| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- data "aws_rds_certificate" "latest" {
- latest_valid_till = true
- }
- locals {
- # GovCloud and Commercial use different CA certs
- ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
- }
- output "ca_cert_identifier" {
- value = {
- "current": local.ca_cert_identifier,
- "latest": data.aws_rds_certificate.latest.id
- }
- }
- module "jira_db" {
- source = "terraform-aws-modules/rds/aws"
- version = "~> v2.0"
- identifier = var.identifier # this is the RDS identifier, not the DB name
- name = "jira" # the DB name
- engine = "postgres"
- engine_version = "11.8"
- instance_class = var.instance_type
- allocated_storage = var.jira_rds_storage
- storage_encrypted = true
- kms_key_id = module.jira_key.key_arn
- ca_cert_identifier = local.ca_cert_identifier
- # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
- # "Error creating DB Instance: InvalidParameterValue: MasterUsername
- # user cannot be used as it is a reserved word used by the engine"
- username = "jira"
- password = "YourPwdShouldBeLongAndSecure!"
- port = "5432"
- vpc_security_group_ids = [ aws_security_group.jira_rds_sg.id ]
- backup_window = "00:00-03:00"
- maintenance_window = "Mon:03:00-Mon:06:00"
- # Backup retention is from 0 to 35
- backup_retention_period = var.environment == "test" ? 0 : 35
- tags = merge(var.standard_tags, var.tags)
- enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
- # DB subnet group
- subnet_ids = var.subnets
- # DB parameter group
- family = "postgres11"
- # DB option group
- major_engine_version = "11"
- # Snapshot name upon DB deletion
- final_snapshot_identifier = "${var.identifier}-final-snapshot"
- # Database Deletion Protection
- deletion_protection = var.instance_termination_protection
- }
|
