From bb9935bc3d2113311117907077494b0ae7004388 Mon Sep 17 00:00:00 2001
From: Vincent Deyro <vincent.deyro@veltra.com>
Date: Thu, 9 May 2019 15:14:58 +0900
Subject: [PATCH 1/4] remove allowed_security_groups_count variable

---
 README.md    | 2 --
 main.tf      | 3 ++-
 variables.tf | 5 -----
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 53b2e5f..df2fc19 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,6 @@ module "db" {
 
   replica_count                   = 1
   allowed_security_groups         = ["sg-12345678"]
-  allowed_security_groups_count   = 1
   instance_type                   = "db.r4.large"
   storage_encrypted               = true
   apply_immediately               = true
@@ -65,7 +64,6 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | allowed\_security\_groups | A list of Security Group ID's to allow access to. | list | `[]` | no |
-| allowed\_security\_groups\_count | The number of Security Groups being added, terraform doesn't let us use length() in a count field | string | `"0"` | no |
 | apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | string | `"false"` | no |
 | auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | string | `"true"` | no |
 | backup\_retention\_period | How long to keep backups for (in days) | string | `"7"` | no |
diff --git a/main.tf b/main.tf
index 08cdc75..fdae76e 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,7 @@
 locals {
   port            = "${var.port == "" ? "${var.engine == "aurora-postgresql" ? "5432" : "3306"}" : var.port}"
   master_password = "${var.password == "" ? random_id.master_password.b64 : var.password}"
+  sg_count        = "${length(var.allowed_security_groups)}"
 }
 
 # Random string to use as master password unless one is specified
@@ -142,7 +143,7 @@ resource "aws_security_group" "this" {
 }
 
 resource "aws_security_group_rule" "default_ingress" {
-  count = "${var.allowed_security_groups_count}"
+  count = "${local.sg_count}"
 
   type                     = "ingress"
   from_port                = "${aws_rds_cluster.this.port}"
diff --git a/variables.tf b/variables.tf
index f00c4eb..9d99b4c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -17,11 +17,6 @@ variable "allowed_security_groups" {
   default     = []
 }
 
-variable "allowed_security_groups_count" {
-  description = "The number of Security Groups being added, terraform doesn't let us use length() in a count field"
-  default     = 0
-}
-
 variable "vpc_id" {
   description = "VPC ID"
 }

From c5951626878514942c5c38dc85f021c507359122 Mon Sep 17 00:00:00 2001
From: Vincent Deyro <vincent.deyro@veltra.com>
Date: Fri, 10 May 2019 13:44:13 +0900
Subject: [PATCH 2/4] remove aws_security_group_rule.default_ingress to remove
 allowed_security_groups_count variable

---
 main.tf | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/main.tf b/main.tf
index fdae76e..5e75a27 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,6 @@
 locals {
   port            = "${var.port == "" ? "${var.engine == "aurora-postgresql" ? "5432" : "3306"}" : var.port}"
   master_password = "${var.password == "" ? random_id.master_password.b64 : var.password}"
-  sg_count        = "${length(var.allowed_security_groups)}"
 }
 
 # Random string to use as master password unless one is specified
@@ -140,15 +139,11 @@ resource "aws_security_group" "this" {
   vpc_id      = "${var.vpc_id}"
 
   tags = "${var.tags}"
-}
-
-resource "aws_security_group_rule" "default_ingress" {
-  count = "${local.sg_count}"
 
-  type                     = "ingress"
-  from_port                = "${aws_rds_cluster.this.port}"
-  to_port                  = "${aws_rds_cluster.this.port}"
-  protocol                 = "tcp"
-  source_security_group_id = "${element(var.allowed_security_groups, count.index)}"
-  security_group_id        = "${aws_security_group.this.id}"
+  ingress {
+    from_port       = "${local.port}"
+    to_port         = "${local.port}"
+    protocol        = "tcp"
+    security_groups = "${var.allowed_security_groups}"
+  }
 }

From 72d76452d770d751a61a37ed1fd6b20809913a4b Mon Sep 17 00:00:00 2001
From: Vincent Deyro <vincent.deyro@veltra.com>
Date: Fri, 10 May 2019 21:59:17 +0900
Subject: [PATCH 3/4] added allowed_cidr_blocks, allowed_ipv6_cidr_blocks, and
 allow_self

---
 README.md    |  3 +++
 main.tf      |  6 +++++-
 variables.tf | 23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index df2fc19..8e7add2 100644
--- a/README.md
+++ b/README.md
@@ -63,7 +63,10 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| allowed\_cidr\_blocks | A list of CIDR Blocks to allow access to. | list | `[]` | no |
+| allowed\_ipv6\_cidr\_blocks | A list of IPv6 CIDR Blocks to allow access to. | list | `[]` | no |
 | allowed\_security\_groups | A list of Security Group ID's to allow access to. | list | `[]` | no |
+| allow\_self | Determines wether or not to allow created security group to access itself. | string | `"false"` | no |
 | apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | string | `"false"` | no |
 | auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | string | `"true"` | no |
 | backup\_retention\_period | How long to keep backups for (in days) | string | `"7"` | no |
diff --git a/main.tf b/main.tf
index 5e75a27..8cc1298 100644
--- a/main.tf
+++ b/main.tf
@@ -9,6 +9,7 @@ resource "random_id" "master_password" {
 }
 
