hashicorp · ewbankkit · Sep 30, 2021 · Sep 26, 2021 · Sep 26, 2021 · Sep 26, 2021
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_db_proxy
+```
@@ -0,0 +1,113 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/rds/finder"
+)
+
+func dataSourceAwsDbProxy() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsDbProxyRead,
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"auth": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"auth_scheme": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"description": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"iam_auth": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"secret_arn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"debug_logging": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"endpoint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"engine_family": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"idle_client_timeout": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"require_tls": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"role_arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"vpc_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"vpc_security_group_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"vpc_subnet_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func dataSourceAwsDbProxyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).rdsconn
+
+	name := d.Get("name").(string)
+	dbProxy, err := finder.DBProxyByName(conn, name)
+
+	if err != nil {
+		return fmt.Errorf("error reading RDS DB Proxy (%s): %w", name, err)
+	}
+
+	d.SetId(name)
+	d.Set("arn", dbProxy.DBProxyArn)
+	d.Set("auth", flattenDbProxyAuths(dbProxy.Auth))
+	d.Set("debug_logging", dbProxy.DebugLogging)
+	d.Set("endpoint", dbProxy.Endpoint)
+	d.Set("engine_family", dbProxy.EngineFamily)
+	d.Set("idle_client_timeout", dbProxy.IdleClientTimeout)
+	d.Set("require_tls", dbProxy.RequireTLS)
+	d.Set("role_arn", dbProxy.RoleArn)
+	d.Set("vpc_id", dbProxy.VpcId)
+	d.Set("vpc_security_group_ids", aws.StringValueSlice(dbProxy.VpcSecurityGroupIds))
+	d.Set("vpc_subnet_ids", aws.StringValueSlice(dbProxy.VpcSubnetIds))
+
+	return nil
+}
@@ -0,0 +1,164 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/rds"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAWSDBProxyDataSource_basic(t *testing.T) {
+	dataSourceName := "data.aws_db_proxy.test"
+	resourceName := "aws_db_proxy.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { testAccPreCheck(t) },
+		ErrorCheck: testAccErrorCheck(t, rds.EndpointsID),
+		Providers:  testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSDBProxyDataSourceConfig(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "auth", resourceName, "auth"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "debug_logging", resourceName, "debug_logging"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "endpoint", resourceName, "endpoint"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "engine_family", resourceName, "engine_family"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "idle_client_timeout", resourceName, "idle_client_timeout"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "require_tls", resourceName, "require_tls"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "role_arn", resourceName, "role_arn"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "vpc_id", "aws_vpc.test", "id"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "vpc_security_group_ids", resourceName, "vpc_security_group_ids"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "vpc_subnet_ids", resourceName, "vpc_subnet_ids"),
+				),
+			},
+		},
+	})
+}
+
+func testAccAWSDBProxyDataSourceConfig(rName string) string {
+	return fmt.Sprintf(`
+# Secrets Manager setup
+
+resource "aws_secretsmanager_secret" "test" {
+  name                    = %[1]q
+  recovery_window_in_days = 0
+}
+
+resource "aws_secretsmanager_secret_version" "test" {
+  secret_id     = aws_secretsmanager_secret.test.id
+  secret_string = "{\"username\":\"db_user\",\"password\":\"db_user_password\"}"
+}
+
+# IAM setup
+
+resource "aws_iam_role" "test" {
+  name               = %[1]q
+  assume_role_policy = data.aws_iam_policy_document.assume.json
+}
+
+data "aws_iam_policy_document" "assume" {
+  statement {
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["rds.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy" "test" {
+  role   = aws_iam_role.test.id
+  policy = data.aws_iam_policy_document.test.json
+}
+
+data "aws_iam_policy_document" "test" {
+  statement {
+    actions = [
+      "secretsmanager:GetRandomPassword",
+      "secretsmanager:CreateSecret",
+      "secretsmanager:ListSecrets",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    actions   = ["secretsmanager:*"]
+    resources = [aws_secretsmanager_secret.test.arn]
+  }
+}
+
+# VPC setup
+
+data "aws_availability_zones" "available" {
+  state = "available"
+
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
+
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_security_group" "test" {
+  name   = %[1]q
+  vpc_id = aws_vpc.test.id
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_subnet" "test" {
+  count             = 2
+  cidr_block        = cidrsubnet(aws_vpc.test.cidr_block, 8, count.index)
+  availability_zone = data.aws_availability_zones.available.names[count.index]
+  vpc_id            = aws_vpc.test.id
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_db_proxy" "test" {
+  depends_on = [
+    aws_secretsmanager_secret_version.test,
+    aws_iam_role_policy.test
+  ]
+
+  name                   = %[1]q
+  debug_logging          = false
+  engine_family          = "MYSQL"
+  idle_client_timeout    = 1800
+  require_tls            = true
+  role_arn               = aws_iam_role.test.arn
+  vpc_security_group_ids = [aws_security_group.test.id]
+  vpc_subnet_ids         = aws_subnet.test.*.id
+
+  auth {
+    auth_scheme = "SECRETS"
+    description = "test"
+    iam_auth    = "DISABLED"
+    secret_arn  = aws_secretsmanager_secret.test.arn
+  }
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+data "aws_db_proxy" "test" {
+  name = aws_db_proxy.test.name
+}
+`, rName)
+}
@@ -119,6 +119,27 @@ func DBClusterByID(conn *rds.RDS, id string) (*rds.DBCluster, error) {
 	return dbCluster, nil
 }
 
