github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-rds-example/main.tf

github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-rds-example/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # PIN TERRAFORM VERSION TO >= 0.12
     3  # The examples have been upgraded to 0.12 syntax
     4  # ---------------------------------------------------------------------------------------------------------------------
     5  
     6  provider "aws" {
     7    region = var.region
     8  }
     9  
    10  terraform {
    11    # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
    12    # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
    13    # forwards compatible with 0.13.x code.
    14    required_version = ">= 0.12.26"
    15  }
    16  
    17  # ---------------------------------------------------------------------------------------------------------------------
    18  # DEPLOY INTO THE DEFAULT VPC AND SUBNETS
    19  # To keep this example simple, we are deploying into the Default VPC and its subnets. In real-world usage, you should
    20  # deploy into a custom VPC and private subnets. Given the subnet group needs to span multiple AZs and hence subnets we
    21  # have deployed it across all the subnets of the default VPC.
    22  # ---------------------------------------------------------------------------------------------------------------------
    23  
    24  data "aws_vpc" "default" {
    25    default = true
    26  }
    27  
    28  data "aws_subnets" "all" {
    29    filter {
    30      name   = "vpc-id"
    31      values = [data.aws_vpc.default.id]
    32    }
    33  }
    34  
    35  # ---------------------------------------------------------------------------------------------------------------------
    36  # CREATE AN SUBNET GROUP ACROSS ALL THE SUBNETS OF THE DEFAULT ASG TO HOST THE RDS INSTANCE
    37  # ---------------------------------------------------------------------------------------------------------------------
    38  
    39  resource "aws_db_subnet_group" "example" {
    40    name       = var.name
    41    subnet_ids = data.aws_subnets.all.ids
    42  
    43    tags = {
    44      Name = var.name
    45    }
    46  }
    47  
    48  # ---------------------------------------------------------------------------------------------------------------------
    49  # CREATE A CUSTOM PARAMETER GROUP AND AN OPTION GROUP FOR CONFIGURABILITY
    50  # ---------------------------------------------------------------------------------------------------------------------
    51  
    52  resource "aws_db_option_group" "example" {
    53    name                 = var.name
    54    engine_name          = var.engine_name
    55    major_engine_version = var.major_engine_version
    56  
    57    tags = {
    58      Name = var.name
    59    }
    60  
    61    option {
    62      option_name = "MARIADB_AUDIT_PLUGIN"
    63  
    64      option_settings {
    65        name  = "SERVER_AUDIT_EVENTS"
    66        value = "CONNECT"
    67      }
    68    }
    69  }
    70  
    71  resource "aws_db_parameter_group" "example" {
    72    name   = var.name
    73    family = var.family
    74  
    75    tags = {
    76      Name = var.name
    77    }
    78  
    79    parameter {
    80      name  = "general_log"
    81      value = "0"
    82    }
    83  }
    84  
    85  # ---------------------------------------------------------------------------------------------------------------------
    86  # CREATE A SECURITY GROUP TO ALLOW ACCESS TO THE RDS INSTANCE
    87  # ---------------------------------------------------------------------------------------------------------------------
    88  
    89  resource "aws_security_group" "db_instance" {
    90    name   = var.name
    91    vpc_id = data.aws_vpc.default.id
    92  }
    93  
    94  resource "aws_security_group_rule" "allow_db_access" {
    95    type              = "ingress"
    96    from_port         = var.port
    97    to_port           = var.port
    98    protocol          = "tcp"
    99    security_group_id = aws_security_group.db_instance.id
   100    cidr_blocks       = ["0.0.0.0/0"]
   101  }
   102  
   103  # ---------------------------------------------------------------------------------------------------------------------
   104  # CREATE THE DATABASE INSTANCE
   105  # ---------------------------------------------------------------------------------------------------------------------
   106  
   107  resource "aws_db_instance" "example" {
   108    identifier             = var.name
   109    engine                 = var.engine_name
   110    engine_version         = var.engine_version
   111    port                   = var.port
   112    name                   = var.database_name
   113    username               = var.username
   114    password               = var.password
   115    instance_class         = var.instance_class
   116    allocated_storage      = var.allocated_storage
   117    skip_final_snapshot    = true
   118    license_model          = var.license_model
   119    db_subnet_group_name   = aws_db_subnet_group.example.id
   120    vpc_security_group_ids = [aws_security_group.db_instance.id]
   121    publicly_accessible    = true
   122    parameter_group_name   = aws_db_parameter_group.example.id
   123    option_group_name      = aws_db_option_group.example.id
   124  
   125    tags = {
   126      Name = var.name
   127    }
   128  }