Added IGW route for DB subnets (based on #179)

81895e74 · Anton Babenko · 57604d2e · 81895e74 · 81895e74 · 81895e74
Commit 81895e74 authored Dec 12, 2018 by Anton Babenko
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 1 deletion

README.md README.md +14 -0

main.tf examples/complete-vpc/main.tf +6 -1

main.tf main.tf +12 -0

variables.tf variables.tf +5 -0

No files found.
--- a/README.md
+++ b/README.md
@@ -150,6 +150,19 @@ module "vpc" {
 }
 ```

+## Public access to RDS instances
+
+Sometimes it is handy to have public access to RDS instances (it is not recommended for production) by specifying these arguments:
+
+```hcl
+  create_database_subnet_group           = true
+  create_database_subnet_route_table     = true
+  create_database_internet_gateway_route = true
+
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+```
+
 ## Terraform version

 Terraform version 0.10.3 or newer is required for this module to work.
@@ -170,6 +183,7 @@ Terraform version 0.10.3 or newer is required for this module to work.
 | assign\_generated\_ipv6\_cidr\_block | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block | string | `false` | no |
 | azs | A list of availability zones in the region | list | `[]` | no |
 | cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden | string | `0.0.0.0/0` | no |
+| create\_database\_internet\_gateway\_route | Controls if an internet gateway route for public database access should be created | string | `false` | no |
 | create\_database\_subnet\_group | Controls if database subnet group should be created | string | `true` | no |
 | create\_database\_subnet\_route\_table | Controls if separate route table for database should be created | string | `false` | no |
 | create\_elasticache\_subnet\_route\_table | Controls if separate route table for elasticache should be created | string | `false` | no |

--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -17,13 +17,18 @@ module "vpc" {
  redshift_subnets    = ["10.10.41.0/24", "10.10.42.0/24", "10.10.43.0/24"]
  intra_subnets       = ["10.10.51.0/24", "10.10.52.0/24", "10.10.53.0/24"]

-  create_database_subnet_group = false
+  create_database_subnet_group           = true
+  create_database_subnet_route_table     = true
+  create_database_internet_gateway_route = true

  enable_nat_gateway = true
  single_nat_gateway = true

  enable_vpn_gateway = true

+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
  enable_s3_endpoint       = true
  enable_dynamodb_endpoint = true


--- a/main.tf
+++ b/main.tf
@@ -121,6 +121,18 @@ resource "aws_route_table" "database" {
  tags = "${merge(var.tags, var.database_route_table_tags, map("Name", "${var.name}-${var.database_subnet_suffix}"))}"
 }

+resource "aws_route" "database_internet_gateway" {
+  count = "${var.create_vpc && var.create_database_subnet_route_table && length(var.database_subnets) > 0 && var.create_database_internet_gateway_route ? 1 : 0}"
+
+  route_table_id         = "${aws_route_table.database.id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.this.id}"
+
+  timeouts {
+    create = "5m"
+  }
+}
+
 #################
 # Redshift routes
 #################

--- a/variables.tf
+++ b/variables.tf
@@ -107,6 +107,11 @@ variable "create_database_subnet_group" {
  default     = true
 }

+variable "create_database_internet_gateway_route" {
+  description = "Controls if an internet gateway route for public database access should be created"
+  default     = false
+}
+
 variable "azs" {
  description = "A list of availability zones in the region"
  default     = []