From 24f996cf8bfaf63269c726f839a34e3e2fc7c99e Mon Sep 17 00:00:00 2001 From: "yuvraj.singh" Date: Thu, 14 Sep 2023 20:06:14 +0530 Subject: [PATCH 1/8] added replica option --- README.md | 42 ++++++--- example/complete-psql-replica/README.md | 48 ++++++++++ example/complete-psql-replica/main.tf | 102 ++++++++++++++++++++++ example/complete-psql-replica/output.tf | 48 ++++++++++ example/complete-psql-replica/provider.tf | 6 ++ example/complete-psql-replica/version.tf | 9 ++ example/complete/README.md | 16 +++- example/complete/main.tf | 95 ++++++++++++++++---- example/complete/output.tf | 14 +++ example/complete/provider.tf | 2 +- main.tf | 86 +++++++++++++++++- outputs.tf | 21 ++++- variables.tf | 62 +++++++++++-- versions.tf | 2 +- 14 files changed, 505 insertions(+), 48 deletions(-) create mode 100644 example/complete-psql-replica/README.md create mode 100644 example/complete-psql-replica/main.tf create mode 100644 example/complete-psql-replica/output.tf create mode 100644 example/complete-psql-replica/provider.tf create mode 100644 example/complete-psql-replica/version.tf diff --git a/README.md b/README.md index b5db781..1786c8f 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,8 @@ module "rds-pg" { multi_az = "true" subnet_ids = ["subnet-b39cfc", "subnet-090b8d8"] environment = "prod" + storage_type = "gp3" + replica_enable = false kms_key_arn = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b" engine_version = "15.2" instance_class = "db.m5.large" @@ -54,29 +56,34 @@ The required IAM permissions to create resources from this module can be found [ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | 3.43.0 | +| [aws](#requirement\_aws) | 5.13.1 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.43.0 | +| [aws](#provider\_aws) | 5.13.1 | +| [random](#provider\_random) | 3.5.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| [db](#module\_db) | terraform-aws-modules/rds/aws | ~> 3.0 | +| [db](#module\_db) | terraform-aws-modules/rds/aws | 6.1.0 | +| [db\_replica](#module\_db\_replica) | terraform-aws-modules/rds/aws | 6.1.0 | | [security\_group\_rds](#module\_security\_group\_rds) | terraform-aws-modules/security-group/aws | ~> 4 | ## Resources | Name | Type | |------|------| -| [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/security_group_rule) | resource | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/data-sources/availability_zones) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/data-sources/region) | data source | +| [aws_secretsmanager_secret.secret_master_db](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.rds_credentials](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret_version) | resource | +| [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | +| [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/availability_zones) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/region) | data source | ## Inputs @@ -88,12 +95,13 @@ The required IAM permissions to create resources from this module can be found [ | [allowed\_security\_groups](#input\_allowed\_security\_groups) | A list of Security Group IDs to allow access to the database | `list(any)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately or during the next maintenance window | `bool` | `false` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | The number of days to retain backups for | `number` | `5` | no | -| [backup\_window](#input\_backup\_window) | The preferred window for taking automated backups of the database | `string` | `""` | no | -| [create\_random\_password](#input\_create\_random\_password) | Whether to create a random password for the RDS primary cluster | `bool` | `true` | no | +| [backup\_window](#input\_backup\_window) | The preferred window for taking automated backups of the database | `string` | `"03:00-06:00"` | no | +| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Whether to create a security group for the database | `bool` | `true` | no | | [db\_name](#input\_db\_name) | The name of the automatically created database on cluster creation | `string` | `""` | no | | [deletion\_protection](#input\_deletion\_protection) | Specifies whether accidental deletion protection is enabled | `bool` | `true` | no | | [enable\_ssl\_connection](#input\_enable\_ssl\_connection) | Whether to enable SSL connection to the database | `bool` | `false` | no | +| [enable\_storage\_autoscaling](#input\_enable\_storage\_autoscaling) | Whether enable storage autoscaling or not | `bool` | `true` | no | | [engine](#input\_engine) | The name of the database engine to be used for this DB cluster | `string` | `"postgres"` | no | | [engine\_version](#input\_engine\_version) | The database engine version. Updating this argument results in an outage | `string` | `""` | no | | [environment](#input\_environment) | Select enviroment type: dev, demo, prod | `string` | `""` | no | @@ -101,18 +109,25 @@ The required IAM permissions to create resources from this module can be found [ | [final\_snapshot\_identifier\_prefix](#input\_final\_snapshot\_identifier\_prefix) | The prefix name for the final snapshot on cluster destroy | `string` | `"final"` | no | | [instance\_class](#input\_instance\_class) | The instance type for the database | `string` | `"db.m5.large"` | no | | [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN for the KMS encryption key. Set this to the destination KMS ARN when creating an encrypted replica. If storage\_encrypted is set to true and kms\_key\_id is not specified, the default KMS key created in your account will be used | `string` | `null` | no | -| [maintenance\_window](#input\_maintenance\_window) | The preferred window for performing database maintenance | `string` | `""` | no | +| [maintenance\_window](#input\_maintenance\_window) | The preferred window for performing database maintenance | `string` | `"Mon:00:00-Mon:03:00"` | no | | [major\_engine\_version](#input\_major\_engine\_version) | The major engine version for the database. Updating this argument results in an outage | `string` | `""` | no | +| [manage\_master\_user\_password](#input\_manage\_master\_user\_password) | Whether to manage the master user password of the RDS primary cluster automatically | `bool` | `false` | no | | [master\_username](#input\_master\_username) | The username for the RDS primary cluster | `string` | `""` | no | +| [max\_allocated\_storage](#input\_max\_allocated\_storage) | The Maximum storage capacity for the database value after autoscaling | `number` | `null` | no | | [multi\_az](#input\_multi\_az) | Enable multi-AZ for disaster recovery | `bool` | `false` | no | | [name](#input\_name) | The name of the RDS instance | `string` | `""` | no | +| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | +| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no | | [port](#input\_port) | The port number for the database | `number` | `5432` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no | -| [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 10) | `number` | `10` | no | +| [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no | +| [replica\_count](#input\_replica\_count) | The number of replica instance | `number` | `1` | no | +| [replica\_enable](#input\_replica\_enable) | Whether enable replica DB | `bool` | `false` | no | | [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a replicate database, and uses the specified value as the source database identifier | `string` | `null` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB instance is deleted. If set to true, no DB snapshot is created. If set to false, a DB snapshot is created before the DB instance is deleted, using the value from final\_snapshot\_identifier | `bool` | `true` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether to create the database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05 | `string` | `null` | no | | [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether to enable database encryption | `bool` | `true` | no | +| [storage\_type](#input\_storage\_type) | The storage type for the database storage like gp2,gp3,io1 | `string` | `"gp2"` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs used by the database subnet group | `list(any)` | `[]` | no | | [vpc\_id](#input\_vpc\_id) | The ID of the VPC where the RDS cluster will be deployed | `string` | `""` | no | @@ -122,11 +137,14 @@ The required IAM permissions to create resources from this module can be found [ |------|-------------| | [db\_instance\_endpoint](#output\_db\_instance\_endpoint) | Connection endpoint of the RDS instance. | | [db\_instance\_name](#output\_db\_instance\_name) | Name of the database instance | -| [db\_instance\_password](#output\_db\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). | +| [db\_instance\_password](#output\_db\_instance\_password) | Password for accessing the database. | | [db\_instance\_username](#output\_db\_instance\_username) | Master username for accessing the database. | | [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. | | [db\_subnet\_group\_id](#output\_db\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. | +| [master\_credential\_secret\_arn](#output\_master\_credential\_secret\_arn) | The ARN of the master user secret (Only available when manage\_master\_user\_password is set to true) | | [rds\_dedicated\_security\_group](#output\_rds\_dedicated\_security\_group) | ID of the security group associated with the RDS instance. | +| [replica\_db\_instance\_endpoint](#output\_replica\_db\_instance\_endpoint) | Connection endpoint of the RDS instance. | +| [replica\_db\_instance\_name](#output\_replica\_db\_instance\_name) | Name of the replica database s | ## Contribute & Issue Report diff --git a/example/complete-psql-replica/README.md b/example/complete-psql-replica/README.md new file mode 100644 index 0000000..3544f58 --- /dev/null +++ b/example/complete-psql-replica/README.md @@ -0,0 +1,48 @@ +## PostgreSQL with Replica Example +![squareops_avatar] + +[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png + +### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey. +
+ +This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 3.43.0 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [rds-pg](#module\_rds-pg) | squareops/postgresql-rds/aws | n/a | + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [instance\_endpoint](#output\_instance\_endpoint) | Connection endpoint of the RDS instance. | +| [instance\_name](#output\_instance\_name) | Name of the database instance. | +| [instance\_password](#output\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). | +| [instance\_username](#output\_instance\_username) | Master username for accessing the database. | +| [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. | +| [security\_group](#output\_security\_group) | ID of the security group associated with the RDS instance. | +| [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. | + diff --git a/example/complete-psql-replica/main.tf b/example/complete-psql-replica/main.tf new file mode 100644 index 0000000..d46b29e --- /dev/null +++ b/example/complete-psql-replica/main.tf @@ -0,0 +1,102 @@ +locals { + region = "ap-south-1" + environment = "dev" + name = "module-test" + additional_aws_tags = { + Owner = "SquareOps" + Expires = "Never" + Department = "Engineering" + } + vpc_cidr = "10.20.0.0/16" + family = "postgres15" + kms_key_arn = "arn:aws:kms:ap-south-1:271251951598:key/4d866bc6-b842-4848-b2d0-cb74ac2e9752" + engine_version = "15.2" + current_identity = data.aws_caller_identity.current.arn + instance_class = "db.m5d.large" +} + +data "aws_caller_identity" "current" {} +data "aws_region" "current" {} + +module "kms" { + source = "terraform-aws-modules/kms/aws" + + deletion_window_in_days = 7 + description = "Complete key example showing various configurations available" + enable_key_rotation = false + is_enabled = true + key_usage = "ENCRYPT_DECRYPT" + multi_region = false + + # Policy + enable_default_policy = true + key_owners = [local.current_identity] + key_administrators = [local.current_identity] + key_users = [local.current_identity] + key_service_users = [local.current_identity] + key_statements = [ + { + sid = "CloudWatchLogs" + actions = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + resources = ["*"] + + principals = [ + { + type = "AWS" + identifiers = ["*"] + } + ] + } + ] + + # Aliases + aliases = ["${local.name}"] + + tags = local.additional_aws_tags +} + + +module "vpc" { + source = "squareops/vpc/aws" + name = local.name + vpc_cidr = local.vpc_cidr + environment = local.environment + availability_zones = ["ap-south-1a", "ap-south-1b"] + public_subnet_enabled = true + auto_assign_public_ip = true + intra_subnet_enabled = false + private_subnet_enabled = true + one_nat_gateway_per_az = false + database_subnet_enabled = true +} + +module "rds-pg" { + source = "../.." + replica_enable = true + name = local.name + db_name = "postgres" + multi_az = "true" + family = local.family + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.database_subnets ## db subnets + environment = local.environment + kms_key_arn = module.kms.key_arn + engine_version = local.engine_version + instance_class = local.instance_class + master_username = "pguser" + allocated_storage = "20" + max_allocated_storage = 120 + publicly_accessible = false + skip_final_snapshot = true + backup_window = "03:00-06:00" + maintenance_window = "Mon:00:00-Mon:03:00" + final_snapshot_identifier_prefix = "final" + major_engine_version = local.engine_version + deletion_protection = false +} diff --git a/example/complete-psql-replica/output.tf b/example/complete-psql-replica/output.tf new file mode 100644 index 0000000..3c7f2e2 --- /dev/null +++ b/example/complete-psql-replica/output.tf @@ -0,0 +1,48 @@ +output "instance_endpoint" { + description = "Connection endpoint of the RDS instance." + value = module.rds-pg.db_instance_endpoint +} +output "replica_instances_endpoints" { + description = "Connection endpoint of the RDS replica instances." + value = module.rds-pg.replica_db_instance_endpoint +} + +output "instance_name" { + description = "Name of the database instance." + value = module.rds-pg.db_instance_name +} + +output "rds-mysql_replica_db_instance_name" { + description = "The name of the database instance" + value = module.rds-pg.replica_db_instance_name +} + +output "instance_username" { + description = "Master username for accessing the database." + value = module.rds-pg.db_instance_username +} + +output "instance_password" { + description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)." + value = module.rds-pg.db_instance_password + sensitive = false +} + +output "security_group" { + description = "ID of the security group associated with the RDS instance." + value = module.rds-pg.rds_dedicated_security_group +} + +output "parameter_group_id" { + description = "ID of the parameter group associated with the RDS instance." + value = module.rds-pg.db_parameter_group_id +} + +output "subnet_group_id" { + description = "ID of the subnet group associated with the RDS instance." + value = module.rds-pg.db_subnet_group_id +} + +output "master_user_secret_arn" { + value = module.rds-pg.master_credential_secret_arn +} \ No newline at end of file diff --git a/example/complete-psql-replica/provider.tf b/example/complete-psql-replica/provider.tf new file mode 100644 index 0000000..1536871 --- /dev/null +++ b/example/complete-psql-replica/provider.tf @@ -0,0 +1,6 @@ +provider "aws" { + region = local.region + default_tags { + tags = local.additional_aws_tags + } +} diff --git a/example/complete-psql-replica/version.tf b/example/complete-psql-replica/version.tf new file mode 100644 index 0000000..515c2d2 --- /dev/null +++ b/example/complete-psql-replica/version.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.43.0" + } + } +} diff --git a/example/complete/README.md b/example/complete/README.md index 8dfe471..000c74c 100644 --- a/example/complete/README.md +++ b/example/complete/README.md @@ -18,17 +18,24 @@ This example will be very useful for users who are new to a module and want to q ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.13.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| [rds-pg](#module\_rds-pg) | squareops/postgresql-rds/aws | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | +| [rds-pg](#module\_rds-pg) | ../.. | n/a | +| [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs @@ -42,7 +49,10 @@ No inputs. | [instance\_name](#output\_instance\_name) | Name of the database instance. | | [instance\_password](#output\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). | | [instance\_username](#output\_instance\_username) | Master username for accessing the database. | +| [master\_user\_secret\_arn](#output\_master\_user\_secret\_arn) | n/a | | [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. | +| [rds-mysql\_replica\_db\_instance\_name](#output\_rds-mysql\_replica\_db\_instance\_name) | The name of the database instance | +| [replica\_instances\_endpoints](#output\_replica\_instances\_endpoints) | Connection endpoint of the RDS replica instances. | | [security\_group](#output\_security\_group) | ID of the security group associated with the RDS instance. | | [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. | diff --git a/example/complete/main.tf b/example/complete/main.tf index 2d4410f..27a867e 100644 --- a/example/complete/main.tf +++ b/example/complete/main.tf @@ -1,41 +1,102 @@ locals { - region = "us-east-2" - name = "postgresql" - vpc_id = "vpc-00ae5571c1" - family = "postgres15" - subnet_ids = ["subnet-0d9a8193d2a6e","subnet-0fd263dc9e73d"] - environment = "prod" - kms_key_arn = "arn:aws:kms:us-east-2:22222222:key/73ff9e84-83e1-fe29623338a9" - engine_version = "15.2" - instance_class = "db.m5d.large" - allowed_security_groups = ["sg-0a680afd35"] - additional_tags = { - Owner = "Organization_Name" + region = "ap-south-1" + environment = "dev" + name = "module-test" + additional_aws_tags = { + Owner = "SquareOps" Expires = "Never" Department = "Engineering" } + vpc_cidr = "10.20.0.0/16" + family = "postgres15" + engine_version = "15.2" + current_identity = data.aws_caller_identity.current.arn + instance_class = "db.m5d.large" + storage_type = "gp3" +} + +data "aws_caller_identity" "current" {} +data "aws_region" "current" {} + +module "kms" { + source = "terraform-aws-modules/kms/aws" + + deletion_window_in_days = 7 + description = "Complete key example showing various configurations available" + enable_key_rotation = false + is_enabled = true + key_usage = "ENCRYPT_DECRYPT" + multi_region = false + + # Policy + enable_default_policy = true + key_owners = [local.current_identity] + key_administrators = [local.current_identity] + key_users = [local.current_identity] + key_service_users = [local.current_identity] + key_statements = [ + { + sid = "CloudWatchLogs" + actions = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + resources = ["*"] + + principals = [ + { + type = "AWS" + identifiers = ["*"] + } + ] + } + ] + + # Aliases + aliases = ["${local.name}"] + + tags = local.additional_aws_tags +} + + +module "vpc" { + source = "squareops/vpc/aws" + name = local.name + vpc_cidr = local.vpc_cidr + environment = local.environment + availability_zones = ["ap-south-1a", "ap-south-1b"] + public_subnet_enabled = true + auto_assign_public_ip = true + intra_subnet_enabled = false + private_subnet_enabled = true + one_nat_gateway_per_az = false + database_subnet_enabled = true } module "rds-pg" { - source = "squareops/rds-postgresql/aws" + source = "../.." name = local.name db_name = "postgres" multi_az = "true" family = local.family - vpc_id = local.vpc_id - subnet_ids = local.subnet_ids ## db subnets + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment - kms_key_arn = local.kms_key_arn + kms_key_arn = module.kms.key_arn + storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class master_username = "pguser" allocated_storage = "20" + max_allocated_storage = 120 publicly_accessible = false skip_final_snapshot = true backup_window = "03:00-06:00" maintenance_window = "Mon:00:00-Mon:03:00" final_snapshot_identifier_prefix = "final" - allowed_security_groups = local.allowed_security_groups major_engine_version = local.engine_version deletion_protection = false } diff --git a/example/complete/output.tf b/example/complete/output.tf index 9ac5552..3c7f2e2 100644 --- a/example/complete/output.tf +++ b/example/complete/output.tf @@ -2,12 +2,21 @@ output "instance_endpoint" { description = "Connection endpoint of the RDS instance." value = module.rds-pg.db_instance_endpoint } +output "replica_instances_endpoints" { + description = "Connection endpoint of the RDS replica instances." + value = module.rds-pg.replica_db_instance_endpoint +} output "instance_name" { description = "Name of the database instance." value = module.rds-pg.db_instance_name } +output "rds-mysql_replica_db_instance_name" { + description = "The name of the database instance" + value = module.rds-pg.replica_db_instance_name +} + output "instance_username" { description = "Master username for accessing the database." value = module.rds-pg.db_instance_username @@ -16,6 +25,7 @@ output "instance_username" { output "instance_password" { description = "Password for accessing the database (Note: Terraform does not track this password after initial creation)." value = module.rds-pg.db_instance_password + sensitive = false } output "security_group" { @@ -32,3 +42,7 @@ output "subnet_group_id" { description = "ID of the subnet group associated with the RDS instance." value = module.rds-pg.db_subnet_group_id } + +output "master_user_secret_arn" { + value = module.rds-pg.master_credential_secret_arn +} \ No newline at end of file diff --git a/example/complete/provider.tf b/example/complete/provider.tf index 369af88..1536871 100644 --- a/example/complete/provider.tf +++ b/example/complete/provider.tf @@ -1,6 +1,6 @@ provider "aws" { region = local.region default_tags { - tags = local.additional_tags + tags = local.additional_aws_tags } } diff --git a/main.tf b/main.tf index 32b5830..2c37311 100644 --- a/main.tf +++ b/main.tf @@ -10,20 +10,26 @@ locals { module "db" { source = "terraform-aws-modules/rds/aws" - version = "~> 3.0" + version = "6.1.0" identifier = format("%s-%s", var.environment, var.name) - name = var.db_name + db_name = var.db_name port = var.port engine = var.engine username = var.master_username + password = var.manage_master_user_password ? null : random_password.master[0].result multi_az = var.multi_az subnet_ids = var.subnet_ids kms_key_id = var.kms_key_arn instance_class = var.instance_class + storage_type = var.storage_type engine_version = var.engine_version allocated_storage = var.allocated_storage storage_encrypted = var.storage_encrypted + max_allocated_storage = var.enable_storage_autoscaling && var.max_allocated_storage != ""? var.max_allocated_storage : null publicly_accessible = var.publicly_accessible + performance_insights_enabled = var.performance_insights_enabled + performance_insights_retention_period = var.performance_insights_retention_period + create_db_subnet_group = var.create_db_subnet_group replicate_source_db = var.replicate_source_db vpc_security_group_ids = split(",", module.security_group_rds.security_group_id) skip_final_snapshot = var.skip_final_snapshot @@ -32,8 +38,9 @@ module "db" { backup_window = var.backup_window apply_immediately = var.apply_immediately backup_retention_period = var.backup_retention_period - random_password_length = var.random_password_length - create_random_password = var.create_random_password + manage_master_user_password = var.manage_master_user_password ? true : false + # random_password_length = var.random_password_length + # create_random_password = var.create_random_password monitoring_interval = "30" monitoring_role_name = format("%s-%s-RDSPostgresql", var.name, var.environment) create_monitoring_role = true @@ -54,6 +61,50 @@ module "db" { deletion_protection = var.deletion_protection } +module "db_replica" { + source = "terraform-aws-modules/rds/aws" + version = "6.1.0" + count = var.replica_enable ? var.replica_count : 0 + identifier = format("%s-%s-%s", var.environment, var.name, "replica") + port = var.port + engine = var.engine + multi_az = var.multi_az + kms_key_id = var.kms_key_arn + instance_class = var.instance_class + storage_type = var.storage_type + engine_version = var.engine_version + storage_encrypted = var.storage_encrypted + publicly_accessible = var.publicly_accessible + replicate_source_db = module.db.db_instance_identifier + vpc_security_group_ids = split(",", module.security_group_rds.security_group_id) + skip_final_snapshot = var.skip_final_snapshot + snapshot_identifier = var.snapshot_identifier + maintenance_window = var.maintenance_window + backup_window = var.backup_window + apply_immediately = var.apply_immediately + backup_retention_period = var.backup_retention_period + monitoring_interval = "30" + monitoring_role_arn = module.db.enhanced_monitoring_iam_role_arn + create_monitoring_role = false + create_cloudwatch_log_group = false + final_snapshot_identifier_prefix = var.final_snapshot_identifier_prefix + enabled_cloudwatch_logs_exports = ["postgresql"] + tags = merge( + { "Name" = format("%s-%s", var.environment, var.name) }, + local.tags, + ) + + # DB parameter group + family = var.family + + # DB option group + major_engine_version = var.major_engine_version + + # Database Deletion Protection + deletion_protection = var.deletion_protection + depends_on = [ module.db ] +} + resource "aws_security_group_rule" "default_ingress" { count = var.create_security_group && length(var.allowed_security_groups) > 0 ? 1 : 0 @@ -102,3 +153,30 @@ module "security_group_rds" { local.tags, ) } + +resource "aws_secretsmanager_secret" "secret_master_db" { + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") + tags = merge( + { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-mysql-pass") }, + local.tags, + ) +} + +resource "random_password" "master"{ + count = var.manage_master_user_password ? 0 : 1 + length = var.random_password_length + special = false +} + +resource "aws_secretsmanager_secret_version" "rds_credentials" { + count = var.manage_master_user_password ? 