+func DBProxyByName(conn *rds.RDS, name string) (*rds.DBProxy, error) {
+	input := &rds.DescribeDBProxiesInput{
+		DBProxyName: aws.String(name),
+	}
+
+	output, err := conn.DescribeDBProxies(input)
+
+	if tfawserr.ErrCodeEquals(err, rds.ErrCodeDBProxyNotFoundFault) {
+		return nil, &resource.NotFoundError{
+			LastError:   err,
+			LastRequest: input,
+		}
+	}
+
+	if output == nil || len(output.DBProxies) == 0 || output.DBProxies[0] == nil {
+		return nil, tfresource.NewEmptyResultError(input)
+	}
+
+	return output.DBProxies[0], nil
+}
+
 func EventSubscriptionByID(conn *rds.RDS, id string) (*rds.EventSubscription, error) {
 	input := &rds.DescribeEventSubscriptionsInput{
 		SubscriptionName: aws.String(id),

@@ -243,6 +243,7 @@ func Provider() *schema.Provider {
 			"aws_db_cluster_snapshot":                        dataSourceAwsDbClusterSnapshot(),
 			"aws_db_event_categories":                        dataSourceAwsDbEventCategories(),
 			"aws_db_instance":                                dataSourceAwsDbInstance(),
+			"aws_db_proxy":                                   dataSourceAwsDbProxy(),
 			"aws_db_snapshot":                                dataSourceAwsDbSnapshot(),
 			"aws_db_subnet_group":                            dataSourceAwsDbSubnetGroup(),
 			"aws_directory_service_directory":                dataSourceAwsDirectoryServiceDirectory(),

@@ -0,0 +1,41 @@
+---
+subcategory: "RDS"
+layout: "aws"
+page_title: "AWS: aws_db_proxy"
+description: |-
+  Get information on a DB Proxy.
+---
+
+# Data Source: aws_db_proxy
+
+Use this data source to get information about a DB Proxy.
+
+## Example Usage
+
+```terraform
+data "aws_db_proxy" "proxy" {
+  name = "my-test-db-proxy"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the DB proxy.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arn` - The ARN of the DB Proxy.
+* `auth` - The configuration(s) with authorization mechanisms to connect to the associated instance or cluster.
+* `debug_logging` - Whether the proxy includes detailed information about SQL statements in its logs.
+* `endpoint` - The endpoint that you can use to connect to the DB proxy.
+* `engine_family` - The kinds of databases that the proxy can connect to.
+* `idle_client_timeout` - The number of seconds a connection to the proxy can have no activity before the proxy drops the client connection.
+* `require_tls` - Indicates whether Transport Layer Security (TLS) encryption is required for connections to the proxy.
+* `role_arn` - The Amazon Resource Name (ARN) for the IAM role that the proxy uses to access Amazon Secrets Manager.
+* `vpc_id` - Provides the VPC ID of the DB proxy.
+* `vpc_security_group_ids` - Provides a list of VPC security groups that the proxy belongs to.
+* `vpc_subnet_ids` - The EC2 subnet IDs for the proxy.