Domů Procházet Nápověda
Registrovat se Přihlásit se
AFS
/
xdr-terraform-modules
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: fcde24402e
Větve Značky
xdr-terraform-m...
/
base
/
rhsso
/
rds.tf

rds.tf 2.5 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. data "aws_rds_certificate" "latest" {
    2. 

  2.   latest_valid_till = true
    3. 

  3. }
    4. 

  4. 

  5. locals {
    6. 

  6.   # GovCloud and Commercial use different CA certs
    7. 

  7.   ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-rsa4096-g1"
    8. 

  8. }
    9. 

  9. 

  10. output "ca_cert_identifier" {
    11. 

  11.   value = {
    12. 

  12.     "current": local.ca_cert_identifier,
    13. 

  13.     "latest":  data.aws_rds_certificate.latest.id
    14. 

  14.   }
    15. 

  15. }
    16. 

  16. 

  17. resource "random_password" "password" {
    18. 

  18.   keepers          = {
    19. 

  19.     "version": 1 # increment to change the password
    20. 

  20.     # n.b. you could add other stuff to make this change automatically, e.g.
    21. 

  21.     # "instance_type": var.instance_type
    22. 

  22.     # Would then change this password every time the instance type changes.
    23. 

  23.   }
    24. 

  24.   length           = 32
    25. 

  25.   special          = true
    26. 

  26.   min_lower = 1
    27. 

  27.   min_numeric = 1
    28. 

  28.   min_upper = 1
    29. 

  29.   min_special = 1
    30. 

  30.   override_special = "~!%^()-_+"
    31. 

  31. }
    32. 

  32. 

  33. module "rhsso_db" {
    34. 

  34.   source = "terraform-aws-modules/rds/aws"
    35. 

  35.   version = "~> v3.0"
    36. 

  36. 

  37.   identifier = var.identifier # this is the RDS identifier, not the DB name
    38. 

  38.   name = "rhsso" # the DB name
    39. 

  39. 

  40.   engine             = "postgres"
    41. 

  41.   #engine_version     = "12.7" # leave this disabled if you're doing auto_minor_version upgrades
    42. 

  42.   instance_class     = var.db_instance_type
    43. 

  43.   allocated_storage  = var.rds_storage
    44. 

  44.   storage_encrypted  = true
    45. 

  45.   kms_key_id = module.rhsso_key.key_arn
    46. 

  46.   apply_immediately  = true # do not wait for maintenance window for changes
    47. 

  47.   ca_cert_identifier = local.ca_cert_identifier
    48. 

  48. 

  49.   auto_minor_version_upgrade = true
    50. 

  50.   allow_major_version_upgrade = false
    51. 

  51. 

  52.   # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
    53. 

  53.   # "Error creating DB Instance: InvalidParameterValue: MasterUsername
    54. 

  54.   # user cannot be used as it is a reserved word used by the engine"
    55. 

  55.   username = "rhsso"
    56. 

  56.   password = random_password.password.result
    57. 

  57. 

  58.   port     = "5432"
    59. 

  59. 

  60.   vpc_security_group_ids = [ aws_security_group.rhsso_rds_sg.id ]
    61. 

  61. 

  62.   backup_window      = "00:00-03:00"
    63. 

  63.   maintenance_window = "Mon:03:00-Mon:06:00"
    64. 

  64. 

  65.   # disable backups to create DB faster
    66. 

  66.   backup_retention_period = var.environment == "test" ? 0 : 35
    67. 

  67. 

  68.   tags = merge(var.standard_tags, var.tags)
    69. 

  69. 

  70.   enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
    71. 

  71. 

  72.   # DB subnet group
    73. 

  73.   subnet_ids = var.private_subnets
    74. 

  74. 

  75.   # DB parameter group
    76. 

  76.   family = "postgres12"
    77. 

  77. 

  78.   # DB option group
    79. 

  79.   major_engine_version = "12"
    80. 

  80. 

  81.   # Snapshot name upon DB deletion
    82. 

  82.   final_snapshot_identifier_prefix = "${var.identifier}-final-snapshot"
    83. 

  83. 

  84.   # Database Deletion Protection
    85. 

  85.   deletion_protection = var.instance_termination_protection
    86. 

  86. }
    87.