable_general_log ? "general" : "" }", + "${var.enable_slowquery_log ? "slowquery" : "" }" + ))}"] } \ No newline at end of file