From 8722dbefed6436a325dd5c7f2445bc554353776f Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 13:14:20 +0530 Subject: [PATCH 1/5] updated the repo --- .gitignore | 2 +- README.md | 4 +- examples/complete-psql-replica/main.tf | 6 +- examples/complete/README.md | 4 + examples/complete/main.tf | 168 +++++++++++------- examples/complete/provider.tf | 4 +- helm/values/backup/values.yaml | 1 - helm/values/restore/values.yaml | 2 - main.tf | 60 ++++--- .../backup/templates/cronjob.yaml | 18 +- modules/db-backup-restore/main.tf | 36 ++-- .../restore/templates/job.yaml | 16 +- modules/db-backup-restore/roles.tf | 2 +- modules/db-backup-restore/variables.tf | 20 +-- variables.tf | 16 +- 15 files changed, 205 insertions(+), 154 deletions(-) diff --git a/.gitignore b/.gitignore index 6e255ef..f0174c7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ *.tfvars *.pem vars -.helmignore \ No newline at end of file +.helmignore diff --git a/README.md b/README.md index e5f5550..b8893f8 100644 --- a/README.md +++ b/README.md @@ -166,9 +166,9 @@ The required IAM permissions to create resources from this module can be found [ | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no | | [port](#input\_port) | The port number for the database | `number` | `5432` | no | -| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": ""
}
| no | | [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no | -| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "bucket_uri": "",
  "file_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "bucket_uri": "",
  "file_name": ""
}
| no | | [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no | | [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no | diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 3e2d328..b7245f7 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -115,16 +115,16 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. + #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. #And allow cluster security group in rds security group - # cluster_name = "cluster-name" + # cluster_name = "cluster-name" # namespace = local.namespace # create_namespace = local.create_namespace # postgresdb_backup_enabled = false # postgresdb_backup_config = { # postgres_database_name = "" # which database backup you want # s3_bucket_region = "" #s3 bucket region - # cron_for_full_backup = "*/3 * * * *" + # cron_for_full_backup = "*/3 * * * *" # bucket_uri = "s3://xyz" #s3 bucket uri # } # postgresdb_restore_enabled = false diff --git a/examples/complete/README.md b/examples/complete/README.md index b738988..214ceb5 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,9 +26,13 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| +<<<<<<< Updated upstream | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | +======= +| [rds-pg](#module\_rds-pg) | ../../ | n/a | +>>>>>>> Stashed changes ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 780dc90..0b41433 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,8 +10,13 @@ locals { instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn +<<<<<<< Updated upstream allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] custom_user_password = "" +======= + allowed_security_groups = ["sg-0c982318e4a801035"] + custom_user_password = "Amanrajj12" +>>>>>>> Stashed changes additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -22,6 +27,7 @@ locals { data "aws_caller_identity" "current" {} data "aws_region" "current" {} +<<<<<<< Updated upstream module "kms" { source = "terraform-aws-modules/kms/aws" version = "~> 1.0" @@ -31,74 +37,86 @@ module "kms" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" multi_region = true +======= +# module "kms" { +# source = "terraform-aws-modules/kms/aws" +# version = "~> 1.0" +# deletion_window_in_days = 7 +# description = "Complete key example showing various configurations available" +# enable_key_rotation = true +# is_enabled = true +# key_usage = "ENCRYPT_DECRYPT" +# multi_region = true +>>>>>>> Stashed changes - # Policy - enable_default_policy = true - key_owners = [local.current_identity] - key_administrators = [local.current_identity] - key_users = [local.current_identity] - key_service_users = [local.current_identity] - key_statements = [ - { - sid = "Allow use of the key" - actions = [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ] - resources = ["*"] +# # Policy +# enable_default_policy = true +# key_owners = [local.current_identity] +# key_administrators = [local.current_identity] +# key_users = [local.current_identity] +# key_service_users = [local.current_identity] +# key_statements = [ +# { +# sid = "Allow use of the key" +# actions = [ +# "kms:Encrypt*", +# "kms:Decrypt*", +# "kms:ReEncrypt*", +# "kms:GenerateDataKey*", +# "kms:Describe*" +# ] +# resources = ["*"] - principals = [ - { - type = "Service" - identifiers = [ - "monitoring.rds.amazonaws.com", - "rds.amazonaws.com", - ] - } - ] - }, - { - sid = "Enable IAM User Permissions" - actions = ["kms:*"] - resources = ["*"] +# principals = [ +# { +# type = "Service" +# identifiers = [ +# "monitoring.rds.amazonaws.com", +# "rds.amazonaws.com", +# ] +# } +# ] +# }, +# { +# sid = "Enable IAM User Permissions" +# actions = ["kms:*"] +# resources = ["*"] - principals = [ - { - type = "AWS" - identifiers = [ - "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", - data.aws_caller_identity.current.arn, - ] - } - ] - } - ] +# principals = [ +# { +# type = "AWS" +# identifiers = [ +# "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", +# data.aws_caller_identity.current.arn, +# ] +# } +# ] +# } +# ] - # Aliases - aliases = ["${local.name}"] +# # Aliases +# aliases = ["${local.name}"] - tags = local.additional_tags -} +# tags = local.additional_tags +# } -module "vpc" { - source = "squareops/vpc/aws" - name = local.name - vpc_cidr = local.vpc_cidr - environment = local.environment - availability_zones = ["us-east-2a", "us-east-2b"] - public_subnet_enabled = true - auto_assign_public_ip = true - intra_subnet_enabled = false - private_subnet_enabled = true - one_nat_gateway_per_az = false - database_subnet_enabled = true -} +# module "vpc" { +# source = "squareops/vpc/aws" +# name = local.name +# vpc_cidr = local.vpc_cidr +# environment = local.environment +# availability_zones = ["us-east-2a", "us-east-2b"] +# public_subnet_enabled = true +# auto_assign_public_ip = true +# intra_subnet_enabled = false +# private_subnet_enabled = true +# one_nat_gateway_per_az = false +# database_subnet_enabled = true +# } module "rds-pg" { +<<<<<<< Updated upstream source = "squareops/rds-postgresql/aws" name = local.name db_name = "test" @@ -109,10 +127,26 @@ module "rds-pg" { subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn +======= + # source = "squareops/rds-postgresql/aws" + source = "../../" + name = local.name + db_name = "test" + multi_az = "true" + family = local.family + # vpc_id = module.vpc.vpc_id + vpc_id = "vpc-0596c94ef9a8c1cf3" + allowed_security_groups = local.allowed_security_groups + # subnet_ids = module.vpc.database_subnets ## db subnets + subnet_ids = ["subnet-02d397a523ad1b92c", "subnet-0786584f53f23322d"] + environment = local.environment + kms_key_arn = "arn:aws:kms:us-east-1:767398031518:key/b2b4a98b-ea65-4ebd-b304-0660735e1580" + # kms_key_arn = module.kms.key_arn +>>>>>>> Stashed changes storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class - master_username = "admin" + master_username = "pguser" allocated_storage = "20" max_allocated_storage = 120 publicly_accessible = false @@ -132,18 +166,30 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group +<<<<<<< Updated upstream cluster_name = "" +======= + cluster_name = "non-prod-15nov" +>>>>>>> Stashed changes namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { +<<<<<<< Updated upstream postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases +======= + postgres_database_name = "dummydb" # Specify the database name or Leave empty if you wish to backup all databases +>>>>>>> Stashed changes cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri } - postgresdb_restore_enabled = false + postgresdb_restore_enabled = true postgresdb_restore_config = { bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. +<<<<<<< Updated upstream backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore +======= + backup_file_name = "dummydb_20241115100801.sql" #Give .sql or .zip file for restore +>>>>>>> Stashed changes } } diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index af8c494..9eda20a 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "" + name = "non-prod-15nov" } data "aws_eks_cluster_auth" "cluster" { - name = "" + name = "non-prod-15nov" } provider "kubernetes" { diff --git a/helm/values/backup/values.yaml b/helm/values/backup/values.yaml index 15fe1a8..ae304b5 100644 --- a/helm/values/backup/values.yaml +++ b/helm/values/backup/values.yaml @@ -1,7 +1,6 @@ ## Enable Full backup backup: bucket_uri: ${bucket_uri} - aws_default_region: ${s3_bucket_region} cron_for_full_backup: "${cron_for_full_backup}" postgres_database_name: "${postgres_database_name}" database_endpoint: "${db_endpoint}" diff --git a/helm/values/restore/values.yaml b/helm/values/restore/values.yaml