initial add of aws aurora modules

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## 1.0.3 (2024-07-22)
+
+### Features
+- Amazon RDS Aurora MySQL module
+- Amazon RDS Aurora MySQL Kinesis module
+- Amazon RDS Aurora MySQL Slow query module
+- Amazon RDS Aurora PostgreSQL module
+- Amazon RDS Aurora PostgreSQL Kinesis module
+
 ## 1.0.2 (2024-07-12)
 
 ### Features

DSF_VERSION_COMPATABILITY.md

@@ -18,6 +18,26 @@ The following table lists the DSF versions that each module is tested and mainta
    <tr>
       <td>onboard-aws-rds-neptune-slow-query</td>
       <td>4.17+</td>
+   </tr>
+      <tr>
+      <td>onboard-aws-rds-aurora-mysql</td>
+      <td>4.17+</td>
+   </tr>
+      <tr>
+      <td>onboard-aws-rds-aurora-mysql-kinesis</td>
+      <td>4.17+</td>
+   </tr>
+      <tr>
+      <td>onboard-aws-rds-aurora-mysql-slowquery</td>
+      <td>4.17+</td>
+   </tr>
+      <tr>
+      <td>onboard-aws-rds-aurora-postgresql</td>
+      <td>4.17+</td>
+   </tr>
+      <tr>
+      <td>onboard-aws-rds-aurora-postgresql-kinesis</td>
+      <td>4.17+</td>
    </tr>
    <tr>
       <td>onboard-aws-rds-mariadb</td>

examples/onboard-aws-rds-aurora-mysql-kinesis/README.md

@@ -0,0 +1,28 @@
+# Onboard Amazon Aurora MySQL via Kinesis example
+This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html).
+
+It creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each one can be found in the relevant provider documentation:
+- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs)
+
+## Prerequisites
+### Account Asset Permissions
+An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created kinesis stream.
+
+<!-- BEGIN_TF_DOCS -->
+
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws-aurora-mysql-kinesis"></a> [aws-aurora-mysql-kinesis](#module\_aws-aurora-mysql-kinesis) | ../../modules/onboard-aws-rds-aurora-mysql-kinesis | n/a |
+| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | ../../modules/dsfhub-aws-cloud-account | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes |
+| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes |
+<!-- END_TF_DOCS -->

examples/onboard-aws-rds-aurora-mysql-kinesis/main.tf

@@ -0,0 +1,76 @@
+locals {
+  aws_region        = "us-east-2"
+  apply_immediately = true
+  master_user       = "admin"
+  master_password   = "Abcd1234"
+
+  admin_email = "[email protected]"
+  gateway_id  = "a1b2c3d4-e5f6-g8h9-wxyz-123456790"
+}
+
+################################################################################
+# Providers
+################################################################################
+terraform {
+  required_providers {
+    dsfhub = {
+      source = "imperva/dsfhub"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.aws_region
+}
+
+variable "dsfhub_host" {}  # TF_VAR_dsfhub_host env variable
+variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable
+
+provider "dsfhub" {
+  dsfhub_host  = var.dsfhub_host
+  dsfhub_token = var.dsfhub_token
+}
+
+################################################################################
+# Prerequisites
+# 1. AWS cloud account
+################################################################################
+# 1. AWS cloud account
+module "aws-default-account-asset" {
+  source = "../../modules/dsfhub-aws-cloud-account"
+
+  admin_email        = local.admin_email
+  asset_display_name = "aws-account-asset"
+  asset_id           = "arn:aws:iam::1234567890"
+  auth_mechanism     = "default"
+  gateway_id         = local.gateway_id
+  region             = local.aws_region
+}
+
+################################################################################
+# Amazon Aurora MySQL via kinesis stream
+################################################################################
+module "aws-aurora-mysql-kinesis" {
+  source = "../../modules/onboard-aws-rds-aurora-mysql-kinesis"
+
+  aws_aurora_mysql_cluster_admin_email     = local.admin_email
+  aws_aurora_mysql_cluster_gateway_id      = local.gateway_id
+  aws_aurora_mysql_cluster_parent_asset_id = module.aws-default-account-asset.this.asset_id
+  aws_aurora_mysql_cluster_region          = local.aws_region
+
+  aws_kinesis_admin_email        = local.admin_email
+  aws_kinesis_audit_pull_enabled = true
+  aws_kinesis_gateway_id         = local.gateway_id
+  aws_kinesis_reason             = "default"
+  aws_kinesis_region             = local.aws_region
+
+  cluster_apply_immediately  = local.apply_immediately
+  cluster_db_master_password = local.master_password
+  cluster_db_master_username = local.master_user
+  cluster_id                 = "tf-aurora-mysql-kinesis-cluster"
+  cluster_final_snapshot     = true
+
+  instance_apply_immediately   = local.apply_immediately
+  instance_identifier          = "tf-aurora-mysql-kinesis-instance"
+  instance_publicly_accessible = true
+}