0 : 1 + secret_id = aws_secretsmanager_secret.secret_master_db.id + secret_string = < Date: Fri, 15 Sep 2023 16:42:38 +0530 Subject: [PATCH 2/8] updated parameters and README --- README.md | 1 + example/complete-psql-replica/README.md | 16 ++++++-- example/complete-psql-replica/main.tf | 20 +++++----- example/complete/main.tf | 49 +++++++++++++++++-------- 4 files changed, 59 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 1786c8f..01ca6dd 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ This Terraform module provisions an Amazon RDS PostgreSQL database on AWS. Amazo 6. Supports encryption at rest using AWS Key Management Service (KMS) for enhanced security. 7. Enables fine-grained control over network access through security groups and VPC settings. 8. Offers customizable tags for resource categorization and management. + 9. Supports useful features to enable storage autoscaling and Replica configuration with desired number of replicas. ## Usage Examples ```hcl diff --git a/example/complete-psql-replica/README.md b/example/complete-psql-replica/README.md index 3544f58..76522b4 100644 --- a/example/complete-psql-replica/README.md +++ b/example/complete-psql-replica/README.md @@ -18,17 +18,24 @@ This example will be very useful for users who are new to a module and want to q ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 5.13.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| [rds-pg](#module\_rds-pg) | squareops/postgresql-rds/aws | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | +| [rds-pg](#module\_rds-pg) | ../.. | n/a | +| [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs @@ -42,7 +49,10 @@ No inputs. | [instance\_name](#output\_instance\_name) | Name of the database instance. | | [instance\_password](#output\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). | | [instance\_username](#output\_instance\_username) | Master username for accessing the database. | +| [master\_user\_secret\_arn](#output\_master\_user\_secret\_arn) | n/a | | [parameter\_group\_id](#output\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. | +| [rds-mysql\_replica\_db\_instance\_name](#output\_rds-mysql\_replica\_db\_instance\_name) | The name of the database instance | +| [replica\_instances\_endpoints](#output\_replica\_instances\_endpoints) | Connection endpoint of the RDS replica instances. | | [security\_group](#output\_security\_group) | ID of the security group associated with the RDS instance. | | [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. | diff --git a/example/complete-psql-replica/main.tf b/example/complete-psql-replica/main.tf index d46b29e..79535d1 100644 --- a/example/complete-psql-replica/main.tf +++ b/example/complete-psql-replica/main.tf @@ -1,18 +1,19 @@ locals { - region = "ap-south-1" - environment = "dev" - name = "module-test" + region = "us-east-2" + environment = "prod" + name = "postgresql" additional_aws_tags = { - Owner = "SquareOps" + Owner = "Organization_Name" Expires = "Never" Department = "Engineering" } vpc_cidr = "10.20.0.0/16" family = "postgres15" - kms_key_arn = "arn:aws:kms:ap-south-1:271251951598:key/4d866bc6-b842-4848-b2d0-cb74ac2e9752" engine_version = "15.2" current_identity = data.aws_caller_identity.current.arn instance_class = "db.m5d.large" + replica_enable = true + replica_count = 1 } data "aws_caller_identity" "current" {} @@ -67,7 +68,7 @@ module "vpc" { name = local.name vpc_cidr = local.vpc_cidr environment = local.environment - availability_zones = ["ap-south-1a", "ap-south-1b"] + availability_zones = ["us-east-2a", "us-east-2b"] public_subnet_enabled = true auto_assign_public_ip = true intra_subnet_enabled = false @@ -77,12 +78,13 @@ module "vpc" { } module "rds-pg" { - source = "../.." - replica_enable = true + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" multi_az = "true" family = local.family + replica_enable = local.replica_enable + replica_count = local.replica_count vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment @@ -91,7 +93,7 @@ module "rds-pg" { instance_class = local.instance_class master_username = "pguser" allocated_storage = "20" - max_allocated_storage = 120 + max_allocated_storage = 120 publicly_accessible = false skip_final_snapshot = true backup_window = "03:00-06:00" diff --git a/example/complete/main.tf b/example/complete/main.tf index 27a867e..e478b14 100644 --- a/example/complete/main.tf +++ b/example/complete/main.tf @@ -1,18 +1,19 @@ locals { - region = "ap-south-1" - environment = "dev" - name = "module-test" - additional_aws_tags = { - Owner = "SquareOps" + region = "us-east-2" + name = "postgresql" + family = "postgres15" + environment = "prod" + engine_version = "15.2" + instance_class = "db.m5d.large" + vpc_cidr = "10.20.0.0/16" + allowed_security_groups = ["sg-0a680afd35"] + additional_tags = { + Owner = "Organization_Name" Expires = "Never" Department = "Engineering" } - vpc_cidr = "10.20.0.0/16" - family = "postgres15" - engine_version = "15.2" - current_identity = data.aws_caller_identity.current.arn - instance_class = "db.m5d.large" storage_type = "gp3" + current_identity = data.aws_caller_identity.current.arn } data "aws_caller_identity" "current" {} @@ -36,7 +37,7 @@ module "kms" { key_service_users = [local.current_identity] key_statements = [ { - sid = "CloudWatchLogs" + sid = "Allow use of the key" actions = [ "kms:Encrypt*", "kms:Decrypt*", @@ -46,10 +47,28 @@ module "kms" { ] resources = ["*"] + principals = [ + { + type = "Service" + identifiers = [ + "monitoring.rds.amazonaws.com", + "rds.amazonaws.com", + ] + } + ] + }, + { + sid = "Enable IAM User Permissions" + actions = ["kms:*"] + resources = ["*"] + principals = [ { type = "AWS" - identifiers = ["*"] + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", + data.aws_caller_identity.current.arn, + ] } ] } @@ -67,7 +86,7 @@ module "vpc" { name = local.name vpc_cidr = local.vpc_cidr environment = local.environment - availability_zones = ["ap-south-1a", "ap-south-1b"] + availability_zones = ["us-east-2a", "us-east-2b"] public_subnet_enabled = true auto_assign_public_ip = true intra_subnet_enabled = false @@ -77,7 +96,7 @@ module "vpc" { } module "rds-pg" { - source = "../.." + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" multi_az = "true" @@ -86,7 +105,7 @@ module "rds-pg" { subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn - storage_type = local.storage_type + storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class master_username = "pguser" From 96ccb845d82aee512826e6424aa4d9ccacbac0a6 Mon Sep 17 00:00:00 2001 From: "yuvraj.singh" Date: Tue, 19 Sep 2023 14:39:33 +0530 Subject: [PATCH 3/8] updated tags and example files --- example/complete-psql-replica/main.tf | 5 +++-- example/complete-psql-replica/provider.tf | 2 +- example/complete/provider.tf | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/example/complete-psql-replica/main.tf