index 5c9874b..13dbf8d 100644 --- a/helm/values/restore/values.yaml +++ b/helm/values/restore/values.yaml @@ -1,10 +1,8 @@ restore: bucket_uri: ${bucket_uri} - aws_default_region: ${s3_bucket_region} db_endpoint: "${db_endpoint}" db_password: "${db_password}" db_username: "${db_username}" - DB_NAME: "${DB_NAME}" backup_file_name: "${backup_file_name}" auth: diff --git a/main.tf b/main.tf index 7c31468..7f2d485 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,11 @@ data "aws_region" "current" {} data "aws_availability_zones" "available" {} locals { + + db_password = var.custom_user_password != "" ? var.custom_user_password : ( + length(random_password.master) > 0 ? element(random_password.master, 0).result : var.custom_user_password + ) + tags = { Automation = "true" Environment = var.environment @@ -153,7 +158,7 @@ module "security_group_rds" { } resource "aws_secretsmanager_secret" "secret_master_db" { - name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-passssss4") tags = merge( { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-postgres-pass") }, local.tags, @@ -167,16 +172,13 @@ resource "random_password" "master" { } resource "aws_secretsmanager_secret_version" "rds_credentials" { - count = length(random_password.master) > 0 ? 1 : 0 - secret_id = aws_secretsmanager_secret.secret_master_db.id - secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password, - "engine": "${var.engine}", - "host": "${module.db.db_instance_endpoint}" -} -EOF + secret_id = aws_secretsmanager_secret.secret_master_db.id + secret_string = jsonencode({ + username = module.db.db_instance_username + password = local.db_password + engine = var.engine + host = module.db.db_instance_endpoint + }) } # Cloudwatch alarms @@ -319,30 +321,30 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" { } module "backup_restore" { - depends_on = [module.db] - source = "./modules/db-backup-restore" - cluster_name = var.cluster_name - namespace = var.namespace - create_namespace = var.create_namespace + depends_on = [module.db] + source = "./modules/db-backup-restore" + cluster_name = var.cluster_name + namespace = var.namespace + create_namespace = var.create_namespace postgresdb_backup_enabled = var.postgresdb_backup_enabled postgresdb_backup_config = { - db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) - postgres_database_name = var.postgresdb_backup_config.postgres_database_name - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region - cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup + db_username = var.master_username + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + postgres_database_name = var.postgresdb_backup_config.postgres_database_name + # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup bucket_uri = var.postgresdb_backup_config.bucket_uri db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") } postgresdb_restore_enabled = var.postgresdb_restore_enabled - postgresdb_restore_config = { - db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") - db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) - bucket_uri = var.postgresdb_restore_config.bucket_uri - s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region - DB_NAME = var.postgresdb_restore_config.DB_NAME, - backup_file_name = var.postgresdb_restore_config.backup_file_name, + postgresdb_restore_config = { + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") + db_username = var.master_username + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + bucket_uri = var.postgresdb_restore_config.bucket_uri + # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region + # DB_NAME = var.postgresdb_restore_config.DB_NAME, + backup_file_name = var.postgresdb_restore_config.backup_file_name, } } diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml index 3f83bcd..f32d59e 100644 --- a/modules/db-backup-restore/backup/templates/cronjob.yaml +++ b/modules/db-backup-restore/backup/templates/cronjob.yaml @@ -18,20 +18,20 @@ spec: serviceAccountName: sa-postgres-backup containers: - name: backup-postgresdb - image: divyanshujain11/rds:postgres-backup-restore + image: amanravi12/postgresql-backup:v5 imagePullPolicy: Always - command: ["./backup.sh"] + command: ["/backup/backup_script.sh"] env: - - name: db_endpoint + - name: DB_HOST value: {{ .Values.backup.database_endpoint }} - - name: db_username + - name: DB_USER value: {{ .Values.backup.database_user }} - - name: db_password + - name: DB_PASSWORD value: {{ .Values.backup.database_password }} - - name: bucket_uri + - name: S3_BUCKET value: {{ .Values.backup.bucket_uri }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.backup.aws_default_region}} - - name: postgres_database_name + - name: DB_PORT + value: "5432" + - name: DB_NAME value: {{ .Values.backup.postgres_database_name }} resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }} diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf index 2ac2342..60c0f71 100644 --- a/modules/db-backup-restore/main.tf +++ b/modules/db-backup-restore/main.tf @@ -8,21 +8,22 @@ resource "kubernetes_namespace" "postgresdb" { resource "helm_release" "postgresdb_backup" { count = var.postgresdb_backup_enabled ? 