Home Esplora Aiuto
Registrati Accedi
AFS
/
xdr-terraform-modules
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 041220532e
Rami (Branch) Tag
xdr-terraform-m...
/
base
/
keycloak
/
rds.tf

rds.tf 2.3 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. data "aws_rds_certificate" "latest" {
    2. 

  2.   latest_valid_till = true
    3. 

  3. }
    4. 

  4. 

  5. locals {
    6. 

  6.   # GovCloud and Commercial use different CA certs
    7. 

  7.   ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
    8. 

  8. }
    9. 

  9. 

  10. output "ca_cert_identifier" {
    11. 

  11.   value = {
    12. 

  12.     "current": local.ca_cert_identifier,
    13. 

  13.     "latest":  data.aws_rds_certificate.latest.id
    14. 

  14.   }
    15. 

  15. }
    16. 

  16. 

  17. resource "random_password" "password" {
    18. 

  18.   keepers          = {
    19. 

  19.     "version": 1 # increment to change the password
    20. 

  20.     # n.b. you could add other stuff to make this change automatically, e.g.
    21. 

  21.     # "instance_type": var.instance_type
    22. 

  22.     # Would then change this password every time the instance type changes.
    23. 

  23.   }
    24. 

  24.   length           = 32
    25. 

  25.   special          = true
    26. 

  26.   min_lower = 1
    27. 

  27.   min_numeric = 1
    28. 

  28.   min_upper = 1
    29. 

  29.   min_special = 1
    30. 

  30.   override_special = "~!@%^()-_+"
    31. 

  31. }
    32. 

  32. 

  33. module "keycloak_db" {
    34. 

  34.   source = "terraform-aws-modules/rds/aws"
    35. 

  35.   version = "~> v2.0"
    36. 

  36. 

  37.   identifier = var.identifier # this is the RDS identifier, not the DB name
    38. 

  38.   name = "keycloak" # the DB name
    39. 

  39. 

  40.   engine             = "postgres"
    41. 

  41.   engine_version     = "12.5"
    42. 

  42.   instance_class     = var.db_instance_type
    43. 

  43.   allocated_storage  = var.rds_storage
    44. 

  44.   storage_encrypted  = true
    45. 

  45.   kms_key_id = module.keycloak_key.key_arn
    46. 

  46.   ca_cert_identifier = local.ca_cert_identifier
    47. 

  47. 

  48.   # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
    49. 

  49.   # "Error creating DB Instance: InvalidParameterValue: MasterUsername
    50. 

  50.   # user cannot be used as it is a reserved word used by the engine"
    51. 

  51.   username = "keycloak"
    52. 

  52.   password = random_password.password.result
    53. 

  53. 

  54.   port     = "5432"
    55. 

  55.   create_random_password = true
    56. 

  56.   random_password_length = 32
    57. 

  57. 

  58.   vpc_security_group_ids = [ aws_security_group.keycloak_rds_sg.id ]
    59. 

  59. 

  60.   backup_window      = "00:00-03:00"
    61. 

  61.   maintenance_window = "Mon:03:00-Mon:06:00"
    62. 

  62. 

  63.   # disable backups to create DB faster
    64. 

  64.   backup_retention_period = var.environment == "test" ? 0 : 35
    65. 

  65. 

  66.   tags = merge(var.standard_tags, var.tags)
    67. 

  67. 

  68.   enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
    69. 

  69. 

  70.   # DB subnet group
    71. 

  71.   subnet_ids = var.private_subnets
    72. 

  72. 

  73.   # DB parameter group
    74. 

  74.   family = "postgres12"
    75. 

  75. 

  76.   # DB option group
    77. 

  77.   major_engine_version = "12"
    78. 

  78. 

  79.   # Snapshot name upon DB deletion
    80. 

  80.   final_snapshot_identifier = "${var.identifier}-final-snapshot"
    81. 

  81. 

  82.   # Database Deletion Protection
    83. 

  83.   deletion_protection = var.instance_termination_protection
    84. 

  84. }
    85.