ExtensionEngine · mandryllo · Dec 16, 2025 · Jan 12, 2026 · Jan 12, 2026 · Jan 14, 2026
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -55,6 +55,7 @@
     "@aws-sdk/client-efs": "^3.758.0",
     "@aws-sdk/client-elastic-load-balancing-v2": "^3.764.0",
     "@aws-sdk/client-elasticache": "^3.901.0",
+    "@aws-sdk/client-iam": "^3.952.0",
     "@aws-sdk/client-kms": "^3.943.0",
     "@aws-sdk/client-rds": "^3.943.0",
     "@aws-sdk/client-route-53": "^3.782.0",

diff --git a/tests/database/configurable-db.test.ts b/tests/database/configurable-db.test.ts
@@ -0,0 +1,145 @@
+import {
+  GetRoleCommand,
+  ListAttachedRolePoliciesCommand,
+} from '@aws-sdk/client-iam';
+import * as assert from 'node:assert';
+import { DatabaseTestContext } from './test-context';
+import { it } from 'node:test';
+import { ListTagsForResourceCommand } from '@aws-sdk/client-rds';
+
+export function testConfigurableDb(ctx: DatabaseTestContext) {
+  it('should properly configure instance', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+
+    assert.strictEqual(
+      configurableDb.instance.applyImmediately,
+      ctx.config.applyImmediately,
+      'Apply immediately argument should be set correctly',
+    );
+    assert.strictEqual(
+      configurableDb.instance.allowMajorVersionUpgrade,
+      ctx.config.allowMajorVersionUpgrade,
+      'Allow major version upgrade argument should be set correctly',
+    );
+    assert.strictEqual(
+      configurableDb.instance.autoMinorVersionUpgrade,
+      ctx.config.autoMinorVersionUpgrade,
+      'Auto minor version upgrade argument should be set correctly',
+    );
+  });
+
+  it('should properly configure password', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+
+    assert.ok(configurableDb.password, 'Password should exist');
+    assert.strictEqual(
+      configurableDb.instance.masterUserPassword,
+      ctx.config.dbPassword,
+      'Master user password should be set correctly',
+    );
+  });
+
+  it('should properly configure storage', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+
+    assert.strictEqual(
+      configurableDb.instance.allocatedStorage,
+      ctx.config.allocatedStorage.toString(),
+      'Allocated storage argument should be set correctly',
+    );
+    assert.strictEqual(
+      configurableDb.instance.maxAllocatedStorage,
+      ctx.config.maxAllocatedStorage,
+      'Max allocated storage argument should be set correctly',
+    );
+  });
+
+  it('should properly configure monitoring options', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+
+    assert.strictEqual(
+      configurableDb.instance.enablePerformanceInsights,
+      true,
+      'Performance insights should be enabled',
+    );
+    assert.strictEqual(
+      configurableDb.instance.performanceInsightsRetentionPeriod,
+      7,
+      'Performance insights retention period should be set correctly',
+    );
+    assert.strictEqual(
+      configurableDb.instance.monitoringInterval,
+      60,
+      'Monitoring interval should be set correctly',
+    );
+    assert.ok(
+      configurableDb.instance.monitoringRoleArn,
+      'Monitoring role ARN should exist',
+    );
+  });
+
+  it('should create monitoring IAM role and attach correct policy', async () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+    const roleName = configurableDb.monitoringRole.name;
+
+    const roleCommand = new GetRoleCommand({
+      RoleName: roleName,
+    });
+    const { Role } = await ctx.clients.iam.send(roleCommand);
+    assert.ok(Role, 'Monitoring IAM role should exist');
+
+    const policyCommand = new ListAttachedRolePoliciesCommand({
+      RoleName: roleName,
+    });
+    const { AttachedPolicies } = await ctx.clients.iam.send(policyCommand);
+    assert.ok(
+      AttachedPolicies && AttachedPolicies.length > 0,
+      'Attached policies should exist',
+    );
+    const [attachedPolicy] = AttachedPolicies;
+    assert.strictEqual(
+      attachedPolicy.PolicyArn,
+      'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
+      'Monitoring IAM role should have correct policy attached',
+    );
+  });
+
+  it('should properly configure kms', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+    const kms = ctx.outputs.kms.value;
+
+    assert.ok(configurableDb.kmsKeyId, 'Kms key id should exist');
+    assert.strictEqual(
+      configurableDb.instance.kmsKeyId,
+      kms.arn,
+      'Kms key id should be set correctly',
+    );
+  });
+
+  it('should properly configure parameter group', () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+    const paramGroup = ctx.outputs.paramGroup.value;
+
+    assert.strictEqual(
+      configurableDb.instance.dbParameterGroupName,
+      paramGroup.name,
+      'Parameter group name should be set correctly',
+    );
+  });
+
+  it('should properly configure tags', async () => {
+    const configurableDb = ctx.outputs.configurableDb.value;
+
+    const command = new ListTagsForResourceCommand({
+      ResourceName: configurableDb.instance.dbInstanceArn,
+    });
+    const { TagList } = await ctx.clients.rds.send(command);
+    assert.ok(TagList && TagList.length > 0, 'Tags should exist');
+
+    Object.entries(ctx.config.tags).map(([Key, Value]) => {
+      const tag = TagList.find(tag => tag.Key === Key);
+      assert.ok(tag, `${Key} tag should exist`);
+      assert.strictEqual(tag.Value, Value, `${Key} tag should set correctly`);
+    });
+  });
+}
diff --git a/tests/database/index.test.ts b/tests/database/index.test.ts
@@ -17,11 +17,13 @@ import { cleanupSnapshots } from './util';
 import * as config from './infrastructure/config';
 import { DatabaseTestContext } from './test-context';
 import { EC2Client } from '@aws-sdk/client-ec2';
+import { IAMClient } from '@aws-sdk/client-iam';
 import { InlineProgramArgs } from '@pulumi/pulumi/automation';
 import { it } from 'node:test';
 import { KMSClient } from '@aws-sdk/client-kms';
 import { RDSClient } from '@aws-sdk/client-rds';
 import { requireEnv } from '../util';
+import { testConfigurableDb } from './configurable-db.test';
 
