diff --git a/aws/provider.go b/aws/provider.go index a21e986df9e..0311d1c66f7 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -508,6 +508,7 @@ func Provider() *schema.Provider { "aws_db_option_group": resourceAwsDbOptionGroup(), "aws_db_parameter_group": resourceAwsDbParameterGroup(), "aws_db_proxy": resourceAwsDbProxy(), + "aws_db_proxy_default_target_group": resourceAwsDbProxyDefaultTargetGroup(), "aws_db_security_group": resourceAwsDbSecurityGroup(), "aws_db_snapshot": resourceAwsDbSnapshot(), "aws_db_subnet_group": resourceAwsDbSubnetGroup(), diff --git a/aws/resource_aws_db_proxy_default_target_group.go b/aws/resource_aws_db_proxy_default_target_group.go new file mode 100644 index 00000000000..45bc04f3cc3 --- /dev/null +++ b/aws/resource_aws_db_proxy_default_target_group.go @@ -0,0 +1,234 @@ +package aws + +import ( + "fmt" + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/rds" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceAwsDbProxyDefaultTargetGroup() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsDbProxyDefaultTargetGroupCreate, + Read: resourceAwsDbProxyDefaultTargetGroupRead, + Update: resourceAwsDbProxyDefaultTargetGroupUpdate, + Delete: schema.Noop, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(30 * time.Minute), + Update: schema.DefaultTimeout(30 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "db_proxy_name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validateRdsIdentifier, + }, + "name": { + Type: schema.TypeString, + Computed: true, + }, + "connection_pool_config": { + Type: schema.TypeList, + Required: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "connection_borrow_timeout": { + Type: schema.TypeInt, + Optional: true, + Default: 120, + ValidateFunc: validation.IntBetween(0, 3600), + }, + "init_query": { + Type: schema.TypeString, + Optional: true, + }, + "max_connections_percent": { + Type: schema.TypeInt, + Optional: true, + Default: 100, + ValidateFunc: validation.IntBetween(1, 100), + }, + "max_idle_connections_percent": { + Type: schema.TypeInt, + Optional: true, + Default: 50, + ValidateFunc: validation.IntBetween(0, 100), + }, + "session_pinning_filters": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + // This isn't available as a constant + ValidateFunc: validation.StringInSlice([]string{ + "EXCLUDE_VARIABLE_SETS", + }, false), + }, + Set: schema.HashString, + }, + }, + }, + }, + }, + } +} + +func resourceAwsDbProxyDefaultTargetGroupRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).rdsconn + + tg, err := resourceAwsDbProxyDefaultTargetGroupGet(conn, d.Id()) + + if err != nil { + if isAWSErr(err, rds.ErrCodeDBProxyNotFoundFault, "") { + log.Printf("[WARN] DB Proxy (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + return fmt.Errorf("error reading RDS DB Proxy (%s) Default Target Group: %w", d.Id(), err) + } + + if tg == nil { + log.Printf("[WARN] DB Proxy default target group (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + d.Set("arn", tg.TargetGroupArn) + d.Set("db_proxy_name", tg.DBProxyName) + d.Set("name", tg.TargetGroupName) + + cpc := tg.ConnectionPoolConfig + d.Set("connection_pool_config", flattenDbProxyTargetGroupConnectionPoolConfig(cpc)) + + return nil +} + +func resourceAwsDbProxyDefaultTargetGroupCreate(d *schema.ResourceData, meta interface{}) error { + d.SetId(d.Get("db_proxy_name").(string)) + return resourceAwsDbProxyDefaultTargetGroupCreateUpdate(d, meta, schema.TimeoutCreate) +} + +func resourceAwsDbProxyDefaultTargetGroupUpdate(d *schema.ResourceData, meta interface{}) error { + return resourceAwsDbProxyDefaultTargetGroupCreateUpdate(d, meta, schema.TimeoutUpdate) +} + +func resourceAwsDbProxyDefaultTargetGroupCreateUpdate(d *schema.ResourceData, meta interface{}, timeout string) error { + conn := meta.(*AWSClient).rdsconn + + params := rds.ModifyDBProxyTargetGroupInput{ + DBProxyName: aws.String(d.Get("db_proxy_name").(string)), + TargetGroupName: aws.String("default"), + } + + if v, ok := d.GetOk("connection_pool_config"); ok { + params.ConnectionPoolConfig = expandDbProxyConnectionPoolConfig(v.([]interface{})) + } + + log.Printf("[DEBUG] Update DB Proxy default target group: %#v", params) + _, err := conn.ModifyDBProxyTargetGroup(¶ms) + if err != nil { + return fmt.Errorf("error updating RDS DB Proxy (%s) default target group: %w", d.Id(), err) + } + + stateChangeConf := &resource.StateChangeConf{ + Pending: []string{rds.DBProxyStatusModifying}, + Target: []string{rds.DBProxyStatusAvailable}, + Refresh: resourceAwsDbProxyDefaultTargetGroupRefreshFunc(conn, d.Id()), + Timeout: d.Timeout(timeout), + } + + _, err = stateChangeConf.WaitForState() + if err != nil { + return fmt.Errorf("Error waiting for DB Proxy default target group update: %s", err) + } + + return resourceAwsDbProxyDefaultTargetGroupRead(d, meta) +} + +func expandDbProxyConnectionPoolConfig(configs []interface{}) *rds.ConnectionPoolConfiguration { + if len(configs) < 1 { + return nil + } + + config := configs[0].