-
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
236 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../../../config/common-variables.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| #=============================# | ||
| # AWS Provider Settings # | ||
| #=============================# | ||
| provider "aws" { | ||
| region = var.region | ||
| profile = var.profile | ||
| } | ||
|
|
||
| #=============================# | ||
| # Vault Provider Settings # | ||
| #=============================# | ||
| provider "vault" { | ||
| address = var.vault_address | ||
|
|
||
| /* | ||
| Vault token that will be used by Terraform to authenticate. | ||
| admin token from https://portal.cloud.hashicorp.com/. | ||
| */ | ||
| token = var.vault_token | ||
| } | ||
|
|
||
| #=============================# | ||
| # Backend Config (partial) # | ||
| #=============================# | ||
| terraform { | ||
| required_version = "~> 1.2.7" | ||
|
|
||
| required_providers { | ||
| aws = "~> 4.0" | ||
| vault = "~> 3.6.0" | ||
| } | ||
|
|
||
| backend "s3" { | ||
| key = "apps-devstg/databases-mysql/terraform.tfstate" | ||
| } | ||
| } | ||
|
|
||
| #=============================# | ||
| # Data sources # | ||
| #=============================# | ||
| data "terraform_remote_state" "vpc" { | ||
| backend = "s3" | ||
|
|
||
| config = { | ||
| region = var.region | ||
| profile = var.profile | ||
| bucket = var.bucket | ||
| key = "${var.environment}/network/terraform.tfstate" | ||
| } | ||
| } | ||
|
|
||
| data "terraform_remote_state" "vpc-shared" { | ||
| backend = "s3" | ||
|
|
||
| config = { | ||
| region = var.region | ||
| profile = "${var.project}-shared-devops" | ||
| bucket = "${var.project}-shared-terraform-backend" | ||
| key = "shared/network/terraform.tfstate" | ||
| } | ||
| } | ||
|
|
||
| data "vault_generic_secret" "database_secrets" { | ||
| path = "secrets/${var.project}/${var.environment}/databases-mysql" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| # | ||
| # DB Security Group | ||
| # | ||
| resource "aws_security_group" "bb_mysql_db" { | ||
| name = "bb_mysql_db" | ||
| description = "Binbash Reference MySQL DB" | ||
| vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id | ||
| tags = local.tags | ||
| } | ||
| resource "aws_security_group_rule" "allow_mysql_port" { | ||
| type = "ingress" | ||
| from_port = 3306 | ||
| to_port = 3306 | ||
| protocol = "tcp" | ||
| cidr_blocks = [ | ||
| data.terraform_remote_state.vpc.outputs.vpc_cidr_block, | ||
| data.terraform_remote_state.vpc-shared.outputs.vpc_cidr_block | ||
| ] | ||
| description = "Allow PostgreSQL from DevStg and Shared" | ||
| security_group_id = aws_security_group.bb_mysql_db.id | ||
| } | ||
|
|
||
| # | ||
| # Binbash Reference DB | ||
| # | ||
| module "bb_mysql_db" { | ||
| source = "github.com/binbashar/terraform-aws-rds.git?ref=v5.6.0" | ||
|
|
||
| # Instance settings | ||
| # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html | ||
| identifier = "${var.project}-${var.environment}-binbash-mysql" | ||
| engine = "mysql" | ||
| engine_version = "8.0.28" | ||
| instance_class = "db.m6g.large" | ||
| allocated_storage = 100 | ||
| storage_encrypted = true | ||
| multi_az = false | ||
|
|
||
| # Database credentials | ||
| db_name = "${var.project}_${replace(var.environment, "apps-", "")}_binbash_mysql" | ||
| username = "administrator" | ||
|
|
||
| # Secret from Hashicorp Vault | ||
| password = data.vault_generic_secret.database_secrets.data["administrator_password"] | ||
| port = "3306" | ||
|
|
||
| # Backup and maintenance | ||
| backup_retention_period = 14 | ||
| maintenance_window = "Tue:03:00-Tue:06:00" | ||
| backup_window = "00:00-02:00" | ||
|
|
||
| # Network settings | ||
| create_db_subnet_group = true | ||
| subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets | ||
| vpc_security_group_ids = [aws_security_group.bb_mysql_db.id] | ||
|
|
||
|
|
||
| # Mysql versions (param/option groups) | ||
| family = "mysql8.0" | ||
| major_engine_version = "8.0" | ||
|
|
||
| # Do not automatically upgrade | ||
| auto_minor_version_upgrade = false | ||
|
|
||
| # RDS Enhanced Monitoring | ||
| # The interval, in seconds, between points when Enhanced Monitoring metrics | ||
| # are collected for the DB instance. | ||
| # To disable collecting Enhanced Monitoring metrics, specify 0. | ||
| # The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | ||
| monitoring_interval = "0" | ||
| monitoring_role_name = "MyRDSMonitoringRoleMySQL" | ||
