k8s-cluster/terraform/testbed/modules/main/aurora.tf


module "aurora" {
  source = "../aurora"

  name           = "${var.prefix}-${var.cluster_name}"
  engine         = "aurora-mysql"
  engine_version = var.engine_version


  instances = {
    for i in range(var.num_of_instances) : tostring(i) => {
      instance_class = var.instance_type
    }
  }
  monitoring_interval           = 60
  iam_role_use_name_prefix = false
  iam_role_name = "${var.prefix}-rds-monitoring-role"
  kms_key_id = module.kms.key_arn
  vpc_id     = module.vpc.vpc_id
  subnets    = module.vpc.database_subnets

  database_name                     = var.database_name
  create_db_cluster_parameter_group = var.create_db_cluster_parameter_group
  db_cluster_parameter_group_family = var.parameter_group_family
  db_cluster_parameter_group_name   = var.cluster_name

  availability_zones              = var.azs
  enabled_cloudwatch_logs_exports = var.cloud_watch_exports
  master_password                 = random_password.password.result
  master_username                 = var.db_master_username
  create_random_password          = false
  allowed_security_groups         = [module.eks_cluster.security_group_id]
}

############### SECRET MANAGER ######################


data "aws_secretsmanager_secret" "secretmasterdb" {
  arn = aws_secretsmanager_secret.secretmasterdb.arn
}

data "aws_secretsmanager_secret_version" "creds" {
  secret_id  = data.aws_secretsmanager_secret.secretmasterdb.arn
  depends_on = [aws_secretsmanager_secret_version.sversion]
}

locals {
  db_creds = jsondecode(data.aws_secretsmanager_secret_version.creds.secret_string)
}

resource "random_password" "password" {
  length           = 24
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "random_integer" "random" {
  min = 100
  max = 999
}

resource "aws_secretsmanager_secret" "secretmasterdb" {
  name       = "${var.prefix}-${var.db_master_username}-${random_integer.random.result}"
  kms_key_id = module.kms.key_arn
}

resource "aws_secretsmanager_secret_version" "sversion" {
  secret_id     = aws_secretsmanager_secret.secretmasterdb.id
  secret_string = <<EOF
{
"username": "${var.db_master_username}",
"password": "${random_password.password.result}",
"engine": "aurora-mysql",
"host": "${module.aurora.cluster_endpoint}",
"port": "${module.aurora.cluster_port}",
"dbClusterIdentifier": "${var.database_name}"
}
EOF
}
import from rtg 2024-05-17 22:03:38 -04:00
			`module "aurora" {`
			`source = "../aurora"`

			`name = "${var.prefix}-${var.cluster_name}"`
			`engine = "aurora-mysql"`
			`engine_version = var.engine_version`


			`instances = {`
			`for i in range(var.num_of_instances) : tostring(i) => {`
			`instance_class = var.instance_type`
			`}`
			`}`
			`monitoring_interval = 60`
			`iam_role_use_name_prefix = false`
			`iam_role_name = "${var.prefix}-rds-monitoring-role"`
			`kms_key_id = module.kms.key_arn`
			`vpc_id = module.vpc.vpc_id`
			`subnets = module.vpc.database_subnets`

			`database_name = var.database_name`
			`create_db_cluster_parameter_group = var.create_db_cluster_parameter_group`
			`db_cluster_parameter_group_family = var.parameter_group_family`
			`db_cluster_parameter_group_name = var.cluster_name`

			`availability_zones = var.azs`
			`enabled_cloudwatch_logs_exports = var.cloud_watch_exports`
			`master_password = random_password.password.result`
			`master_username = var.db_master_username`
			`create_random_password = false`
			`allowed_security_groups = [module.eks_cluster.security_group_id]`
			`}`

			`############### SECRET MANAGER ######################`


			`data "aws_secretsmanager_secret" "secretmasterdb" {`
			`arn = aws_secretsmanager_secret.secretmasterdb.arn`
			`}`

			`data "aws_secretsmanager_secret_version" "creds" {`
			`secret_id = data.aws_secretsmanager_secret.secretmasterdb.arn`
			`depends_on = [aws_secretsmanager_secret_version.sversion]`
			`}`

			`locals {`
			`db_creds = jsondecode(data.aws_secretsmanager_secret_version.creds.secret_string)`
			`}`

			`resource "random_password" "password" {`
			`length = 24`
			`override_special = "!#$%&*()-_=+[]{}<>:?"`
			`}`

			`resource "random_integer" "random" {`
			`min = 100`
			`max = 999`
			`}`

			`resource "aws_secretsmanager_secret" "secretmasterdb" {`
			`name = "${var.prefix}-${var.db_master_username}-${random_integer.random.result}"`
			`kms_key_id = module.kms.key_arn`
			`}`

			`resource "aws_secretsmanager_secret_version" "sversion" {`
			`secret_id = aws_secretsmanager_secret.secretmasterdb.id`
			`secret_string = <<EOF`
			`{`
			`"username": "${var.db_master_username}",`
			`"password": "${random_password.password.result}",`
			`"engine": "aurora-mysql",`
			`"host": "${module.aurora.cluster_endpoint}",`
			`"port": "${module.aurora.cluster_port}",`
			`"dbClusterIdentifier": "${var.database_name}"`
			`}`
			`EOF`
			`}`