diff --git a/.gitignore b/.gitignore index b87a64a..4d8b32b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .terraform .terraform.lock.hcl terraform.tfstate* +terraform.tfvars diff --git a/examples/rds/basic-mysql/eks.tf b/examples/rds/basic-mysql/eks.tf new file mode 100644 index 0000000..f797808 --- /dev/null +++ b/examples/rds/basic-mysql/eks.tf @@ -0,0 +1,100 @@ +module "eks" { + source = "terraform-aws-modules/eks/aws" + + cluster_name = var.name + cluster_version = "1.28" + cluster_endpoint_public_access = true + + cluster_addons = { + kube-proxy = { + most_recent = true + } + vpc-cni = { + most_recent = true + } + coredns = { + most_recent = true + configuration_values = jsonencode({ + computeType = "Fargate" + }) + } + } + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + control_plane_subnet_ids = module.vpc.intra_subnets + + # Fargate profiles use the cluster primary security group so these are not utilized + create_cluster_security_group = false + create_node_security_group = false + + cluster_security_group_additional_rules = { + ingress_all = { + protocol = "-1" + from_port = 0 + to_port = 6555 + type = "ingress" + } + egress_all = { + protocol = "-1" + from_port = 0 + to_port = 6555 + type = "egress" + } + } + + fargate_profile_defaults = { + iam_role_additional_policies = { + additional = aws_iam_policy.additional.arn + } + } + + fargate_profiles = merge( + { + example = { + name = "example" + selectors = [ + { + namespace = "*" + } + ] + + # Using specific subnets instead of the subnets supplied for the cluster itself + subnet_ids = [module.vpc.private_subnets[1]] + + tags = { + Owner = "secondary" + } + + timeouts = { + create = "20m" + delete = "20m" + } + } + }, + { for i in range(3) : + "kube-system-${element(split("-", local.azs[i]), 2)}" => { + selectors = [ + { namespace = "kube-system" } + ] + # We want to create a profile per AZ for high availability + subnet_ids = [element(module.vpc.private_subnets, i)] + } + } + ) +} + +resource "aws_iam_policy" "additional" { + name = "${var.name}-additional" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect" : "Allow" + "Action" : "*" + "Resource" : "*" + }, + ] + }) +} diff --git a/examples/rds/basic-mysql/humanitec.tf b/examples/rds/basic-mysql/humanitec.tf new file mode 100644 index 0000000..c91c2ef --- /dev/null +++ b/examples/rds/basic-mysql/humanitec.tf @@ -0,0 +1,63 @@ +resource "humanitec_application" "app" { + id = var.name + name = var.name +} + +resource "humanitec_resource_definition" "cluster" { + id = "${var.name}-aws-cluster" + name = "${var.name}-aws-cluster" + type = "k8s-cluster" + driver_type = "humanitec/k8s-cluster-eks" + + driver_inputs = { + values_string = jsonencode({ + "loadbalancer" = module.eks.cluster_endpoint + "name" = module.eks.cluster_name + "region" = var.region + }) + secrets_string = jsonencode({ + "credentials" = { + "aws_access_key_id" : var.access_key + "aws_secret_access_key" : var.secret_key + } + }) + } +} + +module "rds" { + source = "../../../humanitec-resource-defs/rds/basic" + + prefix = "${var.name}-" + resource_packs_aws_rev = var.resource_packs_aws_rev + resource_packs_aws_url = var.resource_packs_aws_url + + access_key = var.access_key + secret_key = var.secret_key + region = var.region + + name = "${var.name}-database" + database_name = "my_database" + username = "username" + password = "password" + + type = "mysql" + engine = "mysql" + engine_version = "8.0.35" + group_family = "mysql8.0" + + create_db_subnet_group = true + db_subnet_group_name = "${var.name}-subnet-group" + subnet_ids = module.vpc.private_subnets + + vpc_security_group_ids = [module.vpc.default_security_group_id] +} + +resource "humanitec_resource_definition_criteria" "cluster" { + resource_definition_id = humanitec_resource_definition.cluster.id + app_id = humanitec_application.app.id +} + +resource "humanitec_resource_definition_criteria" "rds" { + resource_definition_id = module.rds.id + app_id = humanitec_application.app.id +} diff --git a/examples/rds/basic-mysql/providers.tf b/examples/rds/basic-mysql/providers.tf new file mode 100644 index 0000000..4dd09c2 --- /dev/null +++ b/examples/rds/basic-mysql/providers.