From 01ae0e53152fd0dade5dc90a220cf96f1fa20874 Mon Sep 17 00:00:00 2001
From: Orla Dunlop <orla.dunlop@engineering.digital.dwp.gov.uk>
Date: Wed, 14 Aug 2024 11:50:02 +0100
Subject: [PATCH] feat(db): add ca certificate field for rds

Signed-off-by: Orla Dunlop <orla.dunlop@engineering.digital.dwp.gov.uk>
---
 modules/database/rds.tf       | 1 +
 modules/database/variables.tf | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/modules/database/rds.tf b/modules/database/rds.tf
index ef99511..7371918 100644
--- a/modules/database/rds.tf
+++ b/modules/database/rds.tf
@@ -64,6 +64,7 @@ resource "aws_rds_cluster_instance" "cluster" {
   cluster_identifier = aws_rds_cluster.cluster.id
   instance_class     = var.database.instance_type
   apply_immediately  = var.instance_apply_immediately
+  ca_cert_identifier = var.ca_certificate_identifier
   tags               = merge(var.tags, { Name = "${var.name}-db" })
 
   lifecycle {
diff --git a/modules/database/variables.tf b/modules/database/variables.tf
index dd2cea5..0993677 100644
--- a/modules/database/variables.tf
+++ b/modules/database/variables.tf
@@ -88,3 +88,9 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "ca_certificate_identifier" {
+  description = "(Optional) The CA certificate identifier to use for the DB cluster's server certificate."
+  type        = string
+  default     = "rds-ca-rsa2048-g1"
+}