search

terraform-aws-modules / terraform-aws-rds-proxy

Terraform module to create AWS RDS Proxy resources πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/rds-proxy/aws
Apache License 2.0
56 stars 54 forks source link

Malformed IAM Policy #18

Closed thomas-korrison closed 1 year ago

thomas-korrison commented 1 year ago

Description

Small bug in module, an IAM Policy is referencing a secret id instead of the arn.

Versions

terraform {
  required_version = "=1.4.6"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.67.0"
    }
    null = {
      source  = "hashicorp/null"
      version = "3.2.1"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.4"
    }
  }
}

Reproduction Code

module "rds_proxy" {
  source                  = "terraform-aws-modules/rds-proxy/aws"
  version                 = "~>2.1.2"

  create_proxy            = true

  name                    = "${local.project_name}-rds-proxy"
  iam_role_name           = "${local.project_name}-rds-proxy-role"
  vpc_subnet_ids          = module.subnets.private_subnet_ids
  vpc_security_group_ids  = [module.rds_proxy_sg.security_group_id]

  db_proxy_endpoints      = {
    read_only = {
      name                   = "read-only-endpoint"
      vpc_subnet_ids         = module.subnets.private_subnet_ids
      vpc_security_group_ids = [module.rds_proxy_sg.security_group_id]
      target_role            = "READ_ONLY"
      tags                   = local.rds_proxy_tags
    }
  }

  secrets                 = {
    "rdxproxyadmin" = {
      description = aws_secretsmanager_secret.rds_proxy.description
      arn         = aws_secretsmanager_secret.rds_proxy.arn
      kms_key_id  = aws_secretsmanager_secret.rds_proxy.kms_key_id
    }
  }

  engine_family           = "POSTGRESQL"
  debug_logging           = true
  idle_client_timeout     = 300

  # Target Aurora cluster
  target_db_cluster       = true
  db_cluster_identifier   = module.aurora_postgresql_v2.cluster_id

  tags                    = local.rds_proxy_tags
}

Steps to reproduce the behavior:

Expected behavior

Actual behavior

antonbabenko commented 1 year ago

This issue has been resolved in version 3.0.0 :tada:

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.