 const programArgs: InlineProgramArgs = {
   stackName: 'dev',
@@ -37,6 +39,7 @@ const ctx: DatabaseTestContext = {
     rds: new RDSClient({ region }),
     ec2: new EC2Client({ region }),
     kms: new KMSClient({ region }),
+    iam: new IAMClient({ region }),
   },
 };
 
@@ -202,4 +205,6 @@ describe('Database component deployment', () => {
       'KMS key rotation should be enabled',
     );
   });
+
+  describe('With configurable options', () => testConfigurableDb(ctx));
 });
diff --git a/tests/database/infrastructure/config.ts b/tests/database/infrastructure/config.ts
@@ -1,3 +1,16 @@
+import * as pulumi from '@pulumi/pulumi';
+
 export const appName = 'db-test';
+export const stackName = pulumi.getStack();
+export const tags = {
+  Project: appName,
+  Environment: stackName,
+};
 export const dbName = 'dbname';
 export const dbUsername = 'dbusername';
+export const dbPassword = 'dbpassword';
+export const applyImmediately = true;
+export const allowMajorVersionUpgrade = true;
+export const autoMinorVersionUpgrade = false;
+export const allocatedStorage = 10;
+export const maxAllocatedStorage = 50;
diff --git a/tests/database/infrastructure/index.ts b/tests/database/infrastructure/index.ts
@@ -1,17 +1,58 @@
-import { appName, dbName, dbUsername } from './config';
-import { next as studion } from '@studion/infra-code-blocks';
+import * as aws from '@pulumi/aws';
+import * as config from './config';
 import { DatabaseBuilder } from '../../../dist/v2/components/database/builder';
+import { next as studion } from '@studion/infra-code-blocks';
+
+const vpc = new studion.Vpc(`${config.appName}-vpc`, {});
+
+const defaultDb = new DatabaseBuilder(`${config.appName}-default-db`)
+  .withInstance({
+    dbName: config.dbName,
+  })
+  .withCredentials({
+    username: config.dbUsername,
+  })
+  .withVpc(vpc.vpc)
+  .build();
+
+const kms = new aws.kms.Key(`${config.appName}-kms-key`, {
+  description: `${config.appName} RDS encryption key`,
+  customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
+  isEnabled: true,
+  keyUsage: 'ENCRYPT_DECRYPT',
+  multiRegion: false,
+  enableKeyRotation: true,
+  tags: config.tags,
+});
 
