This repository has been archived by the owner on Sep 27, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
129 lines (115 loc) · 4.26 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.61.0"
}
}
required_version = ">= 1.2"
}
module "aurora" {
source = "terraform-aws-modules/rds-aurora/aws"
version = "6.1.4"
name = var.name
engine = var.engine
engine_version = var.engine_version
auto_minor_version_upgrade = var.auto_minor_version_upgrade
instances = {
1 = {
instance_class = var.instance_class
publicly_accessible = var.publicly_accessible
}
}
vpc_id = var.vpc_id
subnets = var.subnets
create_db_subnet_group = var.create_db_subnet_group
create_security_group = var.create_security_group
allowed_security_groups = var.allowed_security_groups
security_group_egress_rules = {
to_cidrs = {
cidr_blocks = ["0.0.0.0/0"]
description = "Egress to Internet"
}
}
allowed_cidr_blocks = var.security_group_allowed_cidrs
iam_database_authentication_enabled = var.iam_database_authentication_enabled
master_username = var.master_username
create_random_password = true
database_name = var.database_name
ca_cert_identifier = var.ca_cert_identifier
apply_immediately = var.apply_immediately
skip_final_snapshot = var.skip_final_snapshot
snapshot_identifier = var.snapshot_identifier
db_parameter_group_name = aws_db_parameter_group.db_parameter_group.id
db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.db_cluster_parameter_group.id
enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
tags = var.tags
copy_tags_to_snapshot = true
backup_retention_period = var.backup_retention_period
}
resource "aws_db_parameter_group" "db_parameter_group" {
name = "${var.name}-aurora-db-mysql-parameter-group"
family = "aurora-mysql8.0"
description = "${var.name}-aurora-db-mysql-parameter-group"
tags = var.tags
dynamic "parameter" {
for_each = var.db_parameter_group_parameters
content {
name = parameter.value["name"]
value = parameter.value["value"]
}
}
}
resource "aws_rds_cluster_parameter_group" "db_cluster_parameter_group" {
name = "${var.name}-aurora-mysql-cluster-parameter-group"
family = "aurora-mysql8.0"
description = "${var.name}-aurora-mysql-cluster-parameter-group"
tags = var.tags
dynamic "parameter" {
for_each = var.db_cluster_parameter_group_parameters
content {
name = parameter.value["name"]
value = parameter.value["value"]
}
}
}
resource "aws_route53_record" "www" {
zone_id = var.route53_zone_id
name = var.route53_record_name
type = "CNAME"
ttl = "60"
records = [module.aurora.cluster_endpoint]
}
### TODO: I don't think the below rules actually do anything
# RDS egress rule for cluster_security_group
resource "aws_security_group_rule" "db-egress-cluster_security_group" {
type = "egress"
description = "mysql traffic"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = module.aurora.security_group_id
security_group_id = var.cluster_security_group_id
}
### TODO: I don't think the below rules actually do anything
# RDS egress rule for worker_security_group
resource "aws_security_group_rule" "db-egress-worker_security_group" {
type = "egress"
description = "mysql traffic"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = module.aurora.security_group_id
security_group_id = var.worker_security_group_id
}
### TODO: I don't think the below rules actually do anything
# RDS egress rule for cluster_primary_security_group
resource "aws_security_group_rule" "db-egress-cluster_primary_security_group" {
type = "egress"
description = "mysql traffic"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = module.aurora.security_group_id
security_group_id = var.cluster_primary_security_group_id
}