examples/onboard-aws-rds-aurora-mysql-slowquery/README.md

@@ -0,0 +1,28 @@
+# Onboard Amazon Aurora MySQL Slow Query example
+This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html).
+
+This example creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each can be found in the relevant provider documentation:
+- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs)
+
+## Prerequisites
+### Account Asset Permissions
+An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created CloudWatch log group.
+
+<!-- BEGIN_TF_DOCS -->
+
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws-aurora-mysql-slowquery"></a> [aws-aurora-mysql-slowquery](#module\_aws-aurora-mysql-slowquery) | ../../modules/onboard-aws-rds-aurora-mysql-slowquery | n/a |
+| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | ../../modules/dsfhub-aws-cloud-account | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes |
+| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes |
+<!-- END_TF_DOCS -->

examples/onboard-aws-rds-aurora-mysql-slowquery/main.tf

@@ -0,0 +1,101 @@
+locals {
+  aws_region = "us-east-2"
+  vpc_security_group_ids = [
+    "sg-12a345678912b1c2a",
+    "sg-34b456789c12b231e"
+  ]
+  subnet_group_name = "my-subnet-group"
+  admin_email       = "[email protected]"
+  gateway_id        = "a1b2c3d4-1234-5678-9123-cd1edcef7642"
+}
+
+################################################################################
+# Providers
+################################################################################
+terraform {
+  required_providers {
+    dsfhub = {
+      source = "imperva/dsfhub"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.aws_region
+}
+
+variable "dsfhub_host" {}  # TF_VAR_dsfhub_host env variable
+variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable
+
+provider "dsfhub" {
+  dsfhub_host  = var.dsfhub_host
+  dsfhub_token = var.dsfhub_token
+}
+
+################################################################################
+# Prerequisites
+# AWS cloud account
+################################################################################
+
+module "aws-default-account-asset" {
+  source = "../../modules/dsfhub-aws-cloud-account"
+
+  admin_email        = local.admin_email
+  asset_display_name = "aws-account-asset"
+  asset_id           = "arn:aws:iam::123456789101:role/iam-role"
+  auth_mechanism     = "default"
+  gateway_id         = local.gateway_id
+  region             = local.aws_region
+}
+
+################################################################################
+# Amazon Aurora MySQL Slowquery
+################################################################################
+
+module "aws-aurora-mysql-slowquery" {
+  source = "../../modules/onboard-aws-rds-aurora-mysql-slowquery"
+
+  cluster_parameter_group_name = "aurora-mysql-cpg-tf"
+  cluster_parameter_group_parameters = [
+    {
+      name  = "server_audit_logging"
+      value = 1
+    },
+    {
+      name  = "server_audit_excl_users"
+      value = "rdsadmin"
+    },
+    {
+      name  = "server_audit_events"
+      value = "CONNECT,QUERY,QUERY_DCL,QUERY_DDL,QUERY_DML"
+    },
+    {
+      name  = "slow_query_log"
+      value = 1
+    },
+    {
+      name  = "long_query_time"
+      value = 5
+    },
+    {
+      name  = "log_slow_admin_statements"
+      value = 1
+    }
+  ]
+
+  cluster_cluster_id             = "aurora-mysql-cluster"
+  cluster_db_master_username     = "admin"
+  cluster_db_master_password     = "mypassword"
+  cluster_db_subnet_group_name   = local.subnet_group_name
+  cluster_vpc_security_group_ids = local.vpc_security_group_ids
+
+  instance_identifier = "aurora-mysql-inst"
+  instance_publicly_accessible = false
+
+  aws_aurora_mysql_cluster_admin_email     = local.admin_email
+  aws_aurora_mysql_cluster_gateway_id      = local.gateway_id
+  aws_aurora_mysql_cluster_parent_asset_id = module.aws-default-account-asset.this.asset_id
+  aws_aurora_mysql_cluster_region          = local.aws_region
+
+  aws_log_group_audit_pull_enabled = true
+}

