Skip to content

T
terraform-aws-rds
Commit 5884803f authored by Bryant Biggs's avatar Bryant Biggs Committed by GitHub
Browse files
Options

chore: update example projects (#298)

parent 8bae97d3
Hide whitespace changes
Inline Side-by-side
Showing with 654 additions and 417 deletions
examples/complete-mssql/README.md
View file @ 5884803f
......@@ -35,6 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
......@@ -44,9 +46,6 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
## Inputs
......
examples/complete-mssql/main.tf
View file @ 5884803f
provider "aws" {
region = "us-east-1"
region = local.region
}
locals {
name = "complete-mssql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
}
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Complete SqlServer example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 1433
to_port = 1433
protocol = "tcp"
description = "SqlServer access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
#####################################
################################################################################
# IAM Role for Windows Authentication
#####################################
################################################################################
data "aws_iam_policy_document" "rds_assume_role" {
statement {
......@@ -58,9 +87,9 @@ resource "aws_iam_role_policy_attachment" "rds_directory_services" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
##########################################
################################################################################
# AWS Directory Service (Acitve Directory)
##########################################
################################################################################
resource "aws_directory_service_directory" "demo" {
name = "corp.demo.com"
......@@ -69,63 +98,61 @@ resource "aws_directory_service_directory" "demo" {
type = "MicrosoftAD"
vpc_settings {
vpc_id = data.aws_vpc.default.id
vpc_id = module.vpc.vpc_id
# Only 2 subnets, must be in different AZs
subnet_ids = slice(tolist(data.aws_subnet_ids.all.ids), 0, 2)
subnet_ids = slice(tolist(module.vpc.database_subnets), 0, 2)
}
tags = local.tags
}
#####
# DB
#####
################################################################################
# RDS Module
################################################################################
module "db" {
source = "../../"
identifier = "demodb"
identifier = local.name
engine = "sqlserver-ex"
engine_version = "14.00.1000.169.v1"
instance_class = "db.t2.medium"
allocated_storage = 20
storage_encrypted = false
engine = "sqlserver-ex"
engine_version = "15.00.4073.23.v1"
family = "sqlserver-ex-15.0" # DB parameter group
major_engine_version = "15.00" # DB option group
instance_class = "db.t3.large"
name = null # "demodb"
username = "demouser"
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
name = null
username = "complete_mssql"
password = "YourPwdShouldBeLongAndSecure!"
port = "1433"
port = 1433
domain = aws_directory_service_directory.demo.id
domain_iam_role_name = aws_iam_role.rds_ad_auth.name
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
# disable backups to create DB faster
backup_retention_period = 0
tags = local.tags
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["error"]
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
options = []
create_db_parameter_group = false
license_model = "license-included"
timezone = "GMT Standard Time"
timezone = "Central Standard Time"
# Database Deletion Protection
deletion_protection = false
# DB options
major_engine_version = "14.00"
options = []
tags = local.tags
}
examples/complete-mysql/README.md
View file @ 5884803f
......@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
## Providers
| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.
## Modules
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.
## Inputs
......
examples/complete-mysql/main.tf
View file @ 5884803f
provider "aws" {
region = "eu-west-1"
region = local.region
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
locals {
name = "complete-mysql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
}
################################################################################
# Supporting Resources
################################################################################
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
#####
# DB
#####
module "db" {
source = "../../"
name = local.name
cidr = "10.99.0.0/18"
identifier = "demodb"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "5.7.19"
instance_class = "db.t2.large"
allocated_storage = 5
storage_encrypted = false
# kms_key_id = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
name = "demodb"
username = "user"
password = "YourPwdShouldBeLongAndSecure!"
port = "3306"
create_database_subnet_group = true
tags = local.tags
}
vpc_security_group_ids = [data.aws_security_group.default.id]
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
name = local.name
description = "Complete MySQL example security group"
vpc_id = module.vpc.vpc_id
multi_az = true
# ingress
ingress_with_cidr_blocks = [
{
from_port = 3306
to_port = 3306
protocol = "tcp"
description = "MySQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
# disable backups to create DB faster
backup_retention_period = 0
tags = local.tags
}
tags = {
Owner = "user"
Environment = "dev"
}
################################################################################
# RDS Module
################################################################################
enabled_cloudwatch_logs_exports = ["audit", "general"]
module "db" {
source = "../../"
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
identifier = local.name
# DB parameter group
family = "mysql5.7"
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "8.0.20"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
name = "completeMysql"
username = "complete_mysql"
password = "YourPwdShouldBeLongAndSecure!"
port = 3306
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
# DB option group
major_engine_version = "5.7"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]
# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# Database Deletion Protection
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
parameters = [
{
......@@ -98,4 +122,6 @@ module "db" {
]
},
]
tags = local.tags
}
examples/complete-oracle/README.md
View file @ 5884803f
......@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
## Providers
| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.
