feat: Remove Enhanced Backups functionality, will be added as standalone module (#14)

* fix: enable deletion protection by default

* feat: remove enhanced backups, this should be an own module

* fix: For security reasons, we do not use the standard port here.

* docs: Remove documentation for the enhanced backup feature

* chore: fix indentation

* chore: consolidate file organization

* fix: increase password length for the master user from 24 to 40

* fix: remove prefix / at aws kms key

* chore: file organisation

* terraform-docs: automated action

* docs: Update docs that enhanced backups don't exists anymore

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: ckappen

.terraform-docs.yml

@@ -32,10 +32,6 @@ content: |-
     ```hcl
     {{ include "examples/with-rds-proxy/main.tf" }}
     ```
-    ### with enhanced Backups
-    ```hcl
-    {{ include "examples/with-enhanced-backups/main.tf" }}
-    ```
 
 output:
   file: "README.md"

README.md

@@ -35,13 +35,10 @@
 
 # Terraform AWS RDS Aurora Cluster
 
-This Terraform module provides a preconfigured solution for setting up AWS
-RDS Aurora clusters in your AWS account. With this module, you can easily
-and efficiently create and manage RDS Aurora clusters with advanced features
-such as extended backups for daily, weekly, monthly, quarterly, and yearly
-intervals. Our team has extensive experience working with AWS RDS Aurora
-and has optimized this module to provide the best possible experience for
-users.
+This Terraform module provides a preconfigured solution for setting up AWS RDS Aurora clusters in your AWS account.
+With this module, you can easily and efficiently create and manage RDS Aurora clusters with advanced features. Our
+team has extensive experience working with AWS RDS Aurora and has optimized this module to provide the best possible
+experience for users.
 