b/example/complete-psql-replica/main.tf index 79535d1..ec435b5 100644 --- a/example/complete-psql-replica/main.tf +++ b/example/complete-psql-replica/main.tf @@ -2,7 +2,7 @@ locals { region = "us-east-2" environment = "prod" name = "postgresql" - additional_aws_tags = { + additional_tags = { Owner = "Organization_Name" Expires = "Never" Department = "Engineering" @@ -11,6 +11,7 @@ locals { family = "postgres15" engine_version = "15.2" current_identity = data.aws_caller_identity.current.arn + allowed_security_groups = ["sg-0a680afd35"] instance_class = "db.m5d.large" replica_enable = true replica_count = 1 @@ -59,7 +60,7 @@ module "kms" { # Aliases aliases = ["${local.name}"] - tags = local.additional_aws_tags + tags = local.additional_tags } diff --git a/example/complete-psql-replica/provider.tf b/example/complete-psql-replica/provider.tf index 1536871..369af88 100644 --- a/example/complete-psql-replica/provider.tf +++ b/example/complete-psql-replica/provider.tf @@ -1,6 +1,6 @@ provider "aws" { region = local.region default_tags { - tags = local.additional_aws_tags + tags = local.additional_tags } } diff --git a/example/complete/provider.tf b/example/complete/provider.tf index 1536871..369af88 100644 --- a/example/complete/provider.tf +++ b/example/complete/provider.tf @@ -1,6 +1,6 @@ provider "aws" { region = local.region default_tags { - tags = local.additional_aws_tags + tags = local.additional_tags } } From 5324c5dfee07debe567fd31cdd095bd4add7730a Mon Sep 17 00:00:00 2001 From: "yuvraj.singh" Date: Wed, 20 Sep 2023 12:41:17 +0530 Subject: [PATCH 4/8] update psql module --- README.md | 31 ++++++++----------- .../complete-psql-replica/README.md | 2 +- .../complete-psql-replica/main.tf | 0 .../complete-psql-replica/output.tf | 0 .../complete-psql-replica/provider.tf | 0 .../complete-psql-replica/version.tf | 0 {example => examples}/complete/README.md | 6 +--- {example => examples}/complete/main.tf | 0 {example => examples}/complete/output.tf | 0 {example => examples}/complete/provider.tf | 0 {example => examples}/complete/version.tf | 0 11 files changed, 15 insertions(+), 24 deletions(-) rename {example => examples}/complete-psql-replica/README.md (97%) rename {example => examples}/complete-psql-replica/main.tf (100%) rename {example => examples}/complete-psql-replica/output.tf (100%) rename {example => examples}/complete-psql-replica/provider.tf (100%) rename {example => examples}/complete-psql-replica/version.tf (100%) rename {example => examples}/complete/README.md (94%) rename {example => examples}/complete/main.tf (100%) rename {example => examples}/complete/output.tf (100%) rename {example => examples}/complete/provider.tf (100%) rename {example => examples}/complete/version.tf (100%) diff --git a/README.md b/README.md index db66353..9a5daae 100644 --- a/README.md +++ b/README.md @@ -70,42 +70,38 @@ The required IAM permissions to create resources from this module can be found [ | Name | Version | |------|---------| +| [archive](#provider\_archive) | 2.4.0 | | [aws](#provider\_aws) | 5.13.1 | | [random](#provider\_random) | 3.5.1 | -| [archive](#provider\_archive) | 2.4.0 | ## Modules | Name | Source | Version | |------|--------|---------| +| [cw\_sns\_slack](#module\_cw\_sns\_slack) | ./lambda | n/a | | [db](#module\_db) | terraform-aws-modules/rds/aws | 6.1.0 | | [db\_replica](#module\_db\_replica) | terraform-aws-modules/rds/aws | 6.1.0 | -| [cw\_sns\_slack](#module\_cw\_sns\_slack) | ./lambda | n/a | | [security\_group\_rds](#module\_security\_group\_rds) | terraform-aws-modules/security-group/aws | ~> 4 | ## Resources | Name | Type | |------|------| +| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_kms_ciphertext.slack_url](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/kms_ciphertext) | resource | +| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/kms_key) | resource | +| [aws_lambda_permission.sns_lambda_slack_invoke](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/lambda_permission) | resource | | [aws_secretsmanager_secret.secret_master_db](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret) | resource | | [aws_secretsmanager_secret_version.rds_credentials](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret_version) | resource | | [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | | [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | +| [aws_sns_topic.slack_topic](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/sns_topic) | resource | +| [aws_sns_topic_subscription.slack-endpoint](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/sns_topic_subscription) | resource | | [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [archive_file.lambdazip](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/availability_zones) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/region) | data source | -| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_kms_ciphertext.slack_url](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/kms_ciphertext) | resource | -| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/kms_key) | resource | -| [aws_lambda_permission.sns_lambda_slack_invoke](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/lambda_permission) | resource | -| [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/security_group_rule) | resource | -| [aws_sns_topic.slack_topic](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/sns_topic) | resource | -| [aws_sns_topic_subscription.slack-endpoint](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/resources/sns_topic_subscription) | resource | -| [archive_file.lambdazip](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/data-sources/availability_zones) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/3.43.0/docs/data-sources/region) | data source | ## Inputs @@ -119,10 +115,9 @@ The required IAM permissions to create resources from this module can be found [ | [allowed\_security\_groups](#input\_allowed\_security\_groups) | A list of Security Group IDs to allow access to the database | `list(any)` | `[]` | no | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately or during the next maintenance window | `bool` | `false` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | The number of days to retain backups for | `number` | `5` | no | -| [backup\_window](#input\_backup\_window) | The preferred window for taking automated backups of the database | `string` | `""` | no | -| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | +| [backup\_window](#input\_backup\_window) | The preferred window for taking automated backups of the