| create_monitoring_role = false # true if Enhanced Monitoring needed | ||
|
|
||
| # Tags + Bakup tag -> True | ||
| tags = merge(local.tags, tomap({ Backup = "True" })) | ||
|
|
||
| # Specifies whether any database modifications are applied immediately, or | ||
| # during the next maintenance window | ||
| apply_immediately = true | ||
|
|
||
| # Database Deletion Protection | ||
| deletion_protection = false | ||
| } |
73 changes: 73 additions & 0 deletions
73
apps-devstg/us-east-1/databases-mysql --/export-rds-snapshots-to-s3.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| locals { | ||
| bucket_name = "${var.project}-${replace(var.environment, "apps-", "")}-binbash-mysql" | ||
| } | ||
|
|
||
| # ----------------------------------------------------------------------------- | ||
| # RDS Export To S3 functions | ||
| # ----------------------------------------------------------------------------- | ||
| module "rds_export_to_s3" { | ||
| source = "[email protected]:binbashar/terraform-aws-rds-export-to-s3.git?ref=v0.4.0" | ||
|
|
||
| # Set a prefix for naming resources | ||
| #prefix = "binbashar" | ||
|
|
||
| # Which RDS snapshots should be exported? | ||
| database_names = "${var.project}-${replace(var.environment, "apps-", "")}-binbash-mysql" | ||
|
|
||
| # Which bucket will store the exported snapshots? | ||
| snapshots_bucket_name = module.bucket.s3_bucket_id | ||
| #snapshots_bucket_name = "export-bucket-name" | ||
|
|
||
| # To group objects in a bucket, S3 uses a prefix before object names. The forward slash (/) in the prefix represents a folder. | ||
| snapshots_bucket_prefix = "rds_snapshots/" | ||
|
|
||
| # Which RDS snapshots events should be included (RDS Aurora or/and RDS non-Aurora)? | ||
| #rds_event_ids = "RDS-EVENT-0091, RDS-EVENT-0169" | ||
|
|
||
| # Create customer managed key or use default AWS S3 managed key. If set to 'false', then 'customer_kms_key_arn' is used. | ||
| create_customer_kms_key = false | ||
|
|
||
| # Provide CMK if 'create_customer_kms_key = false' | ||
| #customer_kms_key_arn = "arn:aws:kms:us-east-1:523857393444:key/b7a1d584-29cf-4f21-a69f-57ca8eaa1c77" | ||
|
|
||
| # SNS topic for export monitor notifications | ||
| create_notifications_topic = true | ||
|
|
||
| # Which topic should receive notifications about exported snapshots events? Only required if 'create_notifications_topic = false' | ||
| #notifications_topic_arn = "arn:aws:sns:us-east-1:000000000000:sns-topic-slack-notifications" | ||
|
|
||
| # Set the logging level | ||
| # log_level = "DEBUG" | ||
|
|
||
| tags = local.tags | ||
| #tags = { Deployment = "binbachar-export" } | ||
| } | ||
|
|
||
|
|
||
| # ----------------------------------------------------------------------------- | ||
| # This bucket will be used for storing the exported RDS snapshots. | ||
| # ----------------------------------------------------------------------------- | ||
| module "bucket" { | ||
| source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v2.6.0" | ||
|
|
||
| bucket = local.bucket_name | ||
| acl = "private" | ||
| force_destroy = true | ||
|
|
||
| attach_deny_insecure_transport_policy = true | ||
|
|
||
| server_side_encryption_configuration = { | ||
| rule = { | ||
| apply_server_side_encryption_by_default = { | ||
| sse_algorithm = "AES256" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| block_public_acls = true | ||
| block_public_policy = true | ||
| ignore_public_acls = true | ||
| restrict_public_buckets = true | ||
|
|
||
| tags = local.tags | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| locals { | ||
| tags = { | ||
| Terraform = "true" | ||
| Environment = var.environment | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| output "bb_reference_db_id" { | ||
| description = "Postgres reference db id" | ||
| value = module.bb_mysql_db.db_instance_id | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| #================================# | ||
| # Local variables # | ||
| #================================# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,7 +6,7 @@ locals { | |
| # RDS Export To S3 functions | ||
| # ----------------------------------------------------------------------------- | ||
| module "rds_export_to_s3" { | ||
| source = "[email protected]:binbashar/terraform-aws-rds-export-to-s3.git?ref=non_cluster" | ||
| source = "[email protected]:binbashar/terraform-aws-rds-export-to-s3.git?ref=v0.4.0" | ||
|
|
||
| # Set a prefix for naming resources | ||
| #prefix = "binbashar" | ||
|
|
||