From c8f0e0a6803968ff8de7bbf39cfccb5d5493e683 Mon Sep 17 00:00:00 2001 From: "Luis M. Gallardo D" Date: Thu, 20 Apr 2023 00:07:59 -0300 Subject: [PATCH] Disable databases-mysql layer --- .../databases-mysql --/common-variables.tf | 1 + .../us-east-1/databases-mysql --/config.tf | 65 +++++++++++++++ .../us-east-1/databases-mysql --/db_mysql.tf | 83 +++++++++++++++++++ .../export-rds-snapshots-to-s3.tf | 73 ++++++++++++++++ .../us-east-1/databases-mysql --/locals.tf | 6 ++ .../us-east-1/databases-mysql --/outputs.tf | 4 + .../us-east-1/databases-mysql --/variables.tf | 3 + .../export-rds-snapshots-to-s3.tf | 2 +- 8 files changed, 236 insertions(+), 1 deletion(-) create mode 120000 apps-devstg/us-east-1/databases-mysql --/common-variables.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/config.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/db_mysql.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/export-rds-snapshots-to-s3.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/locals.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/outputs.tf create mode 100644 apps-devstg/us-east-1/databases-mysql --/variables.tf diff --git a/apps-devstg/us-east-1/databases-mysql --/common-variables.tf b/apps-devstg/us-east-1/databases-mysql --/common-variables.tf new file mode 120000 index 000000000..81b884acd --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/common-variables.tf @@ -0,0 +1 @@ +../../../config/common-variables.tf \ No newline at end of file diff --git a/apps-devstg/us-east-1/databases-mysql --/config.tf b/apps-devstg/us-east-1/databases-mysql --/config.tf new file mode 100644 index 000000000..1e4364c9d --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/config.tf @@ -0,0 +1,65 @@ +#=============================# +# AWS Provider Settings # +#=============================# +provider "aws" { + region = var.region + profile = var.profile +} + +#=============================# +# Vault Provider Settings # +#=============================# +provider "vault" { + address = var.vault_address + + /* + Vault token that will be used by Terraform to authenticate. + admin token from https://portal.cloud.hashicorp.com/. + */ + token = var.vault_token +} + +#=============================# +# Backend Config (partial) # +#=============================# +terraform { + required_version = "~> 1.2.7" + + required_providers { + aws = "~> 4.0" + vault = "~> 3.6.0" + } + + backend "s3" { + key = "apps-devstg/databases-mysql/terraform.tfstate" + } +} + +#=============================# +# Data sources # +#=============================# +data "terraform_remote_state" "vpc" { + backend = "s3" + + config = { + region = var.region + profile = var.profile + bucket = var.bucket + key = "${var.environment}/network/terraform.tfstate" + } +} + +data "terraform_remote_state" "vpc-shared" { + backend = "s3" + + config = { + region = var.region + profile = "${var.project}-shared-devops" + bucket = "${var.project}-shared-terraform-backend" + key = "shared/network/terraform.tfstate" + } +} + +data "vault_generic_secret" "database_secrets" { + path = "secrets/${var.project}/${var.environment}/databases-mysql" +} diff --git a/apps-devstg/us-east-1/databases-mysql --/db_mysql.tf b/apps-devstg/us-east-1/databases-mysql --/db_mysql.tf new file mode 100644 index 000000000..066b9af67 --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/db_mysql.tf @@ -0,0 +1,83 @@ +# +# DB Security Group +# +resource "aws_security_group" "bb_mysql_db" { + name = "bb_mysql_db" + description = "Binbash Reference MySQL DB" + vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id + tags = local.tags +} +resource "aws_security_group_rule" "allow_mysql_port" { + type = "ingress" + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = [ + data.terraform_remote_state.vpc.outputs.vpc_cidr_block, + data.terraform_remote_state.vpc-shared.outputs.vpc_cidr_block + ] + description = "Allow PostgreSQL from DevStg and Shared" + security_group_id = aws_security_group.bb_mysql_db.id +} + +# +# Binbash Reference DB +# +module "bb_mysql_db" { + source = "github.com/binbashar/terraform-aws-rds.git?ref=v5.6.0" + + # Instance settings + # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html + identifier = "${var.project}-${var.environment}-binbash-mysql" + engine = "mysql" + engine_version = "8.0.28" + instance_class = "db.m6g.large" + allocated_storage = 100 + storage_encrypted = true + multi_az = false + + # Database credentials + db_name = "${var.project}_${replace(var.environment, "apps-", "")}_binbash_mysql" + username = "administrator" + + # Secret from Hashicorp Vault + password = data.vault_generic_secret.database_secrets.data["administrator_password"] + port = "3306" + + # Backup and maintenance + backup_retention_period = 14 + maintenance_window = "Tue:03:00-Tue:06:00" + backup_window = "00:00-02:00" + + # Network settings + create_db_subnet_group = true + subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets + vpc_security_group_ids = [aws_security_group.bb_mysql_db.id] + + + # Mysql versions (param/option groups) + family = "mysql8.0" + major_engine_version = "8.0" + + # Do not automatically upgrade + auto_minor_version_upgrade = false + + # RDS Enhanced Monitoring + # The interval, in seconds, between points when Enhanced Monitoring metrics + # are collected for the DB instance. + # To disable collecting Enhanced Monitoring metrics, specify 0. + # The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. + monitoring_interval = "0" + monitoring_role_name = "MyRDSMonitoringRoleMySQL" + create_monitoring_role = false # true if Enhanced Monitoring needed + + # Tags + Bakup tag -> True + tags = merge(local.tags, tomap({ Backup = "True" })) + + # Specifies whether any database modifications are applied immediately, or + # during the next maintenance window + apply_immediately = true + + # Database Deletion Protection + deletion_protection = false +} diff --git a/apps-devstg/us-east-1/databases-mysql --/export-rds-snapshots-to-s3.tf b/apps-devstg/us-east-1/databases-mysql --/export-rds-snapshots-to-s3.tf new file mode 100644 index 000000000..6c70887a2 --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/export-rds-snapshots-to-s3.tf @@ -0,0 +1,73 @@ +locals { + bucket_name = "${var.project}-${replace(var.environment, "apps-", "")}-binbash-mysql" +} + +# ----------------------------------------------------------------------------- +# RDS Export To S3 functions +# ----------------------------------------------------------------------------- +module "rds_export_to_s3" { + source = "git@github.com:binbashar/terraform-aws-rds-export-to-s3.git?ref=v0.4.0" + + # Set a prefix for naming resources + #prefix = "binbashar" + + # Which RDS snapshots should be exported? + database_names = "${var.project}-${replace(var.environment, "apps-", "")}-binbash-mysql" + + # Which bucket will store the exported snapshots? + snapshots_bucket_name = module.bucket.s3_bucket_id + #snapshots_bucket_name = "export-bucket-name" + + # To group objects in a bucket, S3 uses a prefix before object names. The forward slash (/) in the prefix represents a folder. + snapshots_bucket_prefix = "rds_snapshots/" + + # Which RDS snapshots events should be included (RDS Aurora or/and RDS non-Aurora)? + #rds_event_ids = "RDS-EVENT-0091, RDS-EVENT-0169" + + # Create customer managed key or use default AWS S3 managed key. If set to 'false', then 'customer_kms_key_arn' is used. + create_customer_kms_key = false + + # Provide CMK if 'create_customer_kms_key = false' + #customer_kms_key_arn = "arn:aws:kms:us-east-1:523857393444:key/b7a1d584-29cf-4f21-a69f-57ca8eaa1c77" + + # SNS topic for export monitor notifications + create_notifications_topic = true + + # Which topic should receive notifications about exported snapshots events? Only required if 'create_notifications_topic = false' + #notifications_topic_arn = "arn:aws:sns:us-east-1:000000000000:sns-topic-slack-notifications" + + # Set the logging level + # log_level = "DEBUG" + + tags = local.tags + #tags = { Deployment = "binbachar-export" } +} + + +# ----------------------------------------------------------------------------- +# This bucket will be used for storing the exported RDS snapshots. +# ----------------------------------------------------------------------------- +module "bucket" { + source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v2.6.0" + + bucket = local.bucket_name + acl = "private" + force_destroy = true + + attach_deny_insecure_transport_policy = true + + server_side_encryption_configuration = { + rule = { + apply_server_side_encryption_by_default = { + sse_algorithm = "AES256" + } + } + } + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true + + tags = local.tags +} diff --git a/apps-devstg/us-east-1/databases-mysql --/locals.tf b/apps-devstg/us-east-1/databases-mysql --/locals.tf new file mode 100644 index 000000000..5879674a5 --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/locals.tf @@ -0,0 +1,6 @@ +locals { + tags = { + Terraform = "true" + Environment = var.environment + } +} diff --git a/apps-devstg/us-east-1/databases-mysql --/outputs.tf b/apps-devstg/us-east-1/databases-mysql --/outputs.tf new file mode 100644 index 000000000..774bf4a03 --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/outputs.tf @@ -0,0 +1,4 @@ +output "bb_reference_db_id" { + description = "Postgres reference db id" + value = module.bb_mysql_db.db_instance_id +} diff --git a/apps-devstg/us-east-1/databases-mysql --/variables.tf b/apps-devstg/us-east-1/databases-mysql --/variables.tf new file mode 100644 index 000000000..9242376cf --- /dev/null +++ b/apps-devstg/us-east-1/databases-mysql --/variables.tf @@ -0,0 +1,3 @@ +#================================# +# Local variables # +#================================# diff --git a/apps-devstg/us-east-1/databases-mysql/export-rds-snapshots-to-s3.tf b/apps-devstg/us-east-1/databases-mysql/export-rds-snapshots-to-s3.tf index ef4b826e5..6c70887a2 100644 --- a/apps-devstg/us-east-1/databases-mysql/export-rds-snapshots-to-s3.tf +++ b/apps-devstg/us-east-1/databases-mysql/export-rds-snapshots-to-s3.tf @@ -6,7 +6,7 @@ locals { # RDS Export To S3 functions # ----------------------------------------------------------------------------- module "rds_export_to_s3" { - source = "git@github.com:binbashar/terraform-aws-rds-export-to-s3.git?ref=non_cluster" + source = "git@github.com:binbashar/terraform-aws-rds-export-to-s3.git?ref=v0.4.0" # Set a prefix for naming resources #prefix = "binbashar"