| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- #------------------------------------
- # RDS Cluster
- #------------------------------------
- resource "aws_kms_key" "customer_portal_kms" {
- description = "RDS KMS Key"
- enable_key_rotation = true
- }
- resource "aws_db_subnet_group" "customer_portal_rds_subnets" {
- name = "customer_portal_rds_subnets"
- description = "Customer Portal RDS Private subnet"
- subnet_ids = [ element(var.subnets,0), element(var.subnets,1), element(var.subnets,2) ]
- }
- resource "aws_db_instance" "postgres" {
- allocated_storage = 20
- storage_type = "gp2"
- engine = "postgres"
- db_subnet_group_name = aws_db_subnet_group.customer_portal_rds_subnets.name
- vpc_security_group_ids = [ aws_security_group.postgres.id, ]
- instance_class = "db.t2.small"
- identifier = "customerportal"
- name = "customerportal"
- username = "portal"
- password = "foobarbaz"
- kms_key_id = aws_kms_key.customer_portal_kms.arn
- storage_encrypted = "true"
- ca_cert_identifier = "rds-ca-2017"
- }
- #------------------------------------
- # Security Groups
- #------------------------------------
- resource "aws_security_group" "postgres" {
- name = "customer_portal_postgres_inbound_sg"
- description = "Allow Customer Portal HTTP Traffic Inbound"
- vpc_id = var.vpc_id
- }
- resource "aws_security_group_rule" "customer_portal_postgres_inbound" {
- security_group_id = aws_security_group.postgres.id
- type = "ingress"
- from_port = 5432
- to_port = 5432
- protocol = "tcp"
- cidr_blocks = ["10.0.0.0/8"]
- }
|
