Young-ook · Young-ook · May 11, 2023 · May 9, 2023 · May 9, 2023 · May 9, 2023
diff --git a/CODEOWNER b/CODEOWNER
@@ -0,0 +1,8 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+*       @Young-ook
diff --git a/LICENSE.md b/LICENSE.md
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Young-ook
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/defaults.tf b/defaults.tf
@@ -1,3 +1,5 @@
+### default variables
+
 locals {
   default_mysql_cluster = {
     engine              = "aurora-mysql"

diff --git a/label.tf b/label.tf
@@ -1,3 +1,5 @@
+### labels
+
 resource "random_string" "iid" {
   for_each = { for k, v in var.aurora_instances : k => v }
   length   = 5

diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
-# amazon aurora cluster
+### Amazon Aurora Cluster
 
-# condition
+### condition
 locals {
   enabled           = (var.aurora_cluster != null ? ((length(var.aurora_cluster) > 0) ? true : false) : false)
   compatibility     = (local.enabled ? lookup(var.aurora_cluster, "engine", "aurora-mysql") : "aurora-mysql")
@@ -9,21 +9,45 @@ locals {
   password          = lookup(var.aurora_cluster, "password", random_password.password.result)
 }
 
-# security/password
+### security/password
 resource "random_password" "password" {
   length           = 16
   special          = true
   override_special = "‘~!@#$%^*()_-+={}[],.;?':|"
 }
 
-# subnet group
+### security/firewall
+resource "aws_security_group" "db" {
+  count       = local.enabled ? 1 : 0
+  name        = format("%s", local.name)
+  description = format("security group for %s", local.name)
+  vpc_id      = var.vpc
+  tags        = merge(local.default-tags, var.tags)
+
+  ingress {
+    from_port   = lookup(var.aurora_cluster, "port", local.default_cluster["port"])
+    to_port     = lookup(var.aurora_cluster, "port", local.default_cluster["port"])
+    protocol    = "tcp"
+    cidr_blocks = var.cidrs
+    self        = true
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+### network/subnets
 resource "aws_db_subnet_group" "db" {
   name       = format("%s-db", local.name)
   subnet_ids = var.subnets
   tags       = merge(local.default-tags, var.tags)
 }
 
-# parameter groups
+### database/parameters
 resource "aws_rds_cluster_parameter_group" "db" {
   name = format("%s-db-cluster-params", local.name)
   tags = merge(local.default-tags, var.tags)
@@ -62,7 +86,7 @@ resource "aws_db_parameter_group" "db" {
   }
 }
 
-# rds cluster
+### database/cluster
 resource "aws_rds_cluster" "db" {
   cluster_identifier                  = local.name
   engine                              = lookup(var.aurora_cluster, "engine", local.default_cluster.engine)
@@ -106,7 +130,7 @@ resource "aws_rds_cluster" "db" {
   }
 }
 
-# rds instances
+### database/instance
 resource "aws_rds_cluster_instance" "db" {
   depends_on              = [aws_rds_cluster.db]
   for_each                = { for k, v in var.aurora_instances : k => v }

diff --git a/modules/proxy/default.tf → modules/proxy/defaults.tf b/modules/proxy/default.tf → modules/proxy/defaults.tf
diff --git a/modules/proxy/labels.tf b/modules/proxy/labels.tf
@@ -1,3 +1,5 @@
+### labels
+
 ### frigga name
 module "frigga" {
   source  = "Young-ook/spinnaker/aws//modules/frigga"

diff --git a/modules/proxy/main.tf b/modules/proxy/main.tf
@@ -1,6 +1,11 @@
-## rds proxy
+### Amazon RDS Proxy
 
-# parameters
+### aws partition and region (global, gov, china)
+module "aws" {
+  source = "Young-ook/spinnaker/aws//modules/aws-partitions"
+}
+
+### database/parameter
 locals {
   security_groups     = var.security_groups == [] ? null : var.security_groups
   debug_logging       = lookup(var.proxy_config, "debug_logging", local.default_proxy_config.debug_logging)
@@ -15,20 +20,15 @@ locals {
   user_password       = lookup(var.auth_config, "user_password") # required
 }
 
-# aws partition and region (global, gov, china)
-module "aws" {
-  source = "Young-ook/spinnaker/aws//modules/aws-partitions"
-}
-
-# security/secret
+### security/secret
 module "vault" {
   source  = "Young-ook/passport/aws//modules/aws-secrets"
   version = "0.0.4"
   name    = join("-", [local.user_name, local.name])
   secret  = local.user_password
 }
 
-# security/policy
+### security/policy
 resource "aws_iam_role" "proxy" {
   name = local.name
   tags = merge(local.default-tags, var.tags)
@@ -49,7 +49,7 @@ resource "aws_iam_role_policy_attachment" "get-secret" {
   policy_arn = module.vault.policy_arns.read
 }
 
-# proxy
+### database/proxy
 resource "aws_db_proxy" "proxy" {
   name                   = local.name
   tags                   = merge(local.default-tags, var.tags)

diff --git a/modules/proxy/outputs.tf b/modules/proxy/outputs.tf
@@ -1,4 +1,4 @@
-# output variables
+### output variables
 
 output "proxy" {
   description = "RDS proxy"

diff --git a/modules/proxy/variables.tf b/modules/proxy/variables.tf
@@ -1,3 +1,5 @@
+### input variables
+
 ### network
 variable "subnets" {
   description = "The subnet IDs for rds"

diff --git a/modules/proxy/versions.tf b/modules/proxy/versions.tf
@@ -0,0 +1,11 @@
+### requirements
+
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}
diff --git a/network.tf b/network.tf
diff --git a/outputs.tf b/outputs.tf
@@ -1,4 +1,4 @@
-# output variables
+### output variables
 
 output "cluster" {
   description = "Aurora cluster"

diff --git a/variables.tf b/variables.tf
@@ -1,3 +1,5 @@
+### input variables
+
 ### network
 variable "vpc" {
   description = "The VPC ID to deploy the cluster"