CMS-Enterprise · dchong-revacomm · Aug 29, 2024 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/README.md b/README.md
@@ -28,10 +28,6 @@ This repository contains the Terraform code to create a MySQL database.
 |------|------|
 | [aws_db_parameter_group.db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
 | [aws_rds_cluster_parameter_group.db_cluster_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource |
-| [aws_route53_record.www](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_security_group_rule.db-egress-cluster_primary_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.db-egress-cluster_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.db-egress-worker_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 
 ## Inputs
 
@@ -42,30 +38,37 @@ This repository contains the Terraform code to create a MySQL database.
 | <a name="input_auto_minor_version_upgrade"></a> [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | n/a | `bool` | `true` | no |
 | <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for. Default `7` | `number` | `35` | no |
 | <a name="input_ca_cert_identifier"></a> [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `"rds-ca-rsa2048-g1"` | no |
-| <a name="input_cluster_primary_security_group_id"></a> [cluster\_primary\_security\_group\_id](#input\_cluster\_primary\_security\_group\_id) | n/a | `string` | n/a | yes |
-| <a name="input_cluster_security_group_id"></a> [cluster\_security\_group\_id](#input\_cluster\_security\_group\_id) | n/a | `string` | n/a | yes |
 | <a name="input_create_db_subnet_group"></a> [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | n/a | `bool` | `true` | no |
+| <a name="input_create_monitoring_role"></a> [create\_monitoring\_role](#input\_create\_monitoring\_role) | Create monitoring role | `bool` | `true` | no |
+| <a name="input_create_reader_instance"></a> [create\_reader\_instance](#input\_create\_reader\_instance) | Whether to create a read replica instance | `bool` | `false` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | n/a | `bool` | `true` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | n/a | `string` | n/a | yes |
+| <a name="input_db_cluster_parameter_group_family"></a> [db\_cluster\_parameter\_group\_family](#input\_db\_cluster\_parameter\_group\_family) | db parameter group family | `string` | `"aurora-mysql8.0"` | no |
 | <a name="input_db_cluster_parameter_group_parameters"></a> [db\_cluster\_parameter\_group\_parameters](#input\_db\_cluster\_parameter\_group\_parameters) | n/a | `list(map(string))` | <pre>[<br>  {<br>    "name": "group_concat_max_len",<br>    "value": "4096"<br>  }<br>]</pre> | no |
+| <a name="input_db_parameter_group_family"></a> [db\_parameter\_group\_family](#input\_db\_parameter\_group\_family) | db parameter group family | `string` | `"aurora-mysql8.0"` | no |
 | <a name="input_db_parameter_group_parameters"></a> [db\_parameter\_group\_parameters](#input\_db\_parameter\_group\_parameters) | n/a | `list(map(string))` | <pre>[<br>  {<br>    "name": "general_log",<br>    "value": "1"<br>  },<br>  {<br>    "name": "group_concat_max_len",<br>    "value": "4096"<br>  },<br>  {<br>    "name": "log_bin_trust_function_creators",<br>    "value": "1"<br>  },<br>  {<br>    "name": "max_allowed_packet",<br>    "value": "1073741824"<br>  },<br>  {<br>    "name": "transaction_isolation",<br>    "value": "READ-COMMITTED"<br>  }<br>]</pre> | no |
 | <a name="input_enabled_cloudwatch_logs_exports"></a> [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | n/a | `list(any)` | <pre>[<br>  "audit",<br>  "error",<br>  "general",<br>  "slowquery"<br>]</pre> | no |
 | <a name="input_engine"></a> [engine](#input\_engine) | n/a | `string` | `"aurora-mysql"` | no |
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | n/a | `string` | `"8.0"` | no |
 | <a name="input_iam_database_authentication_enabled"></a> [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | n/a | `bool` | `true` | no |
+| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `""` | no |
+| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | IAM role permissions boundary | `string` | `""` | no |
 | <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | n/a | `string` | `"db.r5.xlarge"` | no |
 | <a name="input_master_username"></a> [master\_username](#input\_master\_username) | n/a | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | n/a | `string` | n/a | yes |
+| <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Enable performance insights | `bool` | `true` | no |
+| <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | Performance insights retention period | `number` | `7` | no |
 | <a name="input_publicly_accessible"></a> [publicly\_accessible](#input\_publicly\_accessible) | n/a | `string` | `"false"` | no |
-| <a name="input_route53_record_name"></a> [route53\_record\_name](#input\_route53\_record\_name) | n/a | `string` | n/a | yes |
-| <a name="input_route53_zone_id"></a> [route53\_zone\_id](#input\_route53\_zone\_id) | n/a | `string` | n/a | yes |
+| <a name="input_publicly_accessible_replica"></a> [publicly\_accessible\_replica](#input\_publicly\_accessible\_replica) | Whether the replica instance should be publicly accessible | `bool` | `false` | no |
+| <a name="input_reader_instance_class"></a> [reader\_instance\_class](#input\_reader\_instance\_class) | Instance class for the read replica | `string` | `"db.r5.large"` | no |
 | <a name="input_security_group_allowed_cidrs"></a> [security\_group\_allowed\_cidrs](#input\_security\_group\_allowed\_cidrs) | n/a | `list(string)` | `[]` | no |
+| <a name="input_security_group_egress_rules_cidr_blocks"></a> [security\_group\_egress\_rules\_cidr\_blocks](#input\_security\_group\_egress\_rules\_cidr\_blocks) | egress cidr blocks | `list(any)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_security_group_egress_rules_cidr_blocks_description"></a> [security\_group\_egress\_rules\_cidr\_blocks\_description](#input\_security\_group\_egress\_rules\_cidr\_blocks\_description) | egress cidr blocks description | `string` | `"Egress to Internet"` | no |
 | <a name="input_skip_final_snapshot"></a> [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | n/a | `bool` | `false` | no |
 | <a name="input_snapshot_identifier"></a> [snapshot\_identifier](#input\_snapshot\_identifier) | If specified creates this database from a snapshot. Default is null.  Be warned that modifying this value on an already created database _WILL_ destroy/recreate the whole cluster. | `string` | `null` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | n/a | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(string)` | <pre>{<br>  "Owner": "Batcave"<br>}</pre> | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | n/a | yes |
-| <a name="input_worker_security_group_id"></a> [worker\_security\_group\_id](#input\_worker\_security\_group\_id) | n/a | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -16,7 +16,18 @@ module "aurora" {
   engine                     = var.engine
   engine_version             = var.engine_version
   auto_minor_version_upgrade = var.auto_minor_version_upgrade
-  instances = {
+
+  instances = var.create_reader_instance ? {
+    1 = {
+      instance_class      = var.instance_class
+      publicly_accessible = var.publicly_accessible
+    },
+    2 = {
+      instance_class      = var.reader_instance_class
+      publicly_accessible = var.publicly_accessible_replica
+      replica             = true
+    }
+    } : {
     1 = {
       instance_class      = var.instance_class
       publicly_accessible = var.publicly_accessible
@@ -46,14 +57,14 @@ module "aurora" {
   skip_final_snapshot = var.skip_final_snapshot
   snapshot_identifier = var.snapshot_identifier
 
