From e20a13b2fff50a55425d39f7266c709561f66d68 Mon Sep 17 00:00:00 2001
From: rahul-infra <rahul.sayam@infraspec.dev>
Date: Tue, 4 Nov 2025 12:27:19 +0530
Subject: [PATCH 1/3] Added input variable for postgres version

---
 examples/complete/main.tf      |  2 ++
 examples/complete/variables.tf | 10 ++++++++++
 locals.tf                      | 19 ++++++++++---------
 variables.tf                   | 20 ++++++++++++++++++++
 4 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 4603895..5c6179e 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -28,4 +28,6 @@ module "kong" {
   memory_for_kong_task           = var.memory_for_kong_task
   desired_count_for_kong_service = var.desired_count_for_kong_service
   force_new_deployment           = var.force_new_deployment
+  postgres_engine_version        = var.postgres_engine_version
+  postgres_major_engine_version  = var.postgres_major_engine_version
 }
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index caf69b5..029f5b8 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -122,3 +122,13 @@ variable "force_new_deployment" {
   description = "Whether to force new deployment"
   type        = bool
 }
+
+variable "postgres_engine_version" {
+  description = "The version of the Postgres engine"
+  type        = number
+}
+
+variable "postgres_major_engine_version" {
+  description = "The major version of the Postgres engine"
+  type        = number
+}
diff --git a/locals.tf b/locals.tf
index 1327df2..ed3a653 100644
--- a/locals.tf
+++ b/locals.tf
@@ -14,15 +14,16 @@ locals {
     engine               = "postgres"
     storage_encrypted    = true
     storage_type         = "gp3"
-    engine_version       = 16.3
-    engine_family        = "postgres16"
-    major_engine_version = 16
-    port                 = 5432
-    sg_name              = "kong-postgres"
-    sg_description       = "Allow all traffic within vpc"
-    postgres_username    = data.aws_ssm_parameter.rds["POSTGRES_USERNAME"].value
-    postgres_password    = data.aws_ssm_parameter.rds["POSTGRES_PASSWORD"].value
-    postgres_db_name     = data.aws_ssm_parameter.rds["POSTGRES_DB_NAME"].value
+    engine_version       = var.postgres_engine_version
+    engine_family        = "postgres${var.postgres_major_engine_version}"
+    major_engine_version = var.postgres_major_engine_version
+
+    port              = 5432
+    sg_name           = "kong-postgres"
+    sg_description    = "Allow all traffic within vpc"
+    postgres_username = data.aws_ssm_parameter.rds["POSTGRES_USERNAME"].value
+    postgres_password = data.aws_ssm_parameter.rds["POSTGRES_PASSWORD"].value
+    postgres_db_name  = data.aws_ssm_parameter.rds["POSTGRES_DB_NAME"].value
   }
 
   ecs = {
diff --git a/variables.tf b/variables.tf
index ed12721..085e67c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -161,3 +161,23 @@ variable "force_new_deployment" {
   type        = bool
   default     = true
 }
+
+variable "postgres_engine_version" {
+  description = "PostgreSQL engine version for the RDS instance (e.g., 15.4, 16.3). Defaults to latest supported."
+  type        = number
+  default     = 16.3
+  validation {
+    condition     = var.postgres_engine_version >= 16
+    error_message = "The PostgreSQL engine version must be 16 or higher."
+  }
+}
+
+variable "postgres_major_engine_version" {
+  description = "Major PostgreSQL engine version (e.g., 15, 16). Used for parameter group family naming."
+  type        = number
+  default     = 16
+  validation {
+    condition     = var.postgres_major_engine_version >= 16
+    error_message = "The major PostgreSQL engine version must be 16 or higher."
+  }
+}

From a10bd6736e00a17d685618cf0945fbaee8e4f78b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 06:58:19 +0000
Subject: [PATCH 2/3] terraform-docs: automated action

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 50b53df..cbec28f 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,8 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec
 | <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | `false` | no |
 | <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Whether to enable performance insights | `bool` | `true` | no |
 | <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The retention period for performance insights | `number` | `7` | no |
+| <a name="input_postgres_engine_version"></a> [postgres\_engine\_version](#input\_postgres\_engine\_version) | PostgreSQL engine version for the RDS instance (e.g., 15.4, 16.3). Defaults to latest supported. | `number` | `16.3` | no |
+| <a name="input_postgres_major_engine_version"></a> [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | Major PostgreSQL engine version (e.g., 15, 16). Used for parameter group family naming. | `number` | `16` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs for database and Kong ECS deployment | `list(string)` | n/a | yes |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for public-facing load balancers | `list(string)` | n/a | yes |
 | <a name="input_rds_db_tags"></a> [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | `{}` | no |

From d61c51887c6af230f554f91f148f50b60b81b272 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 4 Nov 2025 06:58:22 +0000
Subject: [PATCH 3/3] terraform-docs: automated action

---
 examples/complete/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/examples/complete/README.md b/examples/complete/README.md
index 2ee4fc4..d27b930 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -88,6 +88,8 @@ No resources.
 | <a name="input_multi_az"></a> [multi\_az](#input\_multi\_az) | Specifies if the RDS instance is multi-AZ | `bool` | n/a | yes |
 | <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Whether to enable performance insights | `bool` | n/a | yes |
 | <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The retention period for performance insights | `number` | n/a | yes |
+| <a name="input_postgres_engine_version"></a> [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes |
+| <a name="input_postgres_major_engine_version"></a> [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
 | <a name="input_rds_db_tags"></a> [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | n/a | yes |