(map[string]interface{}) + + result := &rds.ConnectionPoolConfiguration{ + ConnectionBorrowTimeout: aws.Int64(int64(config["connection_borrow_timeout"].(int))), + InitQuery: aws.String(config["init_query"].(string)), + MaxConnectionsPercent: aws.Int64(int64(config["max_connections_percent"].(int))), + MaxIdleConnectionsPercent: aws.Int64(int64(config["max_idle_connections_percent"].(int))), + SessionPinningFilters: expandStringSet(config["session_pinning_filters"].(*schema.Set)), + } + + return result +} + +func flattenDbProxyTargetGroupConnectionPoolConfig(cpc *rds.ConnectionPoolConfigurationInfo) []interface{} { + if cpc == nil { + return []interface{}{} + } + + m := make(map[string]interface{}) + m["connection_borrow_timeout"] = aws.Int64Value(cpc.ConnectionBorrowTimeout) + m["init_query"] = aws.StringValue(cpc.InitQuery) + m["max_connections_percent"] = aws.Int64Value(cpc.MaxConnectionsPercent) + m["max_idle_connections_percent"] = aws.Int64Value(cpc.MaxIdleConnectionsPercent) + m["session_pinning_filters"] = flattenStringSet(cpc.SessionPinningFilters) + + return []interface{}{m} +} + +func resourceAwsDbProxyDefaultTargetGroupGet(conn *rds.RDS, proxyName string) (*rds.DBProxyTargetGroup, error) { + params := &rds.DescribeDBProxyTargetGroupsInput{ + DBProxyName: aws.String(proxyName), + } + + var defaultTargetGroup *rds.DBProxyTargetGroup + err := conn.DescribeDBProxyTargetGroupsPages(params, func(page *rds.DescribeDBProxyTargetGroupsOutput, lastPage bool) bool { + for _, targetGroup := range page.TargetGroups { + if *targetGroup.IsDefault { + defaultTargetGroup = targetGroup + return false + } + } + return !lastPage + }) + + if err != nil { + return nil, err + } + + // Return default target group + return defaultTargetGroup, nil +} + +func resourceAwsDbProxyDefaultTargetGroupRefreshFunc(conn *rds.RDS, proxyName string) resource.StateRefreshFunc { + return func() (interface{}, string, error) { + tg, err := resourceAwsDbProxyDefaultTargetGroupGet(conn, proxyName) + + if err != nil { + if isAWSErr(err, rds.ErrCodeDBProxyNotFoundFault, "") { + return 42, "", nil + } + return 42, "", err + } + + return tg, *tg.Status, nil + } +} diff --git a/aws/resource_aws_db_proxy_default_target_group_test.go b/aws/resource_aws_db_proxy_default_target_group_test.go new file mode 100644 index 00000000000..d7671586cf7 --- /dev/null +++ b/aws/resource_aws_db_proxy_default_target_group_test.go @@ -0,0 +1,488 @@ +package aws + +import ( + "fmt" + "regexp" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/rds" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource" +) + +func TestAccAWSDBProxyDefaultTargetGroup_Basic(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_Basic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + testAccMatchResourceAttrRegionalARN(resourceName, "arn", "rds", regexp.MustCompile(`target-group:.+`)), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "connection_pool_config.*", map[string]string{ + "connection_borrow_timeout": "120", + "init_query": "", + "max_connections_percent": "100", + "max_idle_connections_percent": "50", + }), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.session_pinning_filters.#", "0"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_ConnectionBorrowTimeout(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_ConnectionBorrowTimeout(rName, 120), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.connection_borrow_timeout", "120"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_ConnectionBorrowTimeout(rName, 90), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.connection_borrow_timeout", "90"), + ), + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_InitQuery(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_InitQuery(rName, "SET x=1, y=2"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.init_query", "SET x=1, y=2"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_InitQuery(rName, "SET a=2, b=1"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.init_query", "SET a=2, b=1"), + ), + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_MaxConnectionsPercent(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_MaxConnectionsPercent(rName, 100), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.max_connections_percent", "100"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_MaxConnectionsPercent(rName, 75), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.max_connections_percent", "75"), + ), + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_MaxIdleConnectionsPercent(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_MaxIdleConnectionsPercent(rName, 50), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.max_idle_connections_percent", "50"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_MaxIdleConnectionsPercent(rName, 33), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.max_idle_connections_percent", "33"), + ), + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_SessionPinningFilters(t *testing.T) { + var dbProxyTargetGroup rds.DBProxyTargetGroup + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + sessionPinningFilters := "EXCLUDE_VARIABLE_SETS" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_Basic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.session_pinning_filters.