## Modules
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.
## Inputs
......
examples/complete-oracle/main.tf
View file @ 5884803f
provider "aws" {
region = "eu-west-1"
region = local.region
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
locals {
name = "complete-oracle"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Complete Oracle example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 1521
to_port = 1521
protocol = "tcp"
description = "Oracle access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
#####
# DB
#####
################################################################################
# RDS Module
################################################################################
module "db" {
source = "../../"
identifier = "demodb-oracle"
engine = "oracle-ee"
engine_version = "12.1.0.2.v8"
instance_class = "db.t2.large"
allocated_storage = 10
storage_encrypted = false
license_model = "bring-your-own-license"
# Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
name = "DEMODB"
username = "something_like_user"
password = "YourPwdShouldBeLongAndSecure!"
port = "1521"
iam_database_authentication_enabled = false
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
engine = "oracle-ee"
engine_version = "12.1.0.2.v8"
family = "oracle-ee-12.1" # DB parameter group
major_engine_version = "12.1" # DB option group
instance_class = "db.t3.large"
license_model = "bring-your-own-license"
# disable backups to create DB faster
backup_retention_period = 0
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
tags = {
Owner = "user"
Environment = "dev"
}
# Make sure that database name is capitalized, otherwise RDS will try to recreate RDS instance every time
name = "COMPLETEORACLE"
username = "complete_oracle"
password = "YourPwdShouldBeLongAndSecure!"
port = 1521
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
# DB parameter group
family = "oracle-ee-12.1"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["alert", "audit"]
# DB option group
major_engine_version = "12.1"
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
# See here for support character sets https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html
character_set_name = "AL32UTF8"
# Database Deletion Protection
deletion_protection = false
tags = local.tags
}
examples/complete-postgres/README.md
View file @ 5884803f
......@@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des
## Providers
| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.
## Modules
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.
## Inputs
......
examples/complete-postgres/main.tf
View file @ 5884803f
provider "aws" {
region = "us-west-1"
region = local.region
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
locals {
name = "complete-postgresql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Complete PostgreSQL example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "PostgreSQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
#####
# DB
#####
################################################################################
# RDS Module
################################################################################
module "db" {
source = "../../"
identifier = "demodb-postgres"
identifier = local.name
engine = "postgres"
engine_version = "11.6"
instance_class = "db.t2.large"
allocated_storage = 5
storage_encrypted = false
# All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts
engine = "postgres"
engine_version = "11.10"
family = "postgres11" # DB parameter group
major_engine_version = "11" # DB option group
instance_class = "db.t3.large"
# kms_key_id = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
name = "demodb"
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
# NOTE: Do NOT use 'user' as the value for 'username' as it throws:
# "Error creating DB Instance: InvalidParameterValue: MasterUsername
# user cannot be used as it is a reserved word used by the engine"
username = "demouser"
name = "completePostgresql"
username = "complete_postgresql"
password = "YourPwdShouldBeLongAndSecure!"
port = "5432"
port = 5432
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
# disable backups to create DB faster
backup_retention_period = 0
tags = {
Owner = "user"
Environment = "dev"
}
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
# DB parameter group
family = "postgres11"
# DB option group
major_engine_version = "11"
# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
# Database Deletion Protection
deletion_protection = false
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
parameters = [
{
name = "autovacuum"
value = true
},
{
name = "client_encoding"
value = "utf8"
}
]
tags = local.tags
}
examples/enhanced-monitoring/README.md
View file @ 5884803f
......@@ -37,6 +37,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
......@@ -45,9 +47,6 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
## Inputs
......
examples/enhanced-monitoring/main.tf
View file @ 5884803f
provider "aws" {
region = "eu-west-1"
region = local.region
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
locals {
name = "enhanced-monitoring"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Enhanced monitoring MySQL example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 3306
to_port = 3306
protocol = "tcp"
description = "MySQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
##################################################
################################################################################
# Create an IAM role to allow enhanced monitoring
##################################################
################################################################################
resource "aws_iam_role" "rds_enhanced_monitoring" {
name_prefix = "rds-enhanced-monitoring-"
assume_role_policy = data.aws_iam_policy_document.rds_enhanced_monitoring.json
......@@ -46,48 +83,50 @@ data "aws_iam_policy_document" "rds_enhanced_monitoring" {
}
}
#####
# DB
#####
################################################################################
# RDS Module
################################################################################
module "db" {
source = "../../"
identifier = "demodb-enhanced-monitoring"
identifier = local.name
engine = "mysql"
engine_version = "5.7.25"
instance_class = "db.t2.large"
allocated_storage = 5
storage_encrypted = false
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "8.0.20"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t3.large"
# kms_key_id = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
name = "demodb"
username = "user"
password = "YourPwdShouldBeLongAndSecure!"