examples/onboard-aws-rds-aurora-mysql/README.md

@@ -0,0 +1,28 @@
+# Onboard Amazon Aurora MySQL example
+This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html).
+
+This example creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each can be found in the relevant provider documentation:
+- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs)
+
+## Prerequisites
+### Account Asset Permissions
+An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created CloudWatch log group.
+
+<!-- BEGIN_TF_DOCS -->
+
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_aws-aurora-mysql"></a> [aws-aurora-mysql](#module\_aws-aurora-mysql) | ../../modules/onboard-aws-rds-aurora-mysql | n/a |
+| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | ../../modules/dsfhub-aws-cloud-account | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes |
+| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes |
+<!-- END_TF_DOCS -->

examples/onboard-aws-rds-aurora-mysql/main.tf

@@ -0,0 +1,75 @@
+locals {
+  aws_region = "us-east-2"
+  vpc_security_group_ids = [
+    "sg-12a345678912b1c2a",
+    "sg-34b456789c12b231e"
+  ]
+  subnet_group_name = "my-subnet-group"
+  admin_email       = "[email protected]"
+  gateway_id        = "a1b2c3d4-1234-5678-9123-cd1edcef7642"
+}
+
+################################################################################
+# Providers
+################################################################################
+terraform {
+  required_providers {
+    dsfhub = {
+      source = "imperva/dsfhub"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.aws_region
+}
+
+variable "dsfhub_host" {}  # TF_VAR_dsfhub_host env variable
+variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable
+
+provider "dsfhub" {
+  dsfhub_host  = var.dsfhub_host
+  dsfhub_token = var.dsfhub_token
+}
+
+################################################################################
+# Prerequisites
+# AWS cloud account
+################################################################################
+
+module "aws-default-account-asset" {
+  source = "../../modules/dsfhub-aws-cloud-account"
+
+  admin_email        = local.admin_email
+  asset_display_name = "aws-account-asset"
+  asset_id           = "arn:aws:iam::123456789101:role/iam-role"
+  auth_mechanism     = "default"
+  gateway_id         = local.gateway_id
+  region             = local.aws_region
+}
+
+################################################################################
+# Amazon Aurora Mysql
+################################################################################
+
+module "aws-aurora-mysql" {
+  source = "../../modules/onboard-aws-rds-aurora-mysql"
+
+  cluster_parameter_group_name = "aurora-mysql-cpg-tf"
+
+  cluster_cluster_id             = "aurora-mysql-cluster"
+  cluster_db_master_username     = "admin"
+  cluster_db_master_password     = "mypassword"
+  cluster_db_subnet_group_name   = local.subnet_group_name
+  cluster_vpc_security_group_ids = local.vpc_security_group_ids
+
+  instance_identifier = "aurora-mysql-inst"
+  instance_publicly_accessible = false
+
+  aws_aurora_mysql_cluster_admin_email     = local.admin_email
+  aws_aurora_mysql_cluster_gateway_id      = local.gateway_id
+  aws_aurora_mysql_cluster_parent_asset_id = module.aws-default-account-asset.this.asset_id
+  aws_aurora_mysql_cluster_region          = local.aws_region
+
+  aws_log_group_audit_pull_enabled = true
+}