 By using this Terraform module, you can save time and effort in setting
 up and managing your RDS Aurora clusters, as well as ensure that your data
@@ -76,9 +73,8 @@ such as extended backups, user management, and autoscaling.
 | <a name="input_db_instance_parameter_group_name"></a> [db\_instance\_parameter\_group\_name](#input\_db\_instance\_parameter\_group\_name) | The name of the DB parameter group. | `string` | `null` | no |
 | <a name="input_db_instance_parameters"></a> [db\_instance\_parameters](#input\_db\_instance\_parameters) | The name and values of the DB parameters. | <pre>list(object({<br>    apply_method = optional(string)<br>    name         = string<br>    value        = string<br>  }))</pre> | `[]` | no |
 | <a name="input_db_proxy_users"></a> [db\_proxy\_users](#input\_db\_proxy\_users) | List of DB Proxy users. | `list(string)` | <pre>[<br>  "application_dml",<br>  "application_ddl"<br>]</pre> | no |
-| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | If the DB instance should have deletion protection enabled. | `bool` | `false` | no |
+| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | If the DB instance should have deletion protection enabled. | `bool` | `true` | no |
 | <a name="input_enable_db_proxy"></a> [enable\_db\_proxy](#input\_enable\_db\_proxy) | Enable DB Proxy. | `bool` | `true` | no |
-| <a name="input_enable_enhanced_backups"></a> [enable\_enhanced\_backups](#input\_enable\_enhanced\_backups) | Enable enhanced backups. | `bool` | `true` | no |
 | <a name="input_enabled_cloudwatch_logs_exports"></a> [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | Set of log types to enable for exporting to CloudWatch logs. | `list(string)` | <pre>[<br>  "audit",<br>  "error",<br>  "general",<br>  "slowquery"<br>]</pre> | no |
 | <a name="input_engine"></a> [engine](#input\_engine) | The engine to use. | `string` | `"aurora-mysql"` | no |
 | <a name="input_engine_mode"></a> [engine\_mode](#input\_engine\_mode) | The engine mode to use. | `string` | `"provisioned"` | no |
@@ -139,18 +135,4 @@ module "with-rds-proxy" {
   enable_db_proxy = true
 }
 ```
-### with enhanced Backups
-```hcl
-module "with-enhanced-backups" {
-  source = "../../"
-
-  cluster_identifier                 = "my-cluster"
-  database_subnet_group_name         = "db-subnet-group-name"
-  instance_class                     = "db.t4g.medium"
-  vpc_security_group_ids_rds_cluster = ["sg-1234567890"]
-  vpc_subnet_ids                     = ["subnet-12345678", "subnet-87654321"]
-
-  enable_enhanced_backups = true
-}
-```
 <!-- END_TF_DOCS -->

examples/with-enhanced-backups/main.tf

@@ -1,13 +1,10 @@
 /**
  * # Terraform AWS RDS Aurora Cluster
  *
- * This Terraform module provides a preconfigured solution for setting up AWS
- * RDS Aurora clusters in your AWS account. With this module, you can easily
- * and efficiently create and manage RDS Aurora clusters with advanced features
- * such as extended backups for daily, weekly, monthly, quarterly, and yearly
- * intervals. Our team has extensive experience working with AWS RDS Aurora
- * and has optimized this module to provide the best possible experience for
- * users.
+ * This Terraform module provides a preconfigured solution for setting up AWS RDS Aurora clusters in your AWS account.
+ * With this module, you can easily and efficiently create and manage RDS Aurora clusters with advanced features. Our
+ * team has extensive experience working with AWS RDS Aurora and has optimized this module to provide the best possible
+ * experience for users.
  *
  * By using this Terraform module, you can save time and effort in setting
  * up and managing your RDS Aurora clusters, as well as ensure that your data
@@ -131,28 +128,6 @@ module "db_event_subscription" {
   recipients = var.database_event_recipients
 }
 
-module "backup" {
-  count = var.enable_enhanced_backups ? 1 : 0
-
-  source = "github.com/geekcell/terraform-aws-backup?ref=v1"
-
-  # Vault name for this backup
-  vault_name = "${var.cluster_identifier}-rds"
-
-  # Backup plan name, most of the time the identifier of the cluster is fine
-  backup_name = "${var.cluster_identifier}-rds"
-
-  # Resources to backup
-  resources = [
-    module.rds_cluster.arn
-  ]
-
-  # AWS needs to know what kind of services we want to backup
-  service = "rds"
-
-  tags = var.tags
-}
-
 module "db_instance_parameter_group" {
   count = length(var.db_instance_parameters) > 0 ? 1 : 0
 

main.tf

@@ -27,7 +27,7 @@
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Specifies whether or not mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. | `bool` | `false` | no |
 | <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | A List of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `null` | no |
 | <a name="input_iops"></a> [iops](#input\_iops) | The amount of Provisioned IOPS to be initially allocated for each DB instance in the Multi-AZ DB cluster. | `number` | `null` | no |
-| <a name="input_port"></a> [port](#input\_port) | The port on which the DB accepts connections. | `number` | `3306` | no |
+| <a name="input_port"></a> [port](#input\_port) | The port on which the DB accepts connections. | `number` | `6033` | no |
 | <a name="input_preferred_backup_window"></a> [preferred\_backup\_window](#input\_preferred\_backup\_window) | The daily time range (in UTC) during which automated backups are created if they are enabled. | `string` | `"00:00-02:30"` | no |
 | <a name="input_preferred_maintenance_window"></a> [preferred\_maintenance\_window](#input\_preferred\_maintenance\_window) | The weekly time range during which system maintenance can occur, in (UTC). | `string` | `"Mon:03:00-Mon:04:30"` | no |
 | <a name="input_replication_source_identifier"></a> [replication\_source\_identifier](#input\_replication\_source\_identifier) | ARN of the source DB cluster or DB instance if this DB cluster is created as a Read Replica. | `string` | `null` | no |
@@ -55,8 +55,8 @@
 
 ## Resources
 
-- resource.aws_rds_cluster.main (modules/rds_cluster/main.tf#1)
-- resource.random_password.master_password (modules/rds_cluster/main.tf#107)
-- resource.random_string.master_username (modules/rds_cluster/main.tf#101)
-- data source.aws_availability_zones.available (modules/rds_cluster/data.tf#1)
+- resource.aws_rds_cluster.main (modules/rds_cluster/main.tf#5)
+- resource.random_password.master_password (modules/rds_cluster/main.tf#113)
+- resource.random_string.master_username (modules/rds_cluster/main.tf#107)
+- data source.aws_availability_zones.available (modules/rds_cluster/main.tf#1)
 <!-- END_TF_DOCS -->

modules/rds_cluster/README.md

@@ -1,3 +0,0 @@
-data "aws_availability_zones" "available" {
-  state = "available"
-}

modules/rds_cluster/data.tf

@@ -1,3 +1,7 @@
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
 resource "aws_rds_cluster" "main" {
   # Cluster identifier
   cluster_identifier = var.cluster_identifier
@@ -20,8 +24,10 @@ resource "aws_rds_cluster" "main" {
   database_name = var.database_name
 
   # Master-Credentials
-  master_username                     = random_string.master_username.result
-  master_password                     = random_password.master_password.result
+  master_username = random_string.master_username.result
+  master_password = random_password.master_password.result
+
+  # IAM authentication
   iam_database_authentication_enabled = var.iam_database_authentication_enabled
 
   # Backups
@@ -82,6 +88,14 @@ resource "aws_rds_cluster" "main" {
   }
 }
 
+module "kms" {
+  source  = "geekcell/kms/aws"
+  version = ">= 1.0.0, < 2.0.0"
+
+  alias = "rds/cluster/${var.cluster_identifier}/storage"
+  tags  = var.tags
+}
+
 module "autoscaling" {
   count  = var.additional_reader_capacity >= 1 ? 1 : 0
   source = "../rds_cluster_autoscaling"
@@ -90,21 +104,13 @@ module "autoscaling" {
   min_capacity       = var.additional_reader_capacity
 }
 
-module "kms" {
-  source  = "geekcell/kms/aws"
-  version = ">= 1.0.0, < 2.0.0"
-
-  alias = "/rds/cluster/${var.cluster_identifier}/storage"
-  tags  = var.tags
-}
-
 resource "random_string" "master_username" {
   length  = 12
   special = false
   numeric = false
 }
 
 resource "random_password" "master_password" {
-  length  = 24
+  length  = 40
   special = false
 }

modules/rds_cluster/main.tf

@@ -135,7 +135,7 @@ variable "iops" {
 }
 
 variable "port" {
-  default     = 3306
+  default     = 6033
   description = "The port on which the DB accepts connections."
   type        = number
 }

modules/rds_cluster/variables.tf

@@ -68,14 +68,8 @@ variable "db_proxy_users" {
 }
 
 variable "deletion_protection" {
-  default     = false
-  description = "If the DB instance should have deletion protection enabled."
-  type        = bool
-}
-
-variable "enable_enhanced_backups" {
   default     = true
-  description = "Enable enhanced backups."
+  description = "If the DB instance should have deletion protection enabled."
   type        = bool
 }