-const vpc = new studion.Vpc(`${appName}-vpc`, {});
+const paramGroup = new aws.rds.ParameterGroup(
+  `${config.appName}-parameter-group`,
+  {
+    family: 'postgres17',
+    tags: config.tags,
+  },
+);
 
-const defaultDb = new DatabaseBuilder(`${appName}-default-db`)
+const configurableDb = new DatabaseBuilder(`${config.appName}-configurable-db`)
   .withInstance({
-    dbName,
+    dbName: config.dbName,
+    applyImmediately: config.applyImmediately,
+    allowMajorVersionUpgrade: config.allowMajorVersionUpgrade,
+    autoMinorVersionUpgrade: config.autoMinorVersionUpgrade,
   })
   .withCredentials({
-    username: dbUsername,
+    username: config.dbUsername,
+    password: config.dbPassword,
+  })
+  .withStorage({
+    allocatedStorage: config.allocatedStorage,
+    maxAllocatedStorage: config.maxAllocatedStorage,
   })
   .withVpc(vpc.vpc)
+  .withMonitoring()
+  .withKms(kms.arn)
+  .withParameterGroup(paramGroup.name)
+  .withTags(config.tags)
   .build();
 
-export { vpc, defaultDb };
+export { vpc, defaultDb, kms, paramGroup, configurableDb };
diff --git a/tests/database/test-context.ts b/tests/database/test-context.ts
@@ -1,4 +1,5 @@
 import { EC2Client } from '@aws-sdk/client-ec2';
+import { IAMClient } from '@aws-sdk/client-iam';
 import { KMSClient } from '@aws-sdk/client-kms';
 import { OutputMap } from '@pulumi/pulumi/automation';
 import { RDSClient } from '@aws-sdk/client-rds';
@@ -9,8 +10,19 @@ interface ConfigContext {
 
 interface DatabaseTestConfig {
   appName: string;
+  stackName: string;
+  tags: {
+    Project: string;
+    Environment: string;
+  };
   dbName: string;
   dbUsername: string;
+  dbPassword: string;
+  applyImmediately: boolean;
+  allowMajorVersionUpgrade: boolean;
+  autoMinorVersionUpgrade: boolean;
+  allocatedStorage: number;
+  maxAllocatedStorage: number;
 }
 
 interface PulumiProgramContext {
@@ -22,6 +34,7 @@ interface AwsContext {
     rds: RDSClient;
     ec2: EC2Client;
     kms: KMSClient;
+    iam: IAMClient;
   };
 }
 

diff --git a/tests/database/util.ts b/tests/database/util.ts
@@ -8,8 +8,10 @@ import { DatabaseTestContext } from './test-context';
 export async function cleanupSnapshots(ctx: DatabaseTestContext) {
   const spinner = createSpinner('Deleting snapshots...').start();
 
-  const defaultDb = ctx.outputs.defaultDb.value;
-  await deleteSnapshot(ctx, defaultDb.instance.dbInstanceIdentifier);
+  const dbs = [ctx.outputs.defaultDb.value, ctx.outputs.configurableDb.value];
+  await Promise.all(
+    dbs.map(db => deleteSnapshot(ctx, db.instance.dbInstanceIdentifier)),
+  );
 
   spinner.success({ text: 'Snapshots deleted' });
 }