synapsestudios · areida · Aug 7, 2024 · Aug 7, 2024 · Aug 14, 2024 · Aug 14, 2024
diff --git a/README.md b/README.md
@@ -57,6 +57,7 @@ You can do this by commenting out the entire module, running a terraform apply,
 | <a name="input_alb_security_group_id"></a> [alb\_security\_group\_id](#input\_alb\_security\_group\_id) | Security Group ID for the ALB | `string` | n/a | yes |
 | <a name="input_assign_public_ip"></a> [assign\_public\_ip](#input\_assign\_public\_ip) | Whether or not to assign a public IP to the task | `bool` | `false` | no |
 | <a name="input_azs"></a> [azs](#input\_azs) | Availability zones | `list(string)` | n/a | yes |
+| <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Identifier of the CA certificate for the DB instance | `string` | `null` | no |
 | <a name="input_cluster_arn"></a> [cluster\_arn](#input\_cluster\_arn) | ECS cluster to deploy into | `string` | n/a | yes |
 | <a name="input_command"></a> [command](#input\_command) | Container startup command (Use null if container\_definitions is set) | `list(string)` | n/a | yes |
 | <a name="input_container_definitions"></a> [container\_definitions](#input\_container\_definitions) | A list of valid container definitions provided as a single valid JSON document. By default, this module will generate a container definition for you. If you need to provide your own or have multiple, you can do so here. | `string` | `null` | no |

diff --git a/db.tf b/db.tf
@@ -8,4 +8,5 @@ module "database" {
   name               = var.service_name
   vpc_id             = var.vpc_id
   database_name      = var.db_name
+  ca_cert_identifier = var.ca_cert_identifier
 }
diff --git a/rds_cluster/main.tf b/rds_cluster/main.tf
@@ -21,6 +21,7 @@ resource "aws_rds_cluster" "this" {
   tags                            = var.tags
   db_cluster_parameter_group_name = "default.aurora-postgresql14"
   deletion_protection             = true
+  ca_certificate_identifier       = var.ca_cert_identifier
 }
 
 resource "random_password" "password" {
@@ -65,6 +66,7 @@ resource "aws_rds_cluster_instance" "this" {
   instance_class               = var.instance_class
   db_subnet_group_name         = aws_db_subnet_group.this.name
   tags                         = var.tags
+  ca_cert_identifier           = var.ca_cert_identifier
 }
 
 resource "aws_db_subnet_group" "this" {

diff --git a/rds_cluster/variables.tf b/rds_cluster/variables.tf
@@ -44,3 +44,9 @@ variable "instance_class" {
   type        = string
   description = "Instance class"
 }
+
+variable "ca_cert_identifier" {
+  type        = string
+  description = "Identifier of the CA certificate for the DB instance"
+  default     = "rds-ca-rsa2048-g1"
+}
diff --git a/variables.tf b/variables.tf
@@ -140,3 +140,9 @@ variable "assign_public_ip" {
   description = "Whether or not to assign a public IP to the task"
   default     = false
 }
+
+variable "ca_cert_identifier" {
+  type        = string
+  description = "Identifier of the CA certificate for the DB instance"
+  default     = null
+}