port = "3306"
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
# disable backups to create DB faster
backup_retention_period = 0
name = "completeMysql"
username = "complete_mysql"
password = "YourPwdShouldBeLongAndSecure!"
port = 3306
tags = {
Owner = "user"
Environment = "dev"
}
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["audit", "general"]
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# DB parameter group
family = "mysql5.7"
# Enhanced monitoring
monitoring_interval = 30
monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn
# DB option group
major_engine_version = "5.7"
monitoring_interval = "30"
monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
# Database Deletion Protection
deletion_protection = false
tags = local.tags
}
examples/replica-mysql/README.md
View file @ 5884803f
......@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des
## Providers
| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.
## Modules
......@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| master | ../../ | |
| replica | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.
## Inputs
......
examples/replica-mysql/main.tf
View file @ 5884803f
provider "aws" {
region = "eu-west-1"
region = local.region
}
####################################
# Variables common to both instnaces
####################################
locals {
engine = "mysql"
engine_version = "5.7.19"
instance_class = "db.t2.large"
allocated_storage = 5
port = "3306"
name = "replica-mysql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
engine = "mysql"
engine_version = "8.0.20"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
max_allocated_storage = 100
port = 3306
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Replica MySQL example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 3306
to_port = 3306
protocol = "tcp"
description = "MySQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
###########
################################################################################
# Master DB
###########
################################################################################
module "master" {
source = "../../"
identifier = "demodb-master-mysql"
identifier = "${local.name}-master"
engine = local.engine
engine_version = local.engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
engine = local.engine
engine_version = local.engine_version
family = local.family
major_engine_version = local.major_engine_version
instance_class = local.instance_class
name = "demodb"
username = "user"
allocated_storage = local.allocated_storage
max_allocated_storage = local.max_allocated_storage
storage_encrypted = false
name = "replicaMysql"
username = "replica_mysql"
password = "YourPwdShouldBeLongAndSecure!"
port = local.port
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
multi_az = true
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]
# Backups are required in order to create a replica
backup_retention_period = 1
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
backup_retention_period = 1
final_snapshot_identifier = local.name
deletion_protection = false
create_db_option_group = false
create_db_parameter_group = false
tags = local.tags
}
############
################################################################################
# Replica DB
############
################################################################################
module "replica" {
source = "../../"
identifier = "demodb-replica-mysql"
identifier = "${local.name}-replica"
# Source database. For cross-region use this_db_instance_arn
replicate_source_db = module.master.this_db_instance_id
engine = local.engine
engine_version = local.engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
engine = local.engine
engine_version = local.engine_version
family = local.family
major_engine_version = local.major_engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
max_allocated_storage = local.max_allocated_storage
storage_encrypted = false
# Username and password should not be set for replicas
username = ""
password = ""
port = local.port
vpc_security_group_ids = [data.aws_security_group.default.id]
maintenance_window = "Tue:00:00-Tue:03:00"
backup_window = "03:00-06:00"
multi_az = false
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
multi_az = false
maintenance_window = "Tue:00:00-Tue:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]
# disable backups to create DB faster
backup_retention_period = 0
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# Not allowed to specify a subnet group for replicas in the same region
create_db_subnet_group = false
create_db_subnet_group = false
create_db_option_group = false
create_db_parameter_group = false
tags = local.tags
}
examples/replica-postgres/README.md
View file @ 5884803f
......@@ -26,9 +26,7 @@ Note that this example may create resources which cost money. Run `terraform des
## Providers
| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.
## Modules
......@@ -36,14 +34,12 @@ Note that this example may create resources which cost money. Run `terraform des
|------|--------|---------|
| master | ../../ | |
| replica | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.