#", "0"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_SessionPinningFilters(rName, sessionPinningFilters), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyTargetGroupExists(resourceName, &dbProxyTargetGroup), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.session_pinning_filters.#", "1"), + resource.TestCheckResourceAttr(resourceName, "connection_pool_config.0.session_pinning_filters.0", sessionPinningFilters), + ), + }, + }, + }) +} + +func TestAccAWSDBProxyDefaultTargetGroup_disappears(t *testing.T) { + var v rds.DBProxy + resourceName := "aws_db_proxy_default_target_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBProxyTargetGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBProxyDefaultTargetGroupConfig_Basic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBProxyExists(resourceName, &v), + testAccCheckResourceDisappears(testAccProvider, resourceAwsDbProxyDefaultTargetGroup(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSDBProxyTargetGroupDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).rdsconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_db_proxy_default_target_group" { + continue + } + + // Try to find the Group + resp, err := conn.DescribeDBProxyTargetGroups( + &rds.DescribeDBProxyTargetGroupsInput{ + DBProxyName: aws.String(rs.Primary.ID), + TargetGroupName: aws.String("default"), + }) + + if err == nil { + if len(resp.TargetGroups) != 0 && + *resp.TargetGroups[0].DBProxyName == rs.Primary.ID { + return fmt.Errorf("DB Proxy Target Group still exists") + } + } + + if !isAWSErr(err, rds.ErrCodeDBProxyNotFoundFault, "") { + return err + } + } + + return nil +} + +func testAccCheckAWSDBProxyTargetGroupExists(n string, v *rds.DBProxyTargetGroup) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No DB Proxy ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).rdsconn + + opts := rds.DescribeDBProxyTargetGroupsInput{ + DBProxyName: aws.String(rs.Primary.ID), + TargetGroupName: aws.String("default"), + } + + resp, err := conn.DescribeDBProxyTargetGroups(&opts) + + if err != nil { + return err + } + + if len(resp.TargetGroups) != 1 || + *resp.TargetGroups[0].DBProxyName != rs.Primary.ID { + return fmt.Errorf("DB Proxy Target Group not found") + } + + *v = *resp.TargetGroups[0] + + return nil + } +} + +func testAccAWSDBProxyDefaultTargetGroupConfigBase(rName string) string { + return fmt.Sprintf(` +resource "aws_db_proxy" "test" { + depends_on = [ + aws_secretsmanager_secret_version.test, + aws_iam_role_policy.test + ] + + name = "%[1]s" + debug_logging = false + engine_family = "MYSQL" + idle_client_timeout = 1800 + require_tls = true + role_arn = aws_iam_role.test.arn + vpc_security_group_ids = [aws_security_group.test.id] + vpc_subnet_ids = aws_subnet.test.*.id + + auth { + auth_scheme = "SECRETS" + description = "test" + iam_auth = "DISABLED" + secret_arn = aws_secretsmanager_secret.test.arn + } + + tags = { + Name = "%[1]s" + } +} + +# Secrets Manager setup + +resource "aws_secretsmanager_secret" "test" { + name = "%[1]s" + recovery_window_in_days = 0 +} + +resource "aws_secretsmanager_secret_version" "test" { + secret_id = aws_secretsmanager_secret.test.id + secret_string = "{\"username\":\"db_user\",\"password\":\"db_user_password\"}" +} + +# IAM setup + +resource "aws_iam_role" "test" { + name = "%[1]s" + assume_role_policy = data.aws_iam_policy_document.assume.json +} + +data "aws_iam_policy_document" "assume" { + statement { + actions = ["sts:AssumeRole"] + principals { + type = "Service" + identifiers = ["rds.amazonaws.com"] + } + } +} + +resource "aws_iam_role_policy" "test" { + role = aws_iam_role.test.id + policy = data.aws_iam_policy_document.test.json +} + +data "aws_iam_policy_document" "test" { + statement { + actions = [ + "secretsmanager:GetRandomPassword", + "secretsmanager:CreateSecret", + "secretsmanager:ListSecrets", + ] + resources = ["*"] + } + + statement { + actions = ["secretsmanager:*"] + resources = [aws_secretsmanager_secret.test.arn] + } +} + +# VPC setup + +data "aws_availability_zones" "available" { + state = "available" + + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "%[1]s" + } +} + +resource "aws_security_group" "test" { + name = "%[1]s" + vpc_id = aws_vpc.test.id +} + +resource "aws_subnet" "test" { + count = 2 + cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, count.index) + availability_zone = data.aws_availability_zones.available.names[count.index] + vpc_id = aws_vpc.test.id + + tags = { + Name = "%[1]s-${count.index}" + } +} +`, rName) +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_Basic(rName string) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + ` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + } +} +` +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_ConnectionBorrowTimeout(rName