From 755daa3d7376e73b3c18a6d01a3c84382ba0c28d Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Sun, 17 Oct 2021 17:13:17 +0200 Subject: [PATCH] feat: initial commit --- LICENSE | 21 ++++++++++++++++++++ README.md | 2 ++ main.tf | 49 ++++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 3 +++ secret.tf | 35 +++++++++++++++++++++++++++++++++ vars.tf | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 167 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 secret.tf create mode 100644 vars.tf diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f83c22b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 opzkit + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..aa84028 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# terraform-aws-rds-mysql + diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..be4e428 --- /dev/null +++ b/main.tf @@ -0,0 +1,49 @@ +resource "aws_db_subnet_group" "default" { + name = "${var.identifier}-db-subnet-group" + subnet_ids = var.subnet_ids + + tags = { + Name = "${var.identifier} DB subnet group" + } +} + +data "aws_security_group" "security_groups" { + for_each = toset(var.security_group_names) + name = each.value +} + +resource "aws_security_group" "allow_postgres" { + vpc_id = var.vpc_id + name = "allow-postgresql-${var.identifier}" + + ingress { + from_port = 5432 + protocol = "tcp" + to_port = 5432 + security_groups = [for i, g in data.aws_security_group.security_groups : g.id] + } + + egress { + from_port = 0 + protocol = "-1" + to_port = 0 + security_groups = [for i, g in data.aws_security_group.security_groups : g.id] + } +} + +resource "aws_db_instance" "default" { + instance_class = var.instance_type + engine_version = var.postgresql_version + max_allocated_storage = 60 + skip_final_snapshot = var.skip_final_snapshot + identifier = var.identifier + name = var.db_name + username = var.master_username + password = local.password + maintenance_window = "mon:02:00-mon:03:30" + backup_window = "03:30-05:00" + backup_retention_period = 14 + allow_major_version_upgrade = true + apply_immediately = var.apply_immediately + db_subnet_group_name = aws_db_subnet_group.default.name +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..ae741f2 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,3 @@ +output "database_secret_name" { + value = aws_secretsmanager_secret.rds_secret.name +} diff --git a/secret.tf b/secret.tf new file mode 100644 index 0000000..2d92564 --- /dev/null +++ b/secret.tf @@ -0,0 +1,35 @@ +resource "aws_secretsmanager_secret" "rds_secret" { + name = "rds/postgres/${var.identifier}" +} + +resource "aws_secretsmanager_secret_version" "rds_secret_value" { + secret_id = aws_secretsmanager_secret.rds_secret.id + secret_string = jsonencode(local.secret_value) +} + +locals { + secret_value = { + DB_USERNAME = var.master_username + DB_PASSWORD = local.password + DB_NAME = aws_db_instance.default.identifier + DB_PORT = aws_db_instance.default.port + DB_HOST = aws_db_instance.default.endpoint + } + password = random_password.password.result +} + +resource "random_password" "password" { + length = 32 + special = false + lower = true + upper = true + number = true + override_special = "" + min_special = 0 + min_lower = 5 + min_upper = 5 + min_numeric = 5 + lifecycle { + ignore_changes = all + } +} diff --git a/vars.tf b/vars.tf new file mode 100644 index 0000000..db69cc9 --- /dev/null +++ b/vars.tf @@ -0,0 +1,57 @@ +variable "identifier" { + type = string + description = "Instance identifier" +} + +variable "db_name" { + type = string + description = "Initial database name" +} + +variable "instance_type" { + type = string + description = "Instance type" + default = "db.t3.small" +} + +variable "postgresql_version" { + type = string + description = "The postgresql version to use" + default = "13.3" +} + +variable "master_username" { + type = string + description = "Username for master user" +} + +variable "availability_zone" { + type = string + description = "The availability zone where the instance shall be created" +} + +variable "vpc_id" { + type = string +} + +variable "subnet_ids" { + type = list(string) + description = "List of subnet ids where cluster should be located" +} + +variable "security_group_names" { + type = list(string) + description = "List of security group names that should have access to the DB cluster" +} + +variable "skip_final_snapshot" { + type = bool + default = false + description = "Store final snapshot or not when destroying database" +} + +variable "apply_immediately" { + type = bool + default = false + description = "Apply changes immediately or wait for next maintenance window" +}