diff --git a/README.md b/README.md
index 50b53df..cbec28f 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,8 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec
| [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Whether to enable performance insights | `bool` | `true` | no |
| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The retention period for performance insights | `number` | `7` | no |
+| [postgres\_engine\_version](#input\_postgres\_engine\_version) | PostgreSQL engine version for the RDS instance (e.g., 15.4, 16.3). Defaults to latest supported. | `number` | `16.3` | no |
+| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | Major PostgreSQL engine version (e.g., 15, 16). Used for parameter group family naming. | `number` | `16` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs for database and Kong ECS deployment | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for public-facing load balancers | `list(string)` | n/a | yes |
| [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | `{}` | no |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 2ee4fc4..d27b930 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -88,6 +88,8 @@ No resources.
| [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | n/a | yes |
| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Whether to enable performance insights | `bool` | n/a | yes |
| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The retention period for performance insights | `number` | n/a | yes |
+| [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes |
+| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
| [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | n/a | yes |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 4603895..5c6179e 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -28,4 +28,6 @@ module "kong" {
memory_for_kong_task = var.memory_for_kong_task
desired_count_for_kong_service = var.desired_count_for_kong_service
force_new_deployment = var.force_new_deployment
+ postgres_engine_version = var.postgres_engine_version
+ postgres_major_engine_version = var.postgres_major_engine_version
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index caf69b5..029f5b8 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -122,3 +122,13 @@ variable "force_new_deployment" {
description = "Whether to force new deployment"
type = bool
}
+
+variable "postgres_engine_version" {
+ description = "The version of the Postgres engine"
+ type = number
+}
+
+variable "postgres_major_engine_version" {
+ description = "The major version of the Postgres engine"
+ type = number
+}
diff --git a/locals.tf b/locals.tf
index 1327df2..ed3a653 100644
--- a/locals.tf
+++ b/locals.tf
@@ -14,15 +14,16 @@ locals {
engine = "postgres"
storage_encrypted = true
storage_type = "gp3"
- engine_version = 16.3
- engine_family = "postgres16"
- major_engine_version = 16
- port = 5432
- sg_name = "kong-postgres"
- sg_description = "Allow all traffic within vpc"
- postgres_username = data.aws_ssm_parameter.rds["POSTGRES_USERNAME"].value
- postgres_password = data.aws_ssm_parameter.rds["POSTGRES_PASSWORD"].value
- postgres_db_name = data.aws_ssm_parameter.rds["POSTGRES_DB_NAME"].value
+ engine_version = var.postgres_engine_version
+ engine_family = "postgres${var.postgres_major_engine_version}"
+ major_engine_version = var.postgres_major_engine_version
+
+ port = 5432
+ sg_name = "kong-postgres"
+ sg_description = "Allow all traffic within vpc"
+ postgres_username = data.aws_ssm_parameter.rds["POSTGRES_USERNAME"].value
+ postgres_password = data.aws_ssm_parameter.rds["POSTGRES_PASSWORD"].value
+ postgres_db_name = data.aws_ssm_parameter.rds["POSTGRES_DB_NAME"].value
}
ecs = {
diff --git a/variables.tf b/variables.tf
index ed12721..085e67c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -161,3 +161,23 @@ variable "force_new_deployment" {
type = bool
default = true
}
+
+variable "postgres_engine_version" {
+ description = "PostgreSQL engine version for the RDS instance (e.g., 15.4, 16.3). Defaults to latest supported."
+ type = number
+ default = 16.3
+ validation {
+ condition = var.postgres_engine_version >= 16
+ error_message = "The PostgreSQL engine version must be 16 or higher."
+ }
+}
+
+variable "postgres_major_engine_version" {
+ description = "Major PostgreSQL engine version (e.g., 15, 16). Used for parameter group family naming."
+ type = number
+ default = 16
+ validation {
+ condition = var.postgres_major_engine_version >= 16
+ error_message = "The major PostgreSQL engine version must be 16 or higher."
+ }
+}