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + humanitec = { + source = "humanitec/humanitec" + } + } +} + +provider "aws" { + region = var.region + access_key = var.access_key + secret_key = var.secret_key +} + +provider "humanitec" { + host = var.humanitec_host + org_id = var.humanitec_org_id + token = var.humanitec_token +} diff --git a/examples/rds/basic-mysql/variables.tf b/examples/rds/basic-mysql/variables.tf new file mode 100644 index 0000000..81201f0 --- /dev/null +++ b/examples/rds/basic-mysql/variables.tf @@ -0,0 +1,40 @@ +variable "name" { + type = string +} + +variable "access_key" { + type = string +} + +variable "secret_key" { + type = string +} + +variable "region" { + type = string +} + +variable "humanitec_org_id" { + type = string +} + +variable "humanitec_token" { + type = string +} + +variable "resource_packs_aws_url" { + description = "AWS Resource Pack git url" + type = string + default = "https://github.com/humanitec-architecture/resource-packs-aws.git" +} + +variable "resource_packs_aws_rev" { + description = "AWS Resource Pack git branch" + type = string + default = "refs/heads/main" +} + +variable "humanitec_host" { + type = string + default = "https://api.humanitec.io" +} diff --git a/examples/rds/basic-mysql/vpc.tf b/examples/rds/basic-mysql/vpc.tf new file mode 100644 index 0000000..da57987 --- /dev/null +++ b/examples/rds/basic-mysql/vpc.tf @@ -0,0 +1,48 @@ +data "aws_availability_zones" "available" {} + +locals { + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 4.0" + + name = var.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)] + + enable_nat_gateway = true + single_nat_gateway = true + + default_security_group_egress = [ + { + cidr_blocks = "0.0.0.0/0" + protocol = "-1" + from_port = 0 + to_port = 0 + } + ] + + default_security_group_ingress = [ + { + cidr_blocks = "0.0.0.0/0" + protocol = "-1" + from_port = 0 + to_port = 0 + } + ] + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} diff --git a/examples/rds/basic-postgres/.terraform.tfstate.lock.info b/examples/rds/basic-postgres/.terraform.tfstate.lock.info new file mode 100644 index 0000000..01960b7 --- /dev/null +++ b/examples/rds/basic-postgres/.terraform.tfstate.lock.info @@ -0,0 +1 @@ +{"ID":"2b66d09a-54b3-4bed-e6f4-00376d5a2d07","Operation":"OperationTypeApply","Info":"","Who":"mjenek@MacBook-Pro-Mateusz.local","Version":"1.6.0","Created":"2024-01-02T17:36:38.04171Z","Path":"terraform.tfstate"} \ No newline at end of file diff --git a/examples/rds/basic-postgres/eks.tf b/examples/rds/basic-postgres/eks.tf new file mode 100644 index 0000000..f797808 --- /dev/null +++ b/examples/rds/basic-postgres/eks.tf @@ -0,0 +1,100 @@ +module "eks" { + source = "terraform-aws-modules/eks/aws" + + cluster_name = var.name + cluster_version = "1.28" + cluster_endpoint_public_access = true + + cluster_addons = { + kube-proxy = { + most_recent = true + } + vpc-cni = { + most_recent = true + } + coredns = { + most_recent = true + configuration_values = jsonencode({ + computeType = "Fargate" + }) + } + } + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + control_plane_subnet_ids = module.vpc.intra_subnets + + # Fargate profiles use the cluster primary security group so these are not utilized + create_cluster_security_group = false + create_node_security_group = false + + cluster_security_group_additional_rules = { + ingress_all = { + protocol = "-1" + from_port = 0 + to_port = 6555 + type = "ingress" + } + egress_all = { + protocol = "-1" + from_port = 0 + to_port = 6555 + type = "egress" + } + } + + fargate_profile_defaults = { + iam_role_additional_policies = { + additional = aws_iam_policy.additional.arn + } + } + + fargate_profiles = merge( + { + example = { + name = "example" + selectors = [ + { + namespace = "*" + } + ] + + # Using