feat!: Upgrade AWS provider and min required Terraform version to 6.18 and 1.11 respectively

[bryantbiggs]

Description

List of backwards incompatible changes

• Terraform v1.11 is now minimum supported version to support write-only (wo_*) attributes.
• AWS provider v6.18 is now minimum supported version
• The underlying aws_security_group_rule resources has been replaced with aws_vpc_security_group_ingress_rule and aws_vpc_security_group_egress_rule to allow for more flexibility in defining security group rules.
• master_password is no longer supported and only the write-only equivalent is supported (master_password_wo and master_password_wo_version) (#513)
• security_group_rules has been split into security_group_ingress_rules and security_group_egress_rules to better match the AWS API and allow for more flexibility in defining security group rules

Additional changes

Added

• Support for region argument to specify the AWS region for the resources created if different from the provider region.

Modified

• Variable definitions now contain detailed object types in place of the previously used any type
• copy_tags_to_snapshot default value is now true (#521)
• db_cluster_parameter_group_parameters was previously of type list(map(...)), now of type map(object(...))with name being optional and defaulting to the map key if not provided
• preferred_maintenance_window and preferred_backup_window default values are now null (#524)

Removed

• None

Variable and output changes

1. Removed variables:

   • auto_minor_version_upgrade -> still available within the instances variable definition
   • ca_cert_identifier -> available within the instances variable definition
   • monitoring_interval -> still available within the instances variable definition
   • performance_insights_enabled -> still available within the instances variable definition
   • performance_insights_kms_key_id -> still available within the instances variable definition
   • performance_insights_retention_period -> still available within the instances variable definition
   • iam_role_managed_policy_arns -> deprecated argument on aws_iam_role resource
   • iam_role_force_detach_policies -> hardcode to true

2. Renamed variables:

   • instance_class -> cluster_instance_class
   • db_cluster_db_instance_parameter_group_name -> cluster_db_instance_parameter_group_name
   • role_associations was previously iam_roles
   • master_password replaced with master_password_wo and master_password_wo_version
   • The variables for DB shard group have been nested under a single, top-level shard_group variable:
     • create_shard_group removed - set shard_group to null to disable or provide an object to enable
     • compute_redundancy -> shard_group.compute_redundancy
     • db_shard_group_identifier -> shard_group.identifier
     • max_acu -> shard_group.max_acu
     • min_acu -> shard_group.min_acu
     • publicly_accessible -> shard_group.publicly_accessible
     • shard_group_tags -> shard_group.tags
     • shard_group_timeouts -> shard_group.timeouts
   • The variables for the cluster activity stream have been nested under a single, top-level cluster_activity_stream variable:
     • create_db_cluster_activity_stream removed - set cluster_activity_stream to null to disable or provide an object to enable
     • db_cluster_activity_stream_mode -> cluster_activity_stream.mode
     • db_cluster_activity_stream_kms_key_id -> cluster_activity_stream.kms_key_id
     • engine_native_audit_fields_included -> cluster_activity_stream.include_audit_fields
   • The variables for the cluster parameter group have been nested under a single, top-level cluster_parameter_group variable:
     • create_db_cluster_parameter_group removed - set cluster_parameter_group to null to disable or provide an object to enable
     • db_cluster_parameter_group_name -> cluster_parameter_group.name
     • db_cluster_parameter_group_use_name_prefix -> cluster_parameter_group.use_name_prefix
     • db_cluster_parameter_group_description -> cluster_parameter_group.description
     • db_cluster_parameter_group_family -> cluster_parameter_group.family
     • db_cluster_parameter_group_parameters -> cluster_parameter_group.parameters
   • The variables for the instance parameter group have been nested under a single, top-level db_parameter_group variable:
     • create_db_parameter_group removed - set db_parameter_group to null to disable or provide an object to enable
     • db_parameter_group_name -> db_parameter_group.name
       • A variable cluster_parameter_group_name has been retained for when users want to provide an existing cluster parameter group name.
     • db_parameter_group_use_name_prefix -> db_parameter_group.use_name_prefix
     • db_parameter_group_description -> db_parameter_group.description
     • db_parameter_group_family -> db_parameter_group.family
     • db_parameter_group_parameters -> db_parameter_group.parameters

3. Added variables:

   • region

Motivation and Context

• Resolves feat: Enhanced region support #509
• Resolves feat: Ephemeral password support #513
• Resolves Support AWS provider v6 #519
• Resolves default copy_tags_to_snapshot to true #521
• Resolves fix: Don't use a specific default value for preferred maintenance/backup windows for clusters #524

Breaking Changes

• Yes

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects
• I have executed pre-commit run -a on my pull request

[antonbabenko]

I don't have anything to add.

@magreenbaum Thank you for helping with the review!

[magreenbaum]

I think we need to keep this since manage_master_user_password defaults to true.

[bryantbiggs]

good catch - added in ee41836

[magreenbaum]

cluster_instance_class sets db_cluster_instance_class which is only for non-aurora multi-az rds clusters and seems to cause errors if using with aurora: hashicorp/terraform-provider-aws#30596 (comment)

Suggested change

	cluster_instance_class = "db.r8g.large"
	instances = { for i in range(2) : i => {} }
	instances = { for i in range(2) : i => { instance_class = "db.r8g.large"} }

[bryantbiggs]

ah, good to know! we are overloading the use of cluster_instance_class similar to the cluster monitoring and performance insights variables. however, we can guard against the use of setting db_cluster_instance_class on the cluster when the cluster is not intended to be an RDS mult-az cluster ee41836

[magreenbaum]

Or maybe we should keep the instance_class var 🤔

Suggested change

	cluster_instance_class = "db.r8g.large"
	instances = { for i in range(2) : i => {} }
	cluster_instance_class = "db.r8g.large"
	instances = { for i in range(2) : i => { instance_class = "db.r8g.large"} }

[magreenbaum]

Similar here in this file

[magreenbaum]

serverless v1 is no longer supported / able to be created: https://repost.aws/questions/QUhcMVoChXRm2HLi8F-yih1g/announcement-support-for-aurora-serverless-v1-ending-soon

[bryantbiggs]

removed in ee41836

[magreenbaum]

Thank you!!

[antonbabenko]

Great stuff!

[antonbabenko]

This PR is included in version 10.0.0 🎉