Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4e2cfe2ba7
Branches Tags
xdr-terraform-m...
/
base
/
customer_portal
/
rds.tf

rds.tf 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #------------------------------------
    2. 

  2. # RDS Cluster
    3. 

  3. #------------------------------------
    4. 

  4. resource "aws_kms_key" "customer_portal_kms" {
    5. 

  5.   description         = "RDS KMS Key"
    6. 

  6.   enable_key_rotation = true
    7. 

  7. }
    8. 

  8. 

  9. resource "aws_db_subnet_group" "customer_portal_rds_subnets" {
    10. 

  10.   name        = "customer_portal_rds_subnets"
    11. 

  11.   description = "Customer Portal RDS Private subnet"
    12. 

  12.   subnet_ids  = var.private_subnets
    13. 

  13. }
    14. 

  14. 

  15. # yeah, I alphabatized it. Don't you alphabatized your config files? 
    16. 

  16. resource "aws_db_instance" "postgres" {
    17. 

  17.   allocated_storage          = 20
    18. 

  18.   apply_immediately          = "true"
    19. 

  19.   auto_minor_version_upgrade = "true"
    20. 

  20.   db_subnet_group_name       = aws_db_subnet_group.customer_portal_rds_subnets.name
    21. 

  21.   backup_window              = "03:00-06:00"
    22. 

  22.   backup_retention_period    = 7
    23. 

  23.   ca_cert_identifier         = "rds-ca-rsa4096-g1"
    24. 

  24.   deletion_protection        = var.environment == "test" ? "false" : "true"
    25. 

  25.   delete_automated_backups   = "true"
    26. 

  26.   engine                     = "postgres"
    27. 

  27.   engine_version             = var.environment == "test" ? "12" : "12.8"
    28. 

  28.   final_snapshot_identifier  = "customerportal"
    29. 

  29.   instance_class             = "db.t2.small"
    30. 

  30.   identifier                 = "customerportal"
    31. 

  31.   kms_key_id                 = aws_kms_key.customer_portal_kms.arn
    32. 

  32.   maintenance_window         = "Mon:00:00-Mon:03:00"
    33. 

  33.   db_name                    = "customerportal"
    34. 

  34.   password                   = var.environment == "test" ? "foobarbaz" : "050ff734-fb33-9248-13e4-7d8ad2e899a0"
    35. 

  35.   port                       = 5432
    36. 

  36.   skip_final_snapshot        = var.environment == "test" ? "true" : "false"
    37. 

  37.   storage_type               = "gp2"
    38. 

  38.   storage_encrypted          = "true"
    39. 

  39.   tags                       = merge(local.standard_tags, var.tags)
    40. 

  40.   username                   = "portal"
    41. 

  41.   vpc_security_group_ids     = [aws_security_group.postgres.id, ]
    42. 

  42. }
    43. 

  43. 

  44. #------------------------------------
    45. 

  45. # Security Groups
    46. 

  46. #------------------------------------
    47. 

  47. 

  48. resource "aws_security_group" "postgres" {
    49. 

  49.   name        = "customer_portal_postgres_inbound_sg"
    50. 

  50.   description = "Allow Customer Portal HTTP Traffic Inbound"
    51. 

  51.   vpc_id      = var.vpc_id
    52. 

  52. }
    53. 

  53. 

  54. resource "aws_security_group_rule" "customer_portal_postgres_inbound" {
    55. 

  55.   security_group_id = aws_security_group.postgres.id
    56. 

  56. 

  57.   type        = "ingress"
    58. 

  58.   from_port   = 5432
    59. 

  59.   to_port     = 5432
    60. 

  60.   protocol    = "tcp"
    61. 

  61.   cidr_blocks = ["10.0.0.0/8"]
    62. 

  62. }
    63.