From 81895e74ab6aa09942b8c348f71a68583bc1023b Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 12 Dec 2018 13:32:53 +0100
Subject: [PATCH 1/2] Added IGW route for DB subnets (based on #179)

---
 README.md                     | 14 ++++++++++++++
 examples/complete-vpc/main.tf |  7 ++++++-
 main.tf                       | 12 ++++++++++++
 variables.tf                  |  5 +++++
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2fda390ab..dcb4dfd4a 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,19 @@ module "vpc" {
 }
 ```
 
+## Public access to RDS instances
+
+Sometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments:
+
+```hcl
+  create_database_subnet_group           = true
+  create_database_subnet_route_table     = true
+  create_database_internet_gateway_route = true
+
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+```
+
 ## Terraform version
 
 Terraform version 0.10.3 or newer is required for this module to work.
@@ -170,6 +183,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no |
 | azs | A list of availability zones in the region | list | `[]` | no |
 | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no |
+| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no |
 | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no |
 | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no |
 | create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no |
diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf
index 67e3d2bc0..0e49bad0f 100644
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -17,13 +17,18 @@ module "vpc" {
   redshift_subnets    = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"]
   intra_subnets       = ["10.10.51.0/24", "10.10.52.0/24", "10.10.53.0/24"]
 
-  create_database_subnet_group = false
+  create_database_subnet_group           = true
+  create_database_subnet_route_table     = true
+  create_database_internet_gateway_route = true
 
   enable_nat_gateway = true
   single_nat_gateway = true
 
   enable_vpn_gateway = true
 
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
   enable_s3_endpoint       = true
   enable_dynamodb_endpoint = true
 
diff --git a/main.tf b/main.tf
index 5aa8c546e..091c36585 100644
--- a/main.tf
+++ b/main.tf
@@ -121,6 +121,18 @@ resource "aws_route_table" "database" {
   tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}"
 }
 
+resource "aws_route" "database_internet_gateway" {
+  count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0}"
+
+  route_table_id         = "${aws_route_table.database.id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.this.id}"
+
+  timeouts {
+    create = "5m"
+  }
+}
+
 #################
 # Redshift routes
 #################
diff --git a/variables.tf b/variables.tf
index 13af9383f..8694fbfa4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -107,6 +107,11 @@ variable "create_database_subnet_group" {
   default     = true
 }
 
+variable "create_database_internet_gateway_route" {
+  description = "Controls if an internet gateway route for public database access should be created"
+  default     = false
+}
+
 variable "azs" {
   description = "A list of availability zones in the region"
   default     = []

From 14b42376937fbbfd826d4be914c65021ac61e007 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Wed, 12 Dec 2018 13:35:19 +0100
Subject: [PATCH 2/2] Reverted complete-example

---
 examples/complete-vpc/main.tf | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf
index 0e49bad0f..67e3d2bc0 100644
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -17,18 +17,13 @@ module "vpc" {
   redshift_subnets    = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"]
   intra_subnets       = ["10.10.51.0/24", "10.10.52.0/24", "10.10.53.0/24"]
 
-  create_database_subnet_group           = true
-  create_database_subnet_route_table     = true
-  create_database_internet_gateway_route = true
+  create_database_subnet_group = false
 
   enable_nat_gateway = true
   single_nat_gateway = true
 
   enable_vpn_gateway = true
 
-  enable_dns_hostnames = true
-  enable_dns_support   = true
-
   enable_s3_endpoint       = true
   enable_dynamodb_endpoint = true