database | `string` | `"03:00-06:00"` | no | | [cloudwatch\_metric\_alarms\_enabled](#input\_cloudwatch\_metric\_alarms\_enabled) | Boolean flag to enable/disable CloudWatch metrics alarms | `bool` | `false` | no | -| [create\_random\_password](#input\_create\_random\_password) | Whether to create a random password for the RDS primary cluster | `bool` | `true` | no | +| [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Whether to create a security group for the database | `bool` | `true` | no | | [cw\_sns\_topic\_arn](#input\_cw\_sns\_topic\_arn) | The username to use when sending notifications to Slack. | `string` | `""` | no | | [db\_name](#input\_db\_name) | The name of the automatically created database on cluster creation | `string` | `""` | no | @@ -144,9 +139,9 @@ The required IAM permissions to create resources from this module can be found [ | [max\_allocated\_storage](#input\_max\_allocated\_storage) | The Maximum storage capacity for the database value after autoscaling | `number` | `null` | no | | [multi\_az](#input\_multi\_az) | Enable multi-AZ for disaster recovery | `bool` | `false` | no | | [name](#input\_name) | The name of the RDS instance | `string` | `""` | no | +| [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | `list(string)` | `[]` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no | -| [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | `list(string)` | `[]` | no | | [port](#input\_port) | The port number for the database | `number` | `5432` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no | | [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no | diff --git a/example/complete-psql-replica/README.md b/examples/complete-psql-replica/README.md similarity index 97% rename from example/complete-psql-replica/README.md rename to examples/complete-psql-replica/README.md index 76522b4..2eef11d 100644 --- a/example/complete-psql-replica/README.md +++ b/examples/complete-psql-replica/README.md @@ -27,7 +27,7 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | -| [rds-pg](#module\_rds-pg) | ../.. | n/a | +| [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources diff --git a/example/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf similarity index 100% rename from example/complete-psql-replica/main.tf rename to examples/complete-psql-replica/main.tf diff --git a/example/complete-psql-replica/output.tf b/examples/complete-psql-replica/output.tf similarity index 100% rename from example/complete-psql-replica/output.tf rename to examples/complete-psql-replica/output.tf diff --git a/example/complete-psql-replica/provider.tf b/examples/complete-psql-replica/provider.tf similarity index 100% rename from example/complete-psql-replica/provider.tf rename to examples/complete-psql-replica/provider.tf diff --git a/example/complete-psql-replica/version.tf b/examples/complete-psql-replica/version.tf similarity index 100% rename from example/complete-psql-replica/version.tf rename to examples/complete-psql-replica/version.tf diff --git a/example/complete/README.md b/examples/complete/README.md similarity index 94% rename from example/complete/README.md rename to examples/complete/README.md index 65f5dee..22cc3d0 100644 --- a/example/complete/README.md +++ b/examples/complete/README.md @@ -26,13 +26,9 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| -<<<<<<< HEAD:example/complete/README.md | [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | -| [rds-pg](#module\_rds-pg) | ../.. | n/a | -| [vpc](#module\_vpc) | squareops/vpc/aws | n/a | -======= | [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | ->>>>>>> 9aa03f29335a0d68c197a81a1599e7d71e844a24:examples/complete/README.md +| [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources diff --git a/example/complete/main.tf b/examples/complete/main.tf similarity index 100% rename from example/complete/main.tf rename to examples/complete/main.tf diff --git a/example/complete/output.tf b/examples/complete/output.tf similarity index 100% rename from example/complete/output.tf rename to examples/complete/output.tf diff --git a/example/complete/provider.tf b/examples/complete/provider.tf similarity index 100% rename from example/complete/provider.tf rename to examples/complete/provider.tf diff --git a/example/complete/version.tf b/examples/complete/version.tf similarity index 100% rename from example/complete/version.tf rename to examples/complete/version.tf From 38ec704cd65d65c20fc464d1b09c7bcdd66b5052 Mon Sep 17 00:00:00 2001 From: "yuvraj.singh" Date: Wed, 20 Sep 2023 15:01:44 +0530 Subject: [PATCH 5/8] update psql module --- examples/complete-psql-replica/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index ec435b5..d5562ec 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -102,4 +102,10 @@ module "rds-pg" { final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version deletion_protection = false + cloudwatch_metric_alarms_enabled = true + alarm_cpu_threshold_percent = 70 + disk_free_storage_space = "10000000" # in bytes + slack_username = "" + slack_channel = "" + slack_webhook_url = "" } From 809b6337fa203f8819488aac0c84e5403862e17e Mon Sep 17 00:00:00 2001 From: "yuvraj.singh" Date: Wed, 20 Sep 2023 18:18:42 +0530 Subject: [PATCH 6/8] updated chnages for tags --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index dc25dc2..6d1aa70 100644 --- a/main.tf +++ b/main.tf @@ -167,7 +167,7 @@ resource "aws_cloudwatch_metric_alarm" "cache_cpu" { threshold = var.alarm_cpu_threshold_percent dimensions = { - DBInstanceIdentifier = module.db.db_instance_id + DBInstanceIdentifier = module.db.db_instance_identifier } alarm_actions = [aws_sns_topic.slack_topic[0].arn] @@ -194,7 +194,7 @@ resource "aws_cloudwatch_metric_alarm" "disk_free_storage_space_too_low" { threshold = var.disk_free_storage_space dimensions = { - DBInstanceIdentifier = module.db.db_instance_id + DBInstanceIdentifier = module.db.db_instance_identifier } alarm_actions = [aws_sns_topic.slack_topic[0].arn] From 79dc67b30dff3711a7db545018f36376651f708c Mon Sep 17 00:00:00 2001 From: Rohit Singh <107384244+RohitSquareops@users.noreply.github.com> Date: Thu, 21 Sep 2023 12:04:53 +0530 Subject: [PATCH 7/8] Updated examples and readme references --- README.md | 1 + examples/complete-psql-replica/main.tf | 22 ++++++++++++---------- main.tf | 2 +- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 9a5daae..68bcd22 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ module "rds-pg" { environment = "prod" storage_type = "gp3" replica_enable = false + replica_count = 1 kms_key_arn = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b" engine_version = "15.2" instance_class = "db.m5.large" diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index d5562ec..34519c3 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -7,8 +7,9 @@ locals { Expires = "Never" Department = "Engineering" } + family = "postgres15" vpc_cidr = "10.20.0.0/16" - family = "postgres15" + storage_type = "gp3" engine_version = "15.2" current_identity = data.aws_caller_identity.current.arn allowed_security_groups = ["sg-0a680afd35"] @@ -25,10 +26,10 @@ module "kms" { deletion_window_in_days = 7 description = "Complete key example showing various configurations available" - enable_key_rotation = false + enable_key_rotation = true is_enabled = true key_usage = "ENCRYPT_DECRYPT" - multi_region = false + multi_region = true # Policy enable_default_policy = true @@ -82,14 +83,15 @@ module "rds-pg" { source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" - multi_az = "true" family = local.family - replica_enable = local.replica_enable - replica_count = local.replica_count + multi_az = "true" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment + replica_enable = local.replica_enable + replica_count = local.replica_count kms_key_arn = module.kms.key_arn + storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class master_username = "pguser" @@ -101,11 +103,11 @@ module "rds-pg" { maintenance_window = "Mon:00:00-Mon:03:00" final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version - deletion_protection = false + deletion_protection = true cloudwatch_metric_alarms_enabled = true alarm_cpu_threshold_percent = 70 disk_free_storage_space = "10000000" # in bytes - slack_username = "" - slack_channel = "" - slack_webhook_url = "" + slack_username = "Admin" + slack_channel = "postgresql-notification" + slack_webhook_url = "https://hooks/xxxxxxxx" } diff --git a/main.tf b/main.tf index 6d1aa70..c2907e9 100644 --- a/main.tf +++ b/main.tf @@ -21,7 +21,7 @@ module "db" { subnet_ids = var.subnet_ids kms_key_id = var.kms_key_arn instance_class = var.instance_class - storage_type = var.storage_type + storage_type = var.storage_type engine_version = var.engine_version allocated_storage = var.allocated_storage storage_encrypted = var.storage_encrypted From 3dd51417dd178a1e33d252505406f0d883a5c0e4 Mon Sep 17 00:00:00 2001 From: Rohit Singh Date: Thu, 21 Sep 2023 12:33:21 +0530 Subject: [PATCH 8/8] Updated references and readme.md file --- README.md | 3 ++- examples/complete-psql-replica/README.md | 2 +- examples/complete-psql-replica/main.tf | 20 ++++++++++---------- examples/complete/README.md | 2 +- examples/complete/main.tf | 18 +++++++++--------- 5 files changed, 23 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 68bcd22..9790b37 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ module "rds-pg" { replica_enable = false replica_count = 1 kms_key_arn = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b" + storage_type = "gp3" engine_version = "15.2" instance_class = "db.m5.large" master_username = "pguser" @@ -54,7 +55,7 @@ module "rds-pg" { slack_webhook_url = "https://hooks/xxxxxxxx" } ``` -Refer [examples](https://github.com/squareops/terraform-aws-rds-postgresql/tree/main/examples/complete) for more details. +Refer [examples](https://github.com/squareops/terraform-aws-rds-postgresql/tree/main/examples) for more details. ## IAM Permissions The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-aws-rds-postgresql/blob/main/IAM.md) diff --git a/examples/complete-psql-replica/README.md b/examples/complete-psql-replica/README.md index 2eef11d..fb5dc83 100644 --- a/examples/complete-psql-replica/README.md +++ b/examples/complete-psql-replica/README.md @@ -20,7 +20,7 @@ This example will be very useful for users who are new to a module and want to q | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.13.1 | +| [aws](#provider\_aws) | >= 3.43.0 | ## Modules diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 34519c3..fabae6c 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -1,21 +1,21 @@ locals { region = "us-east-2" - environment = "prod" name = "postgresql" - additional_tags = { - Owner = "Organization_Name" - Expires = "Never" - Department = "Engineering" - } - family = "postgres15" - vpc_cidr = "10.20.0.0/16" + family = "postgres15" + vpc_cidr = "10.20.0.0/16" + environment = "prod" storage_type = "gp3" engine_version = "15.2" - current_identity = data.aws_caller_identity.current.arn - allowed_security_groups = ["sg-0a680afd35"] instance_class = "db.m5d.large" replica_enable = true replica_count = 1 + current_identity = data.aws_caller_identity.current.arn + allowed_security_groups = ["sg-0a680afd35"] + additional_tags = { + Owner = "Organization_Name" + Expires = "Never" + Department = "Engineering" + } } data "aws_caller_identity" "current" {} diff --git a/examples/complete/README.md b/examples/complete/README.md index 22cc3d0..5381319 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -20,7 +20,7 @@ This example will be very useful for users who are new to a module and want to q | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.13.1 | +| [aws](#provider\_aws) | >= 3.43.0 | ## Modules diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 76c334b..f667383 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,18 +2,18 @@ locals { region = "us-east-2" name = "postgresql" family = "postgres15" + vpc_cidr = "10.20.0.0/16" environment = "prod" engine_version = "15.2" instance_class = "db.m5d.large" - vpc_cidr = "10.20.0.0/16" + storage_type = "gp3" + current_identity = data.aws_caller_identity.current.arn allowed_security_groups = ["sg-0a680afd35"] additional_tags = { Owner = "Organization_Name" Expires = "Never" Department = "Engineering" } - storage_type = "gp3" - current_identity = data.aws_caller_identity.current.arn } data "aws_caller_identity" "current" {} @@ -24,10 +24,10 @@ module "kms" { deletion_window_in_days = 7 description = "Complete key example showing various configurations available" - enable_key_rotation = false + enable_key_rotation = true is_enabled = true key_usage = "ENCRYPT_DECRYPT" - multi_region = false + multi_region = true # Policy enable_default_policy = true @@ -77,7 +77,7 @@ module "kms" { # Aliases aliases = ["${local.name}"] - tags = local.additional_aws_tags + tags = local.additional_tags } @@ -121,7 +121,7 @@ module "rds-pg" { cloudwatch_metric_alarms_enabled = true alarm_cpu_threshold_percent = 70 disk_free_storage_space = "10000000" # in bytes - slack_username = "" - slack_channel = "" - slack_webhook_url = "" + slack_username = "Admin" + slack_channel = "postgresql-notification" + slack_webhook_url = "https://hooks/xxxxxxxx" }