string, connectionBorrowTimeout int) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + fmt.Sprintf(` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + connection_borrow_timeout = %[2]d + } +} +`, rName, connectionBorrowTimeout) +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_InitQuery(rName, initQuery string) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + fmt.Sprintf(` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + init_query = "%[2]s" + } +} +`, rName, initQuery) +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_MaxConnectionsPercent(rName string, maxConnectionsPercent int) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + fmt.Sprintf(` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + max_connections_percent = %[2]d + } +} +`, rName, maxConnectionsPercent) +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_MaxIdleConnectionsPercent(rName string, maxIdleConnectionsPercent int) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + fmt.Sprintf(` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + max_idle_connections_percent = %[2]d + } +} +`, rName, maxIdleConnectionsPercent) +} + +func testAccAWSDBProxyDefaultTargetGroupConfig_SessionPinningFilters(rName, sessionPinningFilters string) string { + return testAccAWSDBProxyDefaultTargetGroupConfigBase(rName) + fmt.Sprintf(` +resource "aws_db_proxy_default_target_group" "test" { + db_proxy_name = aws_db_proxy.test.name + + connection_pool_config { + session_pinning_filters = ["%[2]s"] + } +} +`, rName, sessionPinningFilters) +} diff --git a/website/docs/r/db_proxy_default_target_group.html.markdown b/website/docs/r/db_proxy_default_target_group.html.markdown new file mode 100644 index 00000000000..8ad63d82233 --- /dev/null +++ b/website/docs/r/db_proxy_default_target_group.html.markdown @@ -0,0 +1,90 @@ +--- +subcategory: "RDS" +layout: "aws" +page_title: "AWS: aws_db_proxy_default_target_group" +description: |- + Manage an RDS DB proxy default target group resource. +--- + +# Resource: aws_db_proxy_default_target_group + +Provides a resource to manage an RDS DB proxy default target group resource. + +The `aws_db_proxy_default_target_group` behaves differently from normal resources, in that Terraform does not _create_ or _destroy_ this resource, since it implicitly exists as part of an RDS DB Proxy. On Terraform resource creation it is automatically imported and on resource destruction, Terraform performs no actions in RDS. + +## Example Usage + +```hcl +resource "aws_db_proxy" "example" { + name = "example" + debug_logging = false + engine_family = "MYSQL" + idle_client_timeout = 1800 + require_tls = true + role_arn = aws_iam_role.example.arn + vpc_security_group_ids = [aws_security_group.example.id] + vpc_subnet_ids = [aws_subnet.example.id] + + auth { + auth_scheme = "SECRETS" + description = "example" + iam_auth = "DISABLED" + secret_arn = aws_secretsmanager_secret.example.arn + } + + tags = { + Name = "example" + Key = "value" + } +} + +resource "aws_db_proxy_default_target_group" "example" { + db_proxy_name = aws_db_proxy.example.name + + connection_pool_config { + connection_borrow_timeout = 120 + init_query = "SET x=1, y=2" + max_connections_percent = 100 + max_idle_connections_percent = 50 + session_pinning_filters = ["EXCLUDE_VARIABLE_SETS"] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `db_proxy_name` - (Required) Name of the RDS DB Proxy. +* `connection_pool_config` - (Optional) The settings that determine the size and behavior of the connection pool for the target group. + +`connection_pool_config` blocks support the following: + +* `connection_borrow_timeout` - (Optional) The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. +* `init_query` - (Optional) One or more SQL statements for the proxy to run when opening each new database connection. Typically used with `SET` statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single `SET` statement, such as `SET x=1, y=2`. +* `max_connections_percent` - (Optional) The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. +* `max_idle_connections_percent` - (Optional) Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. +* `session_pinning_filters` - (Optional) Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is `EXCLUDE_VARIABLE_SETS`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - Name of the RDS DB Proxy. +* `arn` - The Amazon Resource Name (ARN) representing the target group. +* `name` - The name of the default target group. + +### Timeouts + +`aws_db_proxy_default_target_group` provides the following [Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - (Default `30 minutes`) Timeout for modifying DB proxy target group on creation. +- `update` - (Default `30 minutes`) Timeout for modifying DB proxy target group on update. + +## Import + +DB proxy default target groups can be imported using the `db_proxy_name`, e.g. + +``` +$ terraform import aws_db_proxy_default_target_group.example example +```