 resource "aws_db_subnet_group" "this" {
+  count       = "${var.db_subnet_group == "" ? 1: 0}"
   name        = "${var.name}"
   description = "For Aurora cluster ${var.name}"
   subnet_ids  = ["${var.subnets}"]
@@ -33,7 +34,7 @@ resource "aws_rds_cluster" "this" {
   preferred_backup_window             = "${var.preferred_backup_window}"
   preferred_maintenance_window        = "${var.preferred_maintenance_window}"
   port                                = "${local.port}"
-  db_subnet_group_name                = "${aws_db_subnet_group.this.name}"
+  db_subnet_group_name                = "${var.db_subnet_group == "" ? aws_db_subnet_group.this.name : var.db_subnet_group }"
   vpc_security_group_ids              = ["${aws_security_group.this.id}"]
   snapshot_identifier                 = "${var.snapshot_identifier}"
   storage_encrypted                   = "${var.storage_encrypted}"
@@ -144,6 +145,9 @@ resource "aws_security_group" "this" {
     from_port       = "${local.port}"
     to_port         = "${local.port}"
     protocol        = "tcp"
+    cidr_blocks     = "${var.allowed_cidr_blocks}"
+    ipv6_cidr_blocks= "${var.allowed_ipv6_cidr_blocks}"
     security_groups = "${var.allowed_security_groups}"
+    self            = "${var.allow_self}"
   }
 }
diff --git a/variables.tf b/variables.tf
index 9d99b4c..37faf2f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -5,6 +5,7 @@ variable "name" {
 variable "subnets" {
   description = "List of subnet IDs to use"
   type        = "list"
+  default     = []
 }
 
 variable "replica_count" {
@@ -12,11 +13,28 @@ variable "replica_count" {
   default     = 1
 }
 
+variable "allowed_cidr_blocks" {
+  description = "A list of CIDR Blocks to allow access to."
+  default     = []
+}
+
+
+variable "allowed_ipv6_cidr_blocks" {
+  description = "A list of IPv6 CIDR Blocks to allow access to."
+  default     = []
+}
+
 variable "allowed_security_groups" {
   description = "A list of Security Group ID's to allow access to."
   default     = []
 }
 
+
+variable "allow_self" {
+  description = "Allow created security group to access itself"
+  default     = false
+}
+
 variable "vpc_id" {
   description = "VPC ID"
 }
@@ -196,3 +214,8 @@ variable "engine_mode" {
   description = "The database engine mode. Valid values: global, parallelquery, provisioned, serverless."
   default     = "provisioned"
 }
+
+variable "db_subnet_group" {
+  description = "The name of an existing DB subnet group to use"
+  default     = ""
+}
\ No newline at end of file

From 46c62d56d857a9be882cce0dba24b4f0040fc466 Mon Sep 17 00:00:00 2001
From: Vincent Deyro <vincent.deyro@veltra.com>
Date: Fri, 10 May 2019 22:20:09 +0900
Subject: [PATCH 4/4] added db_subnet_group to be used for externally created
 db subnet group

---
 README.md | 1 +
 main.tf   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8e7add2..88797d8 100644
--- a/README.md
+++ b/README.md
@@ -73,6 +73,7 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
 | database\_name | Name for an automatically created database on cluster creation | string | `""` | no |
 | db\_cluster\_parameter\_group\_name | The name of a DB Cluster parameter group to use | string | `"default.aurora5.6"` | no |
 | db\_parameter\_group\_name | The name of a DB parameter group to use | string | `"default.aurora5.6"` | no |
+| db\_subnet\_group | The name of an existing DB subnet group to use | string | `""` | no |
 | deletion\_protection | If the DB instance should have deletion protection enabled | string | `"false"` | no |
 | enabled\_cloudwatch\_logs\_exports | List of log types to export to cloudwatch | list | `[]` | no |
 | engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | string | `"aurora"` | no |
diff --git a/main.tf b/main.tf
index 8cc1298..f48fb4d 100644
--- a/main.tf
+++ b/main.tf
@@ -34,7 +34,7 @@ resource "aws_rds_cluster" "this" {
   preferred_backup_window             = "${var.preferred_backup_window}"
   preferred_maintenance_window        = "${var.preferred_maintenance_window}"
   port                                = "${local.port}"
-  db_subnet_group_name                = "${var.db_subnet_group == "" ? aws_db_subnet_group.this.name : var.db_subnet_group }"
+  db_subnet_group_name                = "${var.db_subnet_group == "" ? var.name : var.db_subnet_group }"
   vpc_security_group_ids              = ["${aws_security_group.this.id}"]
   snapshot_identifier                 = "${var.snapshot_identifier}"
   storage_encrypted                   = "${var.storage_encrypted}"
@@ -56,7 +56,7 @@ resource "aws_rds_cluster_instance" "this" {
   engine_version                  = "${var.engine_version}"
   instance_class                  = "${var.instance_type}"
   publicly_accessible             = "${var.publicly_accessible}"
-  db_subnet_group_name            = "${aws_db_subnet_group.this.name}"
+  db_subnet_group_name            = "${var.db_subnet_group == "" ? var.name : var.db_subnet_group }"
   db_parameter_group_name         = "${var.db_parameter_group_name}"
   preferred_maintenance_window    = "${var.preferred_maintenance_window}"
   apply_immediately               = "${var.apply_immediately}"