-  db_parameter_group_name         = aws_db_parameter_group.db_parameter_group.id
-  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.db_cluster_parameter_group.id
-  enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
-  performance_insights_enabled    = var.performance_insights_enabled
+  db_parameter_group_name               = aws_db_parameter_group.db_parameter_group.id
+  db_cluster_parameter_group_name       = aws_rds_cluster_parameter_group.db_cluster_parameter_group.id
+  enabled_cloudwatch_logs_exports       = var.enabled_cloudwatch_logs_exports
+  performance_insights_enabled          = var.performance_insights_enabled
   performance_insights_retention_period = var.performance_insights_retention_period
 
-  create_monitoring_role = var.create_monitoring_role
-  iam_role_path = var.iam_role_path
+  create_monitoring_role        = var.create_monitoring_role
+  iam_role_path                 = var.iam_role_path
   iam_role_permissions_boundary = var.iam_role_permissions_boundary
 
 

diff --git a/variables.tf b/variables.tf
@@ -35,6 +35,24 @@ variable "instance_class" {
   default = "db.r5.xlarge"
 }
 
+variable "create_reader_instance" {
+  description = "Whether to create a read replica instance"
+  type        = bool
+  default     = false
+}
+
+variable "reader_instance_class" {
+  description = "Instance class for the read replica"
+  type        = string
+  default     = "db.r5.large"
+}
+
+variable "publicly_accessible_replica" {
+  description = "Whether the replica instance should be publicly accessible"
+  type        = bool
+  default     = false
+}
+
 variable "allowed_security_groups" {
   type = list(string)
 }
@@ -54,28 +72,7 @@ variable "tags" {
   }
 }
 
-variable "route53_zone_id" {
-  type = string
-  default = null
-}
-
-variable "route53_record_name" {
-  type = string
-  default = null
-}
 
-variable "worker_security_group_id" {
-  type = string
-  default = null
-}
-variable "cluster_security_group_id" {
-  type = string
-  default = null
-}
-variable "cluster_primary_security_group_id" {
-  type = string
-  default = null
-}
 variable "apply_immediately" {
   type    = bool
   default = false
@@ -179,19 +176,19 @@ variable "security_group_egress_rules_cidr_blocks_description" {
 variable "db_parameter_group_family" {
   description = "db parameter group family"
   type        = string
-  default     = "aurora-mysql8.0" 
+  default     = "aurora-mysql8.0"
 }
 
 variable "db_cluster_parameter_group_family" {
   description = "db parameter group family"
   type        = string
-  default     = "aurora-mysql8.0" 
+  default     = "aurora-mysql8.0"
 }
 
 variable "performance_insights_enabled" {
   description = "Enable performance insights"
   type        = bool
-  default     = true 
+  default     = true
 }
 
 variable "performance_insights_retention_period" {
@@ -216,4 +213,4 @@ variable "iam_role_permissions_boundary" {
   description = "IAM role permissions boundary"
   type        = string
   default     = ""
-}
+}