## Inputs
......
examples/replica-postgres/main.tf
View file @ 5884803f
provider "aws" {
region = "eu-west-1"
region = local.region
}
####################################
# Variables common to both instnaces
####################################
locals {
engine = "postgres"
engine_version = "9.6.9"
instance_class = "db.t2.large"
allocated_storage = 5
port = "5432"
name = "replica-postgresql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
engine = "postgres"
engine_version = "11.10"
family = "postgres11" # DB parameter group
major_engine_version = "11" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
max_allocated_storage = 100
port = 5432
}
##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
################################################################################
# Supporting Resources
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2"
name = local.name
cidr = "10.99.0.0/18"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]
create_database_subnet_group = true
tags = local.tags
}
data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3"
name = local.name
description = "Replica PostgreSQL example security group"
vpc_id = module.vpc.vpc_id
# ingress
ingress_with_cidr_blocks = [
{
from_port = 5432
to_port = 5432
protocol = "tcp"
description = "PostgreSQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
tags = local.tags
}
###########
################################################################################
# Master DB
###########
################################################################################
module "master" {
source = "../../"
identifier = "demodb-master-postgres"
identifier = "${local.name}-master"
engine = local.engine
engine_version = local.engine_version
family = local.family
major_engine_version = local.major_engine_version
instance_class = local.instance_class
engine = local.engine
engine_version = local.engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
allocated_storage = local.allocated_storage
max_allocated_storage = local.max_allocated_storage
storage_encrypted = false
name = "demodbpostgres"
username = "demouser"
name = "replicaPostgresql"
username = "replica_postgresql"
password = "YourPwdShouldBeLongAndSecure!"
port = local.port
vpc_security_group_ids = [data.aws_security_group.default.id]
multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
# Backups are required in order to create a replica
backup_retention_period = 1
backup_retention_period = 1
final_snapshot_identifier = local.name
deletion_protection = false
# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
create_db_option_group = false
create_db_parameter_group = false
tags = local.tags
}
############
################################################################################
# Replica DB
############
################################################################################
module "replica" {
source = "../../"
identifier = "demodb-replica-postgres"
identifier = "${local.name}-replica"
# Source database. For cross-region use this_db_instance_arn
replicate_source_db = module.master.this_db_instance_id
engine = local.engine
engine_version = local.engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
engine = local.engine
engine_version = local.engine_version
family = local.family
major_engine_version = local.major_engine_version
instance_class = local.instance_class
allocated_storage = local.allocated_storage
max_allocated_storage = local.max_allocated_storage
storage_encrypted = false
# Username and password must not be set for replicas
# Username and password should not be set for replicas
username = ""
password = ""
port = local.port
vpc_security_group_ids = [data.aws_security_group.default.id]
multi_az = false
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]
maintenance_window = "Tue:00:00-Tue:03:00"
backup_window = "03:00-06:00"
maintenance_window = "Tue:00:00-Tue:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
# disable backups to create DB faster
backup_retention_period = 0
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false
# Not allowed to specify a subnet group for replicas in the same region
create_db_subnet_group = false
create_db_option_group = false
create_db_parameter_group = false
tags = local.tags
}
examples/s3-import-mysql/README.md
View file @ 5884803f
......@@ -64,9 +64,9 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | 1.17.0 |
| security_group | terraform-aws-modules/security-group/aws | ~> 3.17 |
| vpc | terraform-aws-modules/vpc/aws | 2.70.0 |
| import_s3_bucket | terraform-aws-modules/s3-bucket/aws | ~> 1 |
| security_group | terraform-aws-modules/security-group/aws | ~> 3 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2 |
## Resources
......
examples/s3-import-mysql/main.tf
View file @ 5884803f
......@@ -21,7 +21,7 @@ resource "random_pet" "this" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "2.70.0"
version = "~> 2"
name = local.name
cidr = "10.0.0.0/18"
......@@ -32,8 +32,6 @@ module "vpc" {
database_subnets = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"]
create_database_subnet_group = true
enable_nat_gateway = true
single_nat_gateway = true
enable_dns_hostnames = true
enable_dns_support = true
......@@ -44,7 +42,7 @@ module "vpc" {
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3.17"
version = "~> 3"
name = local.name
description = "S3 import VPC example security group"
......@@ -85,7 +83,7 @@ module "security_group" {
module "import_s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "1.17.0"
version = "~> 1"
bucket = "${local.name}-${random_pet.this.id}"
acl = "private"
......@@ -161,18 +159,21 @@ module "db" {
identifier = local.name
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "8.0.20"
family = "mysql8.0"
major_engine_version = "8.0"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
storage_encrypted = false
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false
name = "s3Import"
username = "s3_import_user"
password = "YourPwdShouldBeLongAndSecure!"
port = "3306"
port = 3306
# S3 import https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html
s3_import = {
......@@ -193,8 +194,5 @@ module "db" {
final_snapshot_identifier = local.name
deletion_protection = false
tags = {
Owner = "user"
Environment = "dev"
}
tags = local.tags
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment