add RDS child module for auto-drive

DaMandal0rian · DaMandal0rian · commit c60277ca440c · 2025-01-23T21:19:40.000+03:00
diff --git a/auto-drive/db.tf b/auto-drive/db.tf
@@ -0,0 +1,155 @@
+data "aws_caller_identity" "current" {}
+
+################################################################################
+# RDS Module
+################################################################################
+
+module "db" {
+  source = "../templates/terraform/aws/rds/"
+
+  identifier = local.name
+
+  engine                   = "postgres"
+  engine_version           = "16"
+  engine_lifecycle_support = "open-source-rds-extended-support-disabled"
+  family                   = "postgres16" # DB parameter group
+  major_engine_version     = "16"         # DB option group
+  instance_class           = "db.t4g.large"
+
+  allocated_storage     = 50
+  max_allocated_storage = 200
+
+
+  db_name  = "postgres"
+  username = "postgres"
+  port     = 5432
+
+
+  manage_master_user_password_rotation              = true
+  master_user_password_rotate_immediately           = false
+  master_user_password_rotation_schedule_expression = "rate(15 days)"
+
+  multi_az               = true
+  db_subnet_group_name   = module.vpc_rds.database_subnet_group
+  vpc_security_group_ids = [module.security_group.security_group_id]
+
+  maintenance_window              = "Mon:00:00-Mon:03:00"
+  backup_window                   = "03:00-06:00"
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
+  create_cloudwatch_log_group     = true
+
+  backup_retention_period = 1
+  skip_final_snapshot     = true
+  deletion_protection     = false
+
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+  monitoring_interval                   = 60
+  monitoring_role_name                  = "example-monitoring-role-name"
+  monitoring_role_use_name_prefix       = true
+  monitoring_role_description           = "Description for monitoring role"
+
+  parameters = [
+    {
+      name  = "autovacuum"
+      value = 1
+    },
+    {
+      name  = "client_encoding"
+      value = "utf8"
+    }
+  ]
+
+  tags = local.tags
+  db_option_group_tags = {
+    "Sensitive" = "low"
+  }
+  db_parameter_group_tags = {
+    "Sensitive" = "low"
+  }
+  cloudwatch_log_group_tags = {
+    "Sensitive" = "high"
+  }
+}
+
+################################################################################
+# RDS Automated Backups Replication Module
+################################################################################
+
+provider "aws" {
+  alias  = "region2"
+  region = local.region2
+}
+
+module "kms" {
+  source      = "terraform-aws-modules/kms/aws"
+  version     = "~> 1.0"
+  description = "KMS key for cross region automated backups replication"
+
+  # Aliases
+  aliases                 = [local.name]
+  aliases_use_name_prefix = true
+
+  key_owners = [data.aws_caller_identity.current.arn]
+
+  tags = local.tags
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+module "db_automated_backups_replication" {
+  source = "../templates/terraform/aws/rds/modules/db_instance_automated_backups_replication"
+
+  source_db_instance_arn = module.db.db_instance_arn
+  kms_key_arn            = module.kms.key_arn
+
+  providers = {
+    aws = aws.region2
+  }
+}
+
+################################################################################
+# Supporting Resources
+################################################################################
+
+module "vpc_rds" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs              = local.azs
+  public_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+  private_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 3)]
+  database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 6)]
+
+  create_database_subnet_group = true
+
+  tags = local.tags
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+
+  name        = local.name
+  description = "Auto Drive PostgreSQL security group"
+  vpc_id      = module.vpc_rds.vpc_id
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      description = "PostgreSQL access from within VPC"
+      cidr_blocks = module.vpc_rds.vpc_cidr_block
+    },
+  ]
+
+  tags = local.tags
+}
diff --git a/auto-drive/main.tf b/auto-drive/main.tf
@@ -7,8 +7,9 @@ data "aws_availability_zones" "available" {
 }
 
 locals {
-  name   = basename(path.cwd)
-  region = var.region
+  name    = basename(path.cwd)
+  region  = var.region
+  region2 = "us-west-1"
 
   vpc_cidr = var.vpc_cidr
   azs      = slice(data.aws_availability_zones.available.names, 0, var.az_count)
diff --git a/auto-drive/outputs.tf b/auto-drive/outputs.tf
@@ -75,3 +75,114 @@ output "gateway_eip" {
   description = "Elastic IPs for Gateway instances"
   value       = aws_eip.gateway_eip[*].public_ip
 }
+
+
+################################################################################
+# RDS Outputs
+################################################################################
+
+output "db_instance_address" {
+  description = "The address of the RDS instance"
+  value       = module.db.db_instance_address
+}
+
+output "db_instance_arn" {
+  description = "The ARN of the RDS instance"
+  value       = module.db.db_instance_arn
+}
+
+output "db_instance_availability_zone" {
+  description = "The availability zone of the RDS instance"
+  value       = module.db.db_instance_availability_zone
+}
+
+output "db_instance_endpoint" {
+  description = "The connection endpoint"
+  value       = module.db.db_instance_endpoint
+}
+
+output "db_instance_engine" {
+  description = "The database engine"
+  value       = module.db.db_instance_engine
+}
+
+output "db_instance_engine_version_actual" {
+  description = "The running version of the database"
+  value       = module.db.db_instance_engine_version_actual
+}
+
+output "db_instance_hosted_zone_id" {
+  description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)"
+  value       = module.db.db_instance_hosted_zone_id
+}
+
+output "db_instance_identifier" {
+  description = "The RDS instance identifier"
+  value       = module.db.db_instance_identifier
+}
+
+output "db_instance_resource_id" {
+  description = "The RDS Resource ID of this instance"
+  value       = module.db.db_instance_resource_id
+}
+
+output "db_instance_status" {
+  description = "The RDS instance status"
+  value       = module.db.db_instance_status
+}
+
+output "db_instance_name" {
+  description = "The database name"
+  value       = module.db.db_instance_name
+}
+
+output "db_instance_username" {
+  description = "The master username for the database"
+  value       = module.db.db_instance_username
+  sensitive   = true
+}
+
+output "db_instance_port" {
+  description = "The database port"
+  value       = module.db.db_instance_port
+}
+
+output "db_subnet_group_id" {
+  description = "The db subnet group name"
+  value       = module.db.db_subnet_group_id
+}
+
+output "db_subnet_group_arn" {
+  description = "The ARN of the db subnet group"
+  value       = module.db.db_subnet_group_arn
+}
+
+output "db_parameter_group_id" {
+  description = "The db parameter group id"
+  value       = module.db.db_parameter_group_id
+}
+
+output "db_parameter_group_arn" {
+  description = "The ARN of the db parameter group"
+  value       = module.db.db_parameter_group_arn
+}
+
+output "db_enhanced_monitoring_iam_role_arn" {
+  description = "The Amazon Resource Name (ARN) specifying the monitoring role"
+  value       = module.db.enhanced_monitoring_iam_role_arn
+}
+
+output "db_instance_cloudwatch_log_groups" {
+  description = "Map of CloudWatch log groups created and their attributes"
+  value       = module.db.db_instance_cloudwatch_log_groups
+}
+
+output "db_instance_master_user_secret_arn" {
+  description = "The ARN of the master user secret (Only available when manage_master_user_password is set to true)"
+  value       = module.db.db_instance_master_user_secret_arn
+}
+
+output "db_instance_secretsmanager_secret_rotation_enabled" {
+  description = "Specifies whether automatic rotation is enabled for the secret"
+  value       = module.db.db_instance_secretsmanager_secret_rotation_enabled
+}
