fix for CKV2_AWS_27

kunduso · Sep 11, 2024 · ce4fb11 · ce4fb11
1 parent b77a7cc
commit ce4fb11
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/rds.tf b/rds.tf
@@ -4,6 +4,27 @@ resource "aws_db_subnet_group" "rds" {
   subnet_ids = [for subnet in aws_subnet.db : subnet.id]
 }
 
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group
+resource "aws_db_parameter_group" "postgres" {
+  name   = var.name
+  family = "postgres16"
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+  parameter {
+    name  = "rds.forcs_ssl"
+    value = "1"
+  }
+  parameter {
+    name  = "ssl"
+    value = "1"
+  }
+}
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance
 resource "aws_db_instance" "postgresql" {
   allocated_storage          = 100
@@ -16,7 +37,7 @@ resource "aws_db_instance" "postgresql" {
   skip_final_snapshot        = true # Change to false if you want a final snapshot
   db_subnet_group_name       = aws_db_subnet_group.rds.id
   storage_encrypted          = true
-  parameter_group_name       = "default.postgres16"
+  parameter_group_name       = aws_db_parameter_group.postgres.name #"default.postgres16"
   multi_az                   = true
   vpc_security_group_ids     = [aws_security_group.rds.id]
   auto_minor_version_upgrade = true