feat: Support name_prefix in iam_role.enhanced_monitoring (#418)

Author: magreenbaum

README.md

@@ -286,6 +286,7 @@ Users have the ability to:
 | <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero | `string` | `null` | no |
 | <a name="input_monitoring_role_description"></a> [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no |
 | <a name="input_monitoring_role_name"></a> [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled | `string` | `"rds-monitoring-role"` | no |
+| <a name="input_monitoring_role_use_name_prefix"></a> [monitoring\_role\_use\_name\_prefix](#input\_monitoring\_role\_use\_name\_prefix) | Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix | `bool` | `false` | no |
 | <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
 | <a name="input_option_group_description"></a> [option\_group\_description](#input\_option\_group\_description) | The description of the option group | `string` | `null` | no |
 | <a name="input_option_group_name"></a> [option\_group\_name](#input\_option\_group\_name) | Name of the option group | `string` | `null` | no |

examples/complete-postgres/main.tf

@@ -99,6 +99,7 @@ module "db" {
   create_monitoring_role                = true
   monitoring_interval                   = 60
   monitoring_role_name                  = "example-monitoring-role-name"
+  monitoring_role_use_name_prefix       = true
   monitoring_role_description           = "Description for monitoring role"
 
   parameters = [

main.tf

@@ -115,16 +115,17 @@ module "db_instance" {
   performance_insights_retention_period = var.performance_insights_retention_period
   performance_insights_kms_key_id       = var.performance_insights_enabled ? var.performance_insights_kms_key_id : null
 
-  replicate_source_db         = var.replicate_source_db
-  replica_mode                = var.replica_mode
-  backup_retention_period     = var.backup_retention_period
-  backup_window               = var.backup_window
-  max_allocated_storage       = var.max_allocated_storage
-  monitoring_interval         = var.monitoring_interval
-  monitoring_role_arn         = var.monitoring_role_arn
-  monitoring_role_name        = var.monitoring_role_name
-  monitoring_role_description = var.monitoring_role_description
-  create_monitoring_role      = var.create_monitoring_role
+  replicate_source_db             = var.replicate_source_db
+  replica_mode                    = var.replica_mode
+  backup_retention_period         = var.backup_retention_period
+  backup_window                   = var.backup_window
+  max_allocated_storage           = var.max_allocated_storage
+  monitoring_interval             = var.monitoring_interval
+  monitoring_role_arn             = var.monitoring_role_arn
+  monitoring_role_name            = var.monitoring_role_name
+  monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix
+  monitoring_role_description     = var.monitoring_role_description
+  create_monitoring_role          = var.create_monitoring_role
 
   character_set_name = var.character_set_name
   timezone           = var.timezone

modules/db_instance/README.md

@@ -73,6 +73,7 @@ No modules.
 | <a name="input_monitoring_role_arn"></a> [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring\_interval is non-zero. | `string` | `null` | no |
 | <a name="input_monitoring_role_description"></a> [monitoring\_role\_description](#input\_monitoring\_role\_description) | Description of the monitoring IAM role | `string` | `null` | no |
 | <a name="input_monitoring_role_name"></a> [monitoring\_role\_name](#input\_monitoring\_role\_name) | Name of the IAM role which will be created when create\_monitoring\_role is enabled. | `string` | `"rds-monitoring-role"` | no |
+| <a name="input_monitoring_role_use_name_prefix"></a> [monitoring\_role\_use\_name\_prefix](#input\_monitoring\_role\_use\_name\_prefix) | Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix | `bool` | `false` | no |
 | <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
 | <a name="input_option_group_name"></a> [option\_group\_name](#input\_option\_group\_name) | Name of the DB option group to associate. | `string` | `null` | no |
 | <a name="input_parameter_group_name"></a> [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `null` | no |

modules/db_instance/main.tf

@@ -6,6 +6,9 @@ locals {
   identifier        = var.use_identifier_prefix ? null : var.identifier
   identifier_prefix = var.use_identifier_prefix ? "${var.identifier}-" : null
 
+  monitoring_role_name        = var.monitoring_role_use_name_prefix ? null : var.monitoring_role_name
+  monitoring_role_name_prefix = var.monitoring_role_use_name_prefix ? "${var.monitoring_role_name}-" : null
+
   # Replicas will use source metadata
   username       = var.replicate_source_db != null ? null : var.username
   password       = var.replicate_source_db != null ? null : var.password
@@ -162,7 +165,8 @@ data "aws_iam_policy_document" "enhanced_monitoring" {
 resource "aws_iam_role" "enhanced_monitoring" {
   count = var.create_monitoring_role ? 1 : 0
 
-  name               = var.monitoring_role_name
+  name               = local.monitoring_role_name
+  name_prefix        = local.monitoring_role_name_prefix
   assume_role_policy = data.aws_iam_policy_document.enhanced_monitoring.json
   description        = var.monitoring_role_description
 

modules/db_instance/variables.tf

@@ -201,6 +201,12 @@ variable "monitoring_role_name" {
   default     = "rds-monitoring-role"
 }
 
+variable "monitoring_role_use_name_prefix" {
+  description = "Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix"
+  type        = bool
+  default     = false
+}
+
 variable "monitoring_role_description" {
   description = "Description of the monitoring IAM role"
   type        = string

variables.tf

@@ -183,6 +183,12 @@ variable "monitoring_role_name" {
   default     = "rds-monitoring-role"
 }
 
+variable "monitoring_role_use_name_prefix" {
+  description = "Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix"
+  type        = bool
+  default     = false
+}
+
 variable "monitoring_role_description" {
   description = "Description of the monitoring IAM role"
   type        = string