From b7f5bd99620ffa3e03599dc0edcf58c831127922 Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 09:22:38 -0300
Subject: [PATCH 1/6] null for monitoring_role_arn when interval is 0

---
 operations/deployment/terraform/modules/aws/rds/aws_rds.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index 6f361e87..1d87265c 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -82,7 +82,7 @@ resource "aws_db_instance" "default" {
   performance_insights_kms_key_id            = var.aws_rds_db_performance_insights_enable ? var.aws_rds_db_performance_insights_kms_key_id : null
   # Updgrades
   monitoring_interval                        = var.aws_rds_db_monitoring_interval
-  monitoring_role_arn                        = var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : data.aws_iam_role.monitoring[0].arn
+  monitoring_role_arn                        = var.aws_rds_db_monitoring_interval > 0 ? var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : data.aws_iam_role.monitoring[0].arn : null
   database_insights_mode                     = var.aws_rds_db_insights_mode
   allow_major_version_upgrade                = var.aws_rds_db_allow_major_version_upgrade
   auto_minor_version_upgrade                 = var.aws_rds_db_auto_minor_version_upgrade

From dde78a5398dc6005d0bc08f6de91dc3fdef2bba8 Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 11:18:22 -0300
Subject: [PATCH 2/6] Adding moniroting role creation

---
 .../terraform/modules/aws/rds/aws_rds.tf      | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index 1d87265c..1545a4dd 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -82,7 +82,7 @@ resource "aws_db_instance" "default" {
   performance_insights_kms_key_id            = var.aws_rds_db_performance_insights_enable ? var.aws_rds_db_performance_insights_kms_key_id : null
   # Updgrades
   monitoring_interval                        = var.aws_rds_db_monitoring_interval
-  monitoring_role_arn                        = var.aws_rds_db_monitoring_interval > 0 ? var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : data.aws_iam_role.monitoring[0].arn : null
+  monitoring_role_arn                        = var.aws_rds_db_monitoring_interval > 0 ? var.aws_rds_db_monitoring_role_arn != "" ? var.aws_rds_db_monitoring_role_arn : aws_iam_role.rds_enhanced_monitoring[0].arn : null
   database_insights_mode                     = var.aws_rds_db_insights_mode
   allow_major_version_upgrade                = var.aws_rds_db_allow_major_version_upgrade
   auto_minor_version_upgrade                 = var.aws_rds_db_auto_minor_version_upgrade
@@ -94,9 +94,26 @@ resource "aws_db_instance" "default" {
   }
 }
 
-data "aws_iam_role" "monitoring" {
+resource "aws_iam_role" "rds_enhanced_monitoring" {
   count = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
-  name  = "rds-monitoring-role"
+  name  = "${var.aws_resource_identifier}-rds-enhanced-monitoring"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [{
+      Effect = "Allow",
+      Principal = {
+        Service = "monitoring.rds.amazonaws.com"
+      },
+      Action = "sts:AssumeRole"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring_attach" {
+  count      = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  role       = aws_iam_role.rds_enhanced_monitoring[0].name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
 }
 
 // Creates a secret manager secret for the databse credentials

From 6e35ab548dcb7b8dec96811ea300e57eba544d3d Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 11:25:02 -0300
Subject: [PATCH 3/6] Fix length

---
 operations/deployment/terraform/modules/aws/rds/aws_rds.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index 1545a4dd..8326b33e 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -96,7 +96,7 @@ resource "aws_db_instance" "default" {
 
 resource "aws_iam_role" "rds_enhanced_monitoring" {
   count = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
-  name  = "${var.aws_resource_identifier}-rds-enhanced-monitoring"
+  name  = "${var.aws_resource_identifier}-rds"
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17",

From fa815ebcb19bd8e44cdf66568180f788d70414e6 Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 12:18:27 -0300
Subject: [PATCH 4/6] Fix dependency

---
 operations/deployment/terraform/modules/aws/rds/aws_rds.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index 8326b33e..f55f9739 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -95,7 +95,7 @@ resource "aws_db_instance" "default" {
 }
 
 resource "aws_iam_role" "rds_enhanced_monitoring" {
-  count = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count = var.aws_rds_db_monitoring_interval > 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
   name  = "${var.aws_resource_identifier}-rds"
 
   assume_role_policy = jsonencode({
@@ -111,7 +111,7 @@ resource "aws_iam_role" "rds_enhanced_monitoring" {
 }
 
 resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring_attach" {
-  count      = var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count      = var.aws_rds_db_monitoring_interval > 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
   role       = aws_iam_role.rds_enhanced_monitoring[0].name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
 }

From 97f7e62b0404e7b3e16eb6fb17ba8b8db773f1aa Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 12:27:38 -0300
Subject: [PATCH 5/6] Fixing conditional

---
 operations/deployment/terraform/modules/aws/rds/aws_rds.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index f55f9739..fee68ec6 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -95,7 +95,7 @@ resource "aws_db_instance" "default" {
 }
 
 resource "aws_iam_role" "rds_enhanced_monitoring" {
-  count = var.aws_rds_db_monitoring_interval > 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count = var.aws_rds_db_monitoring_interval == 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
   name  = "${var.aws_resource_identifier}-rds"
 
   assume_role_policy = jsonencode({
@@ -111,7 +111,7 @@ resource "aws_iam_role" "rds_enhanced_monitoring" {
 }
 
 resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring_attach" {
-  count      = var.aws_rds_db_monitoring_interval > 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count      = var.aws_rds_db_monitoring_interval == 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
   role       = aws_iam_role.rds_enhanced_monitoring[0].name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
 }

From c7542aadd64f4371fd897e4b55e11c0377bad786 Mon Sep 17 00:00:00 2001
From: LeoDiazL <leo@bitovi.com>
Date: Wed, 22 Oct 2025 12:46:09 -0300
Subject: [PATCH 6/6] Fix conditional #2

---
 operations/deployment/terraform/modules/aws/rds/aws_rds.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
index fee68ec6..30f4d84f 100644
--- a/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
+++ b/operations/deployment/terraform/modules/aws/rds/aws_rds.tf
@@ -95,7 +95,7 @@ resource "aws_db_instance" "default" {
 }
 
 resource "aws_iam_role" "rds_enhanced_monitoring" {
-  count = var.aws_rds_db_monitoring_interval == 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count  = var.aws_rds_db_monitoring_role_arn != "" ? 0 : var.aws_rds_db_monitoring_interval > 0 ? 1 : 0 
   name  = "${var.aws_resource_identifier}-rds"
 
   assume_role_policy = jsonencode({
@@ -111,7 +111,7 @@ resource "aws_iam_role" "rds_enhanced_monitoring" {
 }
 
 resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring_attach" {
-  count      = var.aws_rds_db_monitoring_interval == 0 && var.aws_rds_db_monitoring_role_arn != "" ? 0 : 1
+  count      = var.aws_rds_db_monitoring_role_arn != "" ? 0 : var.aws_rds_db_monitoring_interval > 0 ? 1 : 0 
   role       = aws_iam_role.rds_enhanced_monitoring[0].name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
 }