From 837163342e2672e298e3996968e4f1e4b06c2e33 Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Tue, 16 Jul 2024 07:33:00 +0100 Subject: [PATCH 1/3] Enabling dev RDS in prep for legacy account final migration --- .../environments/performance-hub/application_variables.json | 2 +- terraform/environments/performance-hub/database.tf | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/terraform/environments/performance-hub/application_variables.json b/terraform/environments/performance-hub/application_variables.json index 2f19b37aa52..426032fb547 100644 --- a/terraform/environments/performance-hub/application_variables.json +++ b/terraform/environments/performance-hub/application_variables.json @@ -15,7 +15,7 @@ "container_memory": "3072", "task_definition_volume": "upload_volume", "network_mode": "none", - "db_enabled": false, + "db_enabled": true, "db_instance_class": "db.m5.large", "db_user": "admin", "db_allocated_storage": "100", diff --git a/terraform/environments/performance-hub/database.tf b/terraform/environments/performance-hub/database.tf index 2efc0e34865..301e61e1ccf 100644 --- a/terraform/environments/performance-hub/database.tf +++ b/terraform/environments/performance-hub/database.tf @@ -31,7 +31,11 @@ resource "aws_db_instance" "database" { db_subnet_group_name = aws_db_subnet_group.db.id enabled_cloudwatch_logs_exports = ["error"] ca_cert_identifier = "rds-ca-rsa2048-g1" - apply_immediately = true + # BE VERY CAREFUL with apply_immediately = true. Useful if you want to see the results, but can cause a reboot + # of RDS meaning the connected app will fail. + # When apply_immediately=false, RDS changes are applied during the next maintenance_window + # For future reference, updating ca_cert_identifier with apply_immediately=true was fine. + apply_immediately = false # timeouts { # create = "40m" From a15d7527ba7a0841ffbcad19cc9b5ca23bdc8666 Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Tue, 16 Jul 2024 09:05:28 +0100 Subject: [PATCH 2/3] Tidy up a comment --- terraform/environments/performance-hub/database.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/environments/performance-hub/database.tf b/terraform/environments/performance-hub/database.tf index 301e61e1ccf..f2c920ebed6 100644 --- a/terraform/environments/performance-hub/database.tf +++ b/terraform/environments/performance-hub/database.tf @@ -34,7 +34,6 @@ resource "aws_db_instance" "database" { # BE VERY CAREFUL with apply_immediately = true. Useful if you want to see the results, but can cause a reboot # of RDS meaning the connected app will fail. # When apply_immediately=false, RDS changes are applied during the next maintenance_window - # For future reference, updating ca_cert_identifier with apply_immediately=true was fine. apply_immediately = false # timeouts { From fb984797a4714abb4c186f33cac0d19dacf04f94 Mon Sep 17 00:00:00 2001 From: Jeremy Collins Date: Tue, 16 Jul 2024 12:41:03 +0100 Subject: [PATCH 3/3] Remove RDS snapshot_identifier --- terraform/environments/performance-hub/database.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/performance-hub/database.tf b/terraform/environments/performance-hub/database.tf index f2c920ebed6..d5a6c44d0fa 100644 --- a/terraform/environments/performance-hub/database.tf +++ b/terraform/environments/performance-hub/database.tf @@ -20,7 +20,7 @@ resource "aws_db_instance" "database" { storage_encrypted = true iam_database_authentication_enabled = false vpc_security_group_ids = [aws_security_group.db.id] - snapshot_identifier = format("arn:aws:rds:eu-west-2:%s:snapshot:%s", data.aws_caller_identity.current.account_id, local.app_data.accounts[local.environment].db_snapshot_identifier) + #snapshot_identifier = format("arn:aws:rds:eu-west-2:%s:snapshot:%s", data.aws_caller_identity.current.account_id, local.app_data.accounts[local.environment].db_snapshot_identifier) backup_retention_period = 30 maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00"