1 : 0 + depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-backup" chart = "../../modules/db-backup-restore/backup" timeout = 600 namespace = var.namespace values = [ templatefile("../../helm/values/backup/values.yaml", { - bucket_uri = var.postgresdb_backup_config.bucket_uri, - postgres_database_name = var.postgresdb_backup_config.postgres_database_name, - db_endpoint = var.postgresdb_backup_config.db_endpoint, - db_password = var.postgresdb_backup_config.db_password , - db_username = var.postgresdb_backup_config.db_username , - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , - cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" - }) + bucket_uri = var.postgresdb_backup_config.bucket_uri, + postgres_database_name = var.postgresdb_backup_config.postgres_database_name, + db_endpoint = var.postgresdb_backup_config.db_endpoint, + db_password = var.postgresdb_backup_config.db_password, + db_username = var.postgresdb_backup_config.db_username, + # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" + }) ] } @@ -30,20 +31,19 @@ resource "helm_release" "postgresdb_backup" { ## DB dump restore resource "helm_release" "postgresdb_restore" { count = var.postgresdb_restore_enabled ? 1 : 0 + depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-restore" chart = "../../modules/db-backup-restore/restore" timeout = 600 namespace = var.namespace values = [ templatefile("../../helm/values/restore/values.yaml", { - bucket_uri = var.postgresdb_restore_config.bucket_uri, - db_endpoint = var.postgresdb_restore_config.db_endpoint , - db_password = var.postgresdb_restore_config.db_password, - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , - db_username = var.postgresdb_restore_config.db_username , - DB_NAME = var.postgresdb_restore_config.DB_NAME, - backup_file_name = var.postgresdb_restore_config.backup_file_name, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" + bucket_uri = var.postgresdb_restore_config.bucket_uri, + db_endpoint = var.postgresdb_restore_config.db_endpoint, + db_password = var.postgresdb_restore_config.db_password, + db_username = var.postgresdb_restore_config.db_username, + backup_file_name = var.postgresdb_restore_config.backup_file_name, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" }) ] -} \ No newline at end of file +} diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml index f39b80d..fa2e0fd 100644 --- a/modules/db-backup-restore/restore/templates/job.yaml +++ b/modules/db-backup-restore/restore/templates/job.yaml @@ -9,9 +9,9 @@ spec: serviceAccountName: sa-postgres-restore containers: - name: restore-postgresdb - image: divyanshujain11/rds:postgres-backup-restore + image: amanravi12/postgresql-restore:v6 imagePullPolicy: Always - command: ["./restore.sh"] + command: ["/restore/restore_script.sh"] env: - name: DB_HOST value: {{ .Values.restore.db_endpoint }} @@ -19,12 +19,14 @@ spec: value: {{ .Values.restore.db_username }} - name: DB_PASSWORD value: {{ .Values.restore.db_password }} - - name: bucket_uri + - name: POSTGRESQL_BUCKET_RESTORE_URI value: {{ .Values.restore.bucket_uri }} - - name: DB_NAME - value: {{ .Values.restore.DB_NAME }} - - name: backup_file_name + - name: DB_PORT + value: "5432" + # - name: DB_NAME + # value: {{ .Values.restore.DB_NAME }} + - name: RESTORE_FILE_NAME value: {{ .Values.restore.backup_file_name }} resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }} restartPolicy: Never - backoffLimit: 4 \ No newline at end of file + backoffLimit: 4 diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf index a19589b..0abc253 100644 --- a/modules/db-backup-restore/roles.tf +++ b/modules/db-backup-restore/roles.tf @@ -95,4 +95,4 @@ resource "aws_iam_role" "postgres_restore_role" { ] }) } -} \ No newline at end of file +} diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf index d2e7f8d..1a23f03 100644 --- a/modules/db-backup-restore/variables.tf +++ b/modules/db-backup-restore/variables.tf @@ -66,9 +66,9 @@ variable "cluster_name" { } variable "postgresdb_permission" { - default = false + default = false description = "access" - type = bool + type = bool } variable "bucket_provider_type" { @@ -93,10 +93,10 @@ variable "postgresdb_restore_enabled" { variable "postgresdb_backup_config" { type = map(string) default = { - bucket_uri = "" - s3_bucket_region = "" - cron_for_full_backup = "" - postgres_database_name = "" + bucket_uri = "" + s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" # db_endpoint="" } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." @@ -105,10 +105,10 @@ variable "postgresdb_backup_config" { variable "postgresdb_restore_config" { type = any default = { - bucket_uri = "" - file_name = "" - s3_bucket_region = "" - DB_NAME = "" + bucket_uri = "" + file_name = "" + # s3_bucket_region = "" + DB_NAME = "" backup_file_name = "" } description = "Configuration options for restoring dump to the MySQL database." diff --git a/variables.tf b/variables.tf index b8dc7b7..db9bf05 100644 --- a/variables.tf +++ b/variables.tf @@ -346,10 +346,10 @@ variable "bucket_provider_type" { variable "postgresdb_backup_config" { type = map(string) default = { - bucket_uri = "" - s3_bucket_region = "" - cron_for_full_backup = "" - postgres_database_name = "" + bucket_uri = "" + # s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" # db_endpoint="" } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." @@ -358,9 +358,9 @@ variable "postgresdb_backup_config" { variable "postgresdb_restore_config" { type = any default = { - bucket_uri = "" - file_name = "" - s3_bucket_region = "" + bucket_uri = "" + file_name = "" + # s3_bucket_region = "" } description = "Configuration options for restoring dump to the MySQL database." } @@ -369,4 +369,4 @@ variable "cluster_name" { type = string default = "" description = "Specifies the name of the EKS cluster to deploy the MySQL application on." -} \ No newline at end of file +} From e429c8cc016da0ea028c76a511ab936979595c8a Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 14:59:44 +0530 Subject: [PATCH 2/5] updated the repo --- examples/complete/main.tf | 166 ++++++++++++++------------------------ 1 file changed, 60 insertions(+), 106 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0b41433..8a26232 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,13 +10,8 @@ locals { instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn -<<<<<<< Updated upstream allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] custom_user_password = "" -======= - allowed_security_groups = ["sg-0c982318e4a801035"] - custom_user_password = "Amanrajj12" ->>>>>>> Stashed changes additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -27,7 +22,6 @@ locals { data "aws_caller_identity" "current" {} data "aws_region" "current" {} -<<<<<<< Updated upstream module "kms" { source = "terraform-aws-modules/kms/aws" version = "~> 1.0" @@ -37,86 +31,74 @@ module "kms" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" multi_region = true -======= -# module "kms" { -# source = "terraform-aws-modules/kms/aws" -# version = "~> 1.0" -# deletion_window_in_days = 7 -# description = "Complete key example showing various configurations available" -# enable_key_rotation = true -# is_enabled = true -# key_usage = "ENCRYPT_DECRYPT" -# multi_region = true ->>>>>>> Stashed changes -# # Policy -# enable_default_policy = true -# key_owners = [local.current_identity] -# key_administrators = [local.current_identity] -# key_users = [local.current_identity] -# key_service_users = [local.current_identity] -# key_statements = [ -# { -# sid = "Allow use of the key" -# actions = [ -# "kms:Encrypt*", -# "kms:Decrypt*", -# "kms:ReEncrypt*", -# "kms:GenerateDataKey*", -# "kms:Describe*" -# ] -# resources = ["*"] + # Policy + enable_default_policy = true + key_owners = [local.current_identity] + key_administrators = [local.current_identity] + key_users = [local.current_identity] + key_service_users = [local.current_identity] + key_statements = [ + { + sid = "Allow use of the key" + actions = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + resources = ["*"] -# principals = [ -# { -# type = "Service" -# identifiers = [ -# "monitoring.rds.amazonaws.com", -# "rds.amazonaws.com", -# ] -# } -# ] -# }, -# { -# sid = "Enable IAM User Permissions" -# actions = ["kms:*"] -# resources = ["*"] + principals = [ + { + type = "Service" + identifiers = [ + "monitoring.rds.amazonaws.com", + "rds.amazonaws.com", + ] + } + ] + }, + { + sid = "Enable IAM User Permissions" + actions = ["kms:*"] + resources = ["*"] -# principals = [ -# { -# type = "AWS" -# identifiers = [ -# "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", -# data.aws_caller_identity.current.arn, -# ] -# } -# ] -# } -# ] + principals = [ + { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", + data.aws_caller_identity.current.arn, + ] + } + ] + } + ] -# # Aliases -# aliases = ["${local.name}"] + # Aliases + aliases = ["${local.name}"] -# tags = local.additional_tags -# } + tags = local.additional_tags +} -# module "vpc" { -# source = "squareops/vpc/aws" -# name = local.name -# vpc_cidr = local.vpc_cidr -# environment = local.environment -# availability_zones = ["us-east-2a", "us-east-2b"] -# public_subnet_enabled = true -# auto_assign_public_ip = true -# intra_subnet_enabled = false -# private_subnet_enabled = true -# one_nat_gateway_per_az = false -# database_subnet_enabled = true -# } +module "vpc" { + source = "squareops/vpc/aws" + name = local.name + vpc_cidr = local.vpc_cidr + environment = local.environment + availability_zones = ["us-east-2a", "us-east-2b"] + public_subnet_enabled = true + auto_assign_public_ip = true + intra_subnet_enabled = false + private_subnet_enabled = true + one_nat_gateway_per_az = false + database_subnet_enabled = true +} module "rds-pg" { -<<<<<<< Updated upstream source = "squareops/rds-postgresql/aws" name = local.name db_name = "test" @@ -127,22 +109,6 @@ module "rds-pg" { subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn -======= - # source = "squareops/rds-postgresql/aws" - source = "../../" - name = local.name - db_name = "test" - multi_az = "true" - family = local.family - # vpc_id = module.vpc.vpc_id - vpc_id = "vpc-0596c94ef9a8c1cf3" - allowed_security_groups = local.allowed_security_groups - # subnet_ids = module.vpc.database_subnets ## db subnets - subnet_ids = ["subnet-02d397a523ad1b92c", "subnet-0786584f53f23322d"] - environment = local.environment - kms_key_arn = "arn:aws:kms:us-east-1:767398031518:key/b2b4a98b-ea65-4ebd-b304-0660735e1580" - # kms_key_arn = module.kms.key_arn ->>>>>>> Stashed changes storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class @@ -166,30 +132,18 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group -<<<<<<< Updated upstream cluster_name = "" -======= - cluster_name = "non-prod-15nov" ->>>>>>> Stashed changes namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { -<<<<<<< Updated upstream postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases -======= - postgres_database_name = "dummydb" # Specify the database name or Leave empty if you wish to backup all databases ->>>>>>> Stashed changes cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri } - postgresdb_restore_enabled = true + postgresdb_restore_enabled = false postgresdb_restore_config = { bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. -<<<<<<< Updated upstream backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore -======= - backup_file_name = "dummydb_20241115100801.sql" #Give .sql or .zip file for restore ->>>>>>> Stashed changes } } From e9f34cde7c7cae63ac7612083bd5e0afe58c1466 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:06:05 +0530 Subject: [PATCH 3/5] updated readme file --- examples/complete/README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/examples/complete/README.md b/examples/complete/README.md index 214ceb5..b738988 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,13 +26,9 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| -<<<<<<< Updated upstream | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | -======= -| [rds-pg](#module\_rds-pg) | ../../ | n/a | ->>>>>>> Stashed changes ## Resources From b563e9ecfc41c7e5d6c8bbd85c983ef42096bca6 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:08:49 +0530 Subject: [PATCH 4/5] updated readme file --- examples/complete/provider.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index 9eda20a..af8c494 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "non-prod-15nov" + name = "" } data "aws_eks_cluster_auth" "cluster" { - name = "non-prod-15nov" + name = "" } provider "kubernetes" { From 1ff5b733bf4aacdd75cb3e918acf69f7cca16275 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:09:53 +0530 Subject: [PATCH 5/5] updated readme file --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 7f2d485..9aa3795 100644 --- a/main.tf +++ b/main.tf @@ -158,7 +158,7 @@ module "security_group_rds" { } resource "aws_secretsmanager_secret" "secret_master_db" { - name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-passssss4") + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") tags = merge( { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-postgres-pass") }, local.tags,