79 lines
2.3 KiB
HCL
79 lines
2.3 KiB
HCL
|
|
module "aurora" {
|
|
source = "../aurora"
|
|
|
|
name = "${var.prefix}-${var.cluster_name}"
|
|
engine = "aurora-mysql"
|
|
engine_version = var.engine_version
|
|
|
|
|
|
instances = {
|
|
for i in range(var.num_of_instances) : tostring(i) => {
|
|
instance_class = var.instance_type
|
|
}
|
|
}
|
|
monitoring_interval = 60
|
|
iam_role_use_name_prefix = false
|
|
iam_role_name = "${var.prefix}-rds-monitoring-role"
|
|
kms_key_id = module.kms.key_arn
|
|
vpc_id = module.vpc.vpc_id
|
|
subnets = module.vpc.database_subnets
|
|
|
|
database_name = var.database_name
|
|
create_db_cluster_parameter_group = var.create_db_cluster_parameter_group
|
|
db_cluster_parameter_group_family = var.parameter_group_family
|
|
db_cluster_parameter_group_name = var.cluster_name
|
|
|
|
availability_zones = var.azs
|
|
enabled_cloudwatch_logs_exports = var.cloud_watch_exports
|
|
master_password = random_password.password.result
|
|
master_username = var.db_master_username
|
|
create_random_password = false
|
|
allowed_security_groups = [module.eks_cluster.security_group_id]
|
|
}
|
|
|
|
############### SECRET MANAGER ######################
|
|
|
|
|
|
data "aws_secretsmanager_secret" "secretmasterdb" {
|
|
arn = aws_secretsmanager_secret.secretmasterdb.arn
|
|
}
|
|
|
|
data "aws_secretsmanager_secret_version" "creds" {
|
|
secret_id = data.aws_secretsmanager_secret.secretmasterdb.arn
|
|
depends_on = [aws_secretsmanager_secret_version.sversion]
|
|
}
|
|
|
|
locals