specific subnets instead of the subnets supplied for the cluster itself + subnet_ids = [module.vpc.private_subnets[1]] + + tags = { + Owner = "secondary" + } + + timeouts = { + create = "20m" + delete = "20m" + } + } + }, + { for i in range(3) : + "kube-system-${element(split("-", local.azs[i]), 2)}" => { + selectors = [ + { namespace = "kube-system" } + ] + # We want to create a profile per AZ for high availability + subnet_ids = [element(module.vpc.private_subnets, i)] + } + } + ) +} + +resource "aws_iam_policy" "additional" { + name = "${var.name}-additional" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + "Effect" : "Allow" + "Action" : "*" + "Resource" : "*" + }, + ] + }) +} diff --git a/examples/rds/basic-postgres/humanitec.tf b/examples/rds/basic-postgres/humanitec.tf new file mode 100644 index 0000000..240eabc --- /dev/null +++ b/examples/rds/basic-postgres/humanitec.tf @@ -0,0 +1,58 @@ +resource "humanitec_application" "app" { + id = var.name + name = var.name +} + +resource "humanitec_resource_definition" "cluster" { + id = "${var.name}-aws-cluster" + name = "${var.name}-aws-cluster" + type = "k8s-cluster" + driver_type = "humanitec/k8s-cluster-eks" + + driver_inputs = { + values_string = jsonencode({ + "loadbalancer" = module.eks.cluster_endpoint + "name" = module.eks.cluster_name + "region" = var.region + }) + secrets_string = jsonencode({ + "credentials" = { + "aws_access_key_id" : var.access_key + "aws_secret_access_key" : var.secret_key + } + }) + } +} + +module "rds" { + source = "../../../humanitec-resource-defs/rds/basic" + + prefix = "${var.name}-" + resource_packs_aws_rev = var.resource_packs_aws_rev + resource_packs_aws_url = var.resource_packs_aws_url + + access_key = var.access_key + secret_key = var.secret_key + region = var.region + + name = "${var.name}-database" + database_name = "my_database" + username = "username" + password = "password" + + create_db_subnet_group = true + db_subnet_group_name = "${var.name}-subnet-group" + subnet_ids = module.vpc.private_subnets + + vpc_security_group_ids = [module.vpc.default_security_group_id] +} + +resource "humanitec_resource_definition_criteria" "cluster" { + resource_definition_id = humanitec_resource_definition.cluster.id + app_id = humanitec_application.app.id +} + +resource "humanitec_resource_definition_criteria" "rds" { + resource_definition_id = module.rds.id + app_id = humanitec_application.app.id +} diff --git a/examples/rds/basic-postgres/providers.tf b/examples/rds/basic-postgres/providers.tf new file mode 100644 index 0000000..4dd09c2 --- /dev/null +++ b/examples/rds/basic-postgres/providers.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + humanitec = { + source = "humanitec/humanitec" + } + } +} + +provider "aws" { + region = var.region + access_key = var.access_key + secret_key = var.secret_key +} + +provider "humanitec" { + host = var.humanitec_host + org_id = var.humanitec_org_id + token = var.humanitec_token +} diff --git a/examples/rds/basic-postgres/variables.tf b/examples/rds/basic-postgres/variables.tf new file mode 100644 index 0000000..81201f0 --- /dev/null +++ b/examples/rds/basic-postgres/variables.tf @@ -0,0 +1,40 @@ +variable "name" { + type = string +} + +variable "access_key" { + type = string +} + +variable "secret_key" { + type = string +} + +variable "region" { + type = string +} + +variable "humanitec_org_id" { + type = string +} + +variable "humanitec_token" { + type = string +} + +variable "resource_packs_aws_url" { + description = "AWS Resource Pack git url" + type = string + default = "https://github.com/humanitec-architecture/resource-packs-aws.git" +} + +variable "resource_packs_aws_rev" { + description = "AWS Resource Pack git branch" + type = string + default = "refs/heads/main" +} + +variable "humanitec_host" { + type = string + default = "https://api.humanitec.io" +} diff --git a/examples/rds/basic-postgres/vpc.tf b/examples/rds/basic-postgres/vpc.tf new file mode 100644 index 0000000..da57987 --- /dev/null +++ b/examples/rds/basic-postgres/vpc.tf @@ -0,0 +1,48 @@ +data "aws_availability_zones" "available" {} + +locals { + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 4.0" + + name = var.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)] + + enable_nat_gateway = true + single_nat_gateway = true + + default_security_group_egress = [ + { + cidr_blocks = "0.0.0.0/0" + protocol = "-1" + from_port = 0 + to_port = 0 + } + ] + + default_security_group_ingress = [ + { + cidr_blocks = "0.0.0.0/0" + protocol = "-1" + from_port = 0 + to_port = 0 + } + ] + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} diff --git a/humanitec-resource-defs/rds/basic/README.md b/humanitec-resource-defs/rds/basic/README.md new file mode 100644 index 0000000..68d3b24 --- /dev/null +++ b/humanitec-resource-defs/rds/basic/README.md @@ -0,0 +1,64 @@ + + + +## Providers + +| Name | Version | +|------|---------| +| humanitec | n/a | + +## Resources + +| Name | Type | +|------|------| +| [humanitec_resource_definition.main](https://registry.terraform.io/providers/humanitec/humanitec/latest/docs/resources/resource_definition) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| access\_key | n/a | `string` | n/a | yes | +| database\_name | n/a | `string` | n/a | yes | +| db\_subnet\_group\_name | n/a | `string` | n/a | yes | +| name | n/a | `string` | n/a | yes | +| password | n/a | `string` | n/a | yes | +| prefix | n/a | `string` | n/a | yes | +| region | n/a | `string` | n/a | yes | +| secret\_key | n/a | `string` | n/a | yes | +| subnet\_ids | n/a | `set(string)` | n/a | yes | +| username | n/a | `string` | n/a | yes | +| vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes | +| allocated\_storage | n/a | `number` | `20` | no | +| backup\_retention\_period | n/a | `number` | `1` | no | +| backup\_window | n/a | `string` | `null` | no | +| create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | +| create\_db\_subnet\_group | n/a | `bool` | `true` | no | +| create\_monitoring\_role | n/a | `bool` | `true` | no | +| deletion\_protection | n/a | `bool` | `false` | no | +| enabled\_cloudwatch\_logs\_exports | n/a | `set(string)` | `[]` | no | +| engine | n/a | `string` | `"postgres"` | no | +| engine\_version | n/a | `string` | `"14"` | no | +| group\_family | n/a | `string` | `"postgres14"` | no | +| instance\_class | n/a | `string` | `"db.t4g.large"` | no | +| maintenance\_window | n/a | `string` | `null` | no | +| max\_allocated\_storage | n/a | `number` | `100` | no | +| monitoring\_interval | n/a | `number` | `60` | no | +| monitoring\_role\_description | n/a | `string` | `"Monitoring role for RDS basic cluster"` | no | +| monitoring\_role\_name | n/a | `string` | `"rds-basic-monitoring-role"` | no | +| monitoring\_role\_use\_name\_prefix | n/a | `bool` | `true` | no | +| multi\_az | n/a | `bool` | `true` | no | +| parameters | n/a | `set(any)` | `[]` | no | +| performance\_insights\_enabled | n/a | `bool` | `true` | no | +| performance\_insights\_retention\_period | n/a | `number` | `7` | no | +| port | n/a | `number` | `5432` | no | +| resource\_packs\_aws\_rev | n/a | `string` | `"ref/heads/main"` | no | +| resource\_packs\_aws\_url | n/a | `string` | `"https://github.com/humanitec-architecture/resource-packs-aws.git"` | no | +| skip\_final\_snapshot | n/a | `bool` | `true` | no | +| type | n/a | `string` | `"postgres"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| id | n/a | + \ No newline at end of file diff --git a/humanitec-resource-defs/rds/basic/main.tf b/humanitec-resource-defs/rds/basic/main.tf new file mode 100644 index 0000000..ae600ed --- /dev/null +++ b/humanitec-resource-defs/rds/basic/main.tf @@ -0,0 +1,60 @@ +resource "humanitec_resource_definition" "main" { + driver_type = "humanitec/terraform" + id = "${var.prefix}rds" + name = "${var.prefix}rds" + type = var.type + + driver_inputs = { + secrets_string = jsonencode({ + variables = { + access_key = var.access_key + secret_key = var.secret_key + } + }) + + values_string = jsonencode({ + source = { + path = "modules/rds/basic" + rev = var.resource_packs_aws_rev + url = var.resource_packs_aws_url + } + variables = { + region = var.region + res_id = "$${context.res.id}" + app_id = "$${context.app.id}" + env_id = "$${context.env.id}" + name = var.name + database_name = var.database_name + username = var.username + password = var.password + create_db_subnet_group = var.create_db_subnet_group + db_subnet_group_name = var.db_subnet_group_name + subnet_ids = var.subnet_ids + vpc_security_group_ids = var.vpc_security_group_ids + port = var.port + engine = var.engine + engine_version = var.engine_version + group_family = var.group_family + instance_class = var.instance_class + allocated_storage = var.allocated_storage + max_allocated_storage = var.max_allocated_storage + multi_az = var.multi_az + maintenance_window = var.maintenance_window + backup_window = var.backup_window + backup_retention_period = var.backup_retention_period + create_cloudwatch_log_group = var.create_cloudwatch_log_group + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + skip_final_snapshot = var.skip_final_snapshot + deletion_protection = var.deletion_protection + performance_insights_enabled = var.performance_insights_enabled + performance_insights_retention_period = var.performance_insights_retention_period + create_monitoring_role = var.create_monitoring_role + monitoring_interval = var.monitoring_interval + monitoring_role_name = var.monitoring_role_name + monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix + monitoring_role_description = var.monitoring_role_description + parameters = var.parameters + } + }) + } +} diff --git a/humanitec-resource-defs/rds/basic/outputs.tf b/humanitec-resource-defs/rds/basic/outputs.tf new file mode 100644 index 0000000..28542ec --- /dev/null +++ b/humanitec-resource-defs/rds/basic/outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = humanitec_resource_definition.main.id +} diff --git a/humanitec-resource-defs/rds/basic/providers.tf b/humanitec-resource-defs/rds/basic/providers.tf new file mode 100644 index 0000000..5cd4350 --- /dev/null +++ b/humanitec-resource-defs/rds/basic/providers.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + humanitec = { + source = "humanitec/humanitec" + } + } +} diff --git a/humanitec-resource-defs/rds/basic/terraform.tfvars.example b/humanitec-resource-defs/rds/basic/terraform.tfvars.example new file mode 100644 index 0000000..c9cc4c4 --- /dev/null +++ b/humanitec-resource-defs/rds/basic/terraform.tfvars.example @@ -0,0 +1,38 @@ +access_key = "" +allocated_storage = 20 +backup_retention_period = 1 +backup_window = "" +create_cloudwatch_log_group = false +create_db_subnet_group = true +create_monitoring_role = true +database_name = "" +db_subnet_group_name = "" +deletion_protection = false +enabled_cloudwatch_logs_exports = [] +engine = "postgres" +engine_version = "14" +group_family = "postgres14" +instance_class = "db.t4g.large" +maintenance_window = "" +max_allocated_storage = 100 +monitoring_interval = 60 +monitoring_role_description = "Monitoring role for RDS basic cluster" +monitoring_role_name = "rds-basic-monitoring-role" +monitoring_role_use_name_prefix = true +multi_az = true +name = "" +parameters = [] +password = "" +performance_insights_enabled = true +performance_insights_retention_period = 7 +port = 5432 +prefix = "" +region = "" +resource_packs_aws_rev = "ref/heads/main" +resource_packs_aws_url = "https://github.com/humanitec-architecture/resource-packs-aws.git" +secret_key = "" +skip_final_snapshot = true +subnet_ids = "" +type = "postgres" +username = "" +vpc_security_group_ids = "" \ No newline at end of file diff --git a/humanitec-resource-defs/rds/basic/variables.tf b/humanitec-resource-defs/rds/basic/variables.tf new file mode 100644 index 0000000..374e09e --- /dev/null +++ b/humanitec-resource-defs/rds/basic/variables.tf @@ -0,0 +1,180 @@ +variable "prefix" { + type = string +} + +variable "resource_packs_aws_rev" { + type = string + default = "ref/heads/main" +} + +variable "resource_packs_aws_url" { + type = string + default = "https://github.com/humanitec-architecture/resource-packs-aws.git" +} + +variable "region" { + type = string +} + +variable "access_key" { + type = string +} + +variable "secret_key" { + type = string +} + +variable "name" { + type = string +} + +variable "database_name" { + type = string +} + +variable "username" { + type = string + sensitive = true +} + +variable "password" { + type = string + sensitive = true +} + +variable "create_db_subnet_group" { + type = bool + default = true +} + +variable "db_subnet_group_name" { + type = string +} + +variable "subnet_ids" { + type = set(string) +} + +variable "vpc_security_group_ids" { + type = set(string) +} + +variable "port" { + type = number + default = 5432 +} + +variable "type" { + type = string + default = "postgres" +} + +variable "engine" { + type = string + default = "postgres" +} + +variable "engine_version" { + type = string + default = "14" +} + +variable "group_family" { + type = string + default = "postgres14" +} + +variable "instance_class" { + type = string + default = "db.t4g.large" +} + +variable "allocated_storage" { + type = number + default = 20 +} + +variable "max_allocated_storage" { + type = number + default = 100 +} + +variable "multi_az" { + type = bool + default = true +} + +variable "maintenance_window" { + type = string + default = null # "Mon:00:00-Mon:03:00" +} + +variable "backup_window" { + type = string + default = null # "03:00-06:00" +} + +variable "backup_retention_period" { + type = number + default = 1 +} + +variable "create_cloudwatch_log_group" { + type = bool + default = false +} + +variable "enabled_cloudwatch_logs_exports" { + type = set(string) + default = [] +} + +variable "skip_final_snapshot" { + type = bool + default = true +} + +variable "deletion_protection" { + type = bool + default = false +} + +variable "performance_insights_enabled" { + type = bool + default = true +} + +variable "performance_insights_retention_period" { + type = number + default = 7 +} + +variable "create_monitoring_role" { + type = bool + default = true +} + +variable "monitoring_interval" { + type = number + default = 60 +} + +variable "monitoring_role_name" { + type = string + default = "rds-basic-monitoring-role" +} + +variable "monitoring_role_use_name_prefix" { + type = bool + default = true +} + +variable "monitoring_role_description" { + type = string + default = "Monitoring role for RDS basic cluster" +} + +variable "parameters" { + type = set(any) + default = [] +} \ No newline at end of file diff --git a/modules/rds/basic/README.md b/modules/rds/basic/README.md new file mode 100644 index 0000000..a2652dd --- /dev/null +++ b/modules/rds/basic/README.md @@ -0,0 +1,66 @@ + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.3.0 | +| aws | ~> 5.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| db | terraform-aws-modules/rds/aws | 6.3.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| access\_key | n/a | `string` | n/a | yes | +| app\_id | n/a | `string` | n/a | yes | +| database\_name | n/a | `string` | n/a | yes | +| db\_subnet\_group\_name | n/a | `string` | n/a | yes | +| env\_id | n/a | `string` | n/a | yes | +| name | n/a | `string` | n/a | yes | +| password | n/a | `string` | n/a | yes | +| region | n/a | `string` | n/a | yes | +| res\_id | n/a | `string` | n/a | yes | +| secret\_key | n/a | `string` | n/a | yes | +| subnet\_ids | n/a | `set(string)` | n/a | yes | +| username | n/a | `string` | n/a | yes | +| vpc\_security\_group\_ids | n/a | `set(string)` | n/a | yes | +| allocated\_storage | n/a | `number` | `20` | no | +| backup\_retention\_period | n/a | `number` | `1` | no | +| backup\_window | n/a | `string` | `null` | no | +| create\_cloudwatch\_log\_group | n/a | `bool` | `false` | no | +| create\_db\_subnet\_group | n/a | `bool` | `true` | no | +| create\_monitoring\_role | n/a | `bool` | `true` | no | +| deletion\_protection | n/a | `bool` | `false` | no | +| enabled\_cloudwatch\_logs\_exports | n/a | `set(string)` | `[]` | no | +| engine | n/a | `string` | `"postgres"` | no | +| engine\_version | n/a | `string` | `"14"` | no | +| group\_family | n/a | `string` | `"postgres14"` | no | +| instance\_class | n/a | `string` | `"db.t4g.large"` | no | +| maintenance\_window | n/a | `string` | `null` | no | +| max\_allocated\_storage | n/a | `number` | `100` | no | +| monitoring\_interval | n/a | `number` | `60` | no | +| monitoring\_role\_description | n/a | `string` | `"Monitoring role for RDS cluster"` | no | +| monitoring\_role\_name | n/a | `string` | `"rds-monitoring-role"` | no | +| monitoring\_role\_use\_name\_prefix | n/a | `bool` | `true` | no | +| multi\_az | n/a | `bool` | `true` | no | +| parameters | n/a | `set(any)` | `[]` | no | +| performance\_insights\_enabled | n/a | `bool` | `true` | no | +| performance\_insights\_retention\_period | n/a | `number` | `7` | no | +| port | n/a | `number` | `5432` | no | +| skip\_final\_snapshot | n/a | `bool` | `true` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| host | n/a | +| name | n/a | +| password | n/a | +| port | n/a | +| username | n/a | + \ No newline at end of file diff --git a/modules/rds/basic/main.tf b/modules/rds/basic/main.tf new file mode 100644 index 0000000..df3c2b2 --- /dev/null +++ b/modules/rds/basic/main.tf @@ -0,0 +1,49 @@ +module "db" { + source = "terraform-aws-modules/rds/aws" + version = "6.3.0" + + identifier = var.name + db_name = var.database_name + port = var.port + + engine = var.engine + engine_version = var.engine_version + family = var.group_family + major_engine_version = split(".", var.engine_version)[0] + instance_class = var.instance_class + + allocated_storage = var.allocated_storage + max_allocated_storage = var.max_allocated_storage + + manage_master_user_password = false + username = var.username + password = var.password + + multi_az = var.multi_az + + create_db_subnet_group = var.create_db_subnet_group + db_subnet_group_name = var.db_subnet_group_name + subnet_ids = var.subnet_ids + + vpc_security_group_ids = var.vpc_security_group_ids + + maintenance_window = var.maintenance_window + backup_window = var.backup_window + backup_retention_period = var.backup_retention_period + + create_cloudwatch_log_group = var.create_cloudwatch_log_group + enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports + + skip_final_snapshot = var.skip_final_snapshot + deletion_protection = var.deletion_protection + + performance_insights_enabled = var.performance_insights_enabled + performance_insights_retention_period = var.performance_insights_retention_period + create_monitoring_role = var.create_monitoring_role + monitoring_interval = var.monitoring_interval + monitoring_role_name = var.monitoring_role_name + monitoring_role_use_name_prefix = var.monitoring_role_use_name_prefix + monitoring_role_description = var.monitoring_role_description + + parameters = var.parameters +} diff --git a/modules/rds/basic/outputs.tf b/modules/rds/basic/outputs.tf new file mode 100644 index 0000000..6491b12 --- /dev/null +++ b/modules/rds/basic/outputs.tf @@ -0,0 +1,21 @@ +output "name" { + value = module.db.db_instance_name +} + +output "username" { + value = module.db.db_instance_username + sensitive = true +} + +output "password" { + value = var.password + sensitive = true +} + +output "host" { + value = module.db.db_instance_address +} + +output "port" { + value = module.db.db_instance_port +} diff --git a/modules/rds/basic/providers.tf b/modules/rds/basic/providers.tf new file mode 100644 index 0000000..38763b0 --- /dev/null +++ b/modules/rds/basic/providers.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } + + required_version = ">= 1.3.0" +} + +provider "aws" { + # Injected via the humanitec-terraform-driver + access_key = var.access_key + secret_key = var.secret_key + region = var.region + + default_tags { + tags = { + "managed-by" = "humanitec" + "hum-app-id" = var.app_id + "hum-env-id" = var.env_id + "hum-res-id" = var.res_id + } + } +} diff --git a/modules/rds/basic/terraform.tfvars.example b/modules/rds/basic/terraform.tfvars.example new file mode 100644 index 0000000..bdc921f --- /dev/null +++ b/modules/rds/basic/terraform.tfvars.example @@ -0,0 +1,37 @@ +access_key = "" +allocated_storage = 20 +app_id = "" +backup_retention_period = 1 +backup_window = "" +create_cloudwatch_log_group = false +create_db_subnet_group = true +create_monitoring_role = true +database_name = "" +db_subnet_group_name = "" +deletion_protection = false +enabled_cloudwatch_logs_exports = [] +engine = "postgres" +engine_version = "14" +env_id = "" +group_family = "postgres14" +instance_class = "db.t4g.large" +maintenance_window = "" +max_allocated_storage = 100 +monitoring_interval = 60 +monitoring_role_description = "Monitoring role for RDS cluster" +monitoring_role_name = "rds-monitoring-role" +monitoring_role_use_name_prefix = true +multi_az = true +name = "" +parameters = [] +password = "" +performance_insights_enabled = true +performance_insights_retention_period = 7 +port = 5432 +region = "" +res_id = "" +secret_key = "" +skip_final_snapshot = true +subnet_ids = "" +username = "" +vpc_security_group_ids = "" \ No newline at end of file diff --git a/modules/rds/basic/variables.tf b/modules/rds/basic/variables.tf new file mode 100644 index 0000000..2b53a52 --- /dev/null +++ b/modules/rds/basic/variables.tf @@ -0,0 +1,173 @@ +variable "region" { + type = string +} + +variable "access_key" { + type = string +} + +variable "secret_key" { + type = string +} + +variable "app_id" { + type = string +} + +variable "env_id" { + type = string +} + +variable "res_id" { + type = string +} + +variable "name" { + type = string +} + +variable "database_name" { + type = string +} + +variable "username" { + type = string + sensitive = true +} + +variable "password" { + type = string + sensitive = true +} + +variable "create_db_subnet_group" { + type = bool + default = true +} + +variable "db_subnet_group_name" { + type = string +} + +variable "subnet_ids" { + type = set(string) +} + +variable "vpc_security_group_ids" { + type = set(string) +} + +variable "port" { + type = number + default = 5432 +} + +variable "engine" { + type = string + default = "postgres" +} + +variable "engine_version" { + type = string + default = "14" +} + +variable "group_family" { + type = string + default = "postgres14" +} + +variable "instance_class" { + type = string + default = "db.t4g.large" +} + +variable "allocated_storage" { + type = number + default = 20 +} + +variable "max_allocated_storage" { + type = number + default = 100 +} + +variable "multi_az" { + type = bool + default = true +} + +variable "maintenance_window" { + type = string + default = null # "Mon:00:00-Mon:03:00" +} + +variable "backup_window" { + type = string + default = null # "03:00-06:00" +} + +variable "backup_retention_period" { + type = number + default = 1 +} + +variable "create_cloudwatch_log_group" { + type = bool + default = false +} + +variable "enabled_cloudwatch_logs_exports" { + type = set(string) + default = [] +} + +variable "skip_final_snapshot" { + type = bool + default = true +} + +variable "deletion_protection" { + type = bool + default = false +} + +variable "performance_insights_enabled" { + type = bool + default = true +} + +variable "performance_insights_retention_period" { + type = number + default = 7 +} + +variable "create_monitoring_role" { + type = bool + default = true +} + +variable "monitoring_interval" { + type = number + default = 60 +} + +variable "monitoring_role_name" { + type = string + default = "rds-monitoring-role" +} + +variable "monitoring_role_use_name_prefix" { + type = bool + default = true +} + +variable "monitoring_role_description" { + type = string + default = "Monitoring role for RDS cluster" +} + +variable "parameters" { + type = set(any) + default = [] +} \ No newline at end of file