Adding AWSServiceRoleForRDS to my cluster

[james-green-affinity]

Description

Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.

If your request is for a new feature, please use the Feature request template.

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]: 8.0.2

• Terraform version:

  $ terraform --version Terraform v1.4.6 on windows_amd64

• Provider version(s):

  required_providers { aws = { source = "hashicorp/aws" version = "~> 4.63.0" configuration_aliases = [ aws.isp_shared ] } }

  Reproduction Code [Required]

` module "db2" { source = "terraform-aws-modules/rds-aurora/aws"

name = "database-2" engine = "aurora-mysql"

engine_version = "8.0" engine_mode = "provisioned"

instance_class = "db.serverless" instances = var.is_production ? local.instances_high_availability : local.instances_low_availability

database_name = local.database_name

instance_type = var.is_prod ? "db.t2.small" : "db.t2.small"

enable_http_endpoint = true deletion_protection = true

vpc_id = module.vpc.vpc_id subnets = module.vpc.private_subnets create_security_group = false vpc_security_group_ids = [aws_security_group.rds_proxy.id]

iam_roles = {"a" = {"feature_name" = "", "role_arn" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"}}

storage_encrypted = true auto_minor_version_upgrade = true monitoring_interval = 10

master_password = random_string.database-password.result manage_master_user_password = false

create_db_subnet_group = true master_username = local.user_name

skip_final_snapshot = var.is_production ? false : true apply_immediately = var.is_production ? false : true

enabled_cloudwatch_logs_exports = ["error", "slowquery"] db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.drupal_cluster.name

backup_retention_period = 30 preferred_backup_window = "23:30-01:30"

serverlessv2_scaling_configuration = { auto_pause = var.is_production == "true" ? false : true max_capacity = 128 min_capacity = 1 seconds_until_auto_pause = 3600 } ) }

`

Steps to reproduce the behavior:

No

Attempting to add iam_roles. After reading the AWS docs in order to enable sending logs to CloudWatch I need to have an IAM role attached to the RDS cluster. Fortunately AWS provides an IAM role called "AWSServiceRoleForRDS".

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Procedural.UploadtoCloudWatch.html
• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.ServiceLinkedRoles.html

The bad news: After doing: "aws rds describe-db-engine-versions --engine aurora-mysql --engine-version 8.0.mysql_aurora.3.02.3"

It comes back with this:

"SupportedFeatureNames": [],

Therefore I am unable to attach my IAM role via Terraform.

Expected behavior

This action in Terraform:

Actual behavior

No feature name support "SupportedFeatureNames": [],

╷ │ Error: Invalid value for input variable │ │ on ....\modules\drupal\rds_v2.tf line 109, in module "db2": │ 109: iam_roles = {"a" = {"feature_name" = [], "role_arn" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"}} │ │ The given value is not suitable for module.drupal.module.db2.var.iam_roles declared at .terraform\modules\drupal.db2\variables.tf:411,1-21: element "a": element "feature_name": string required. ╵ make: *** [makefile:57: apply] Error 1

Terminal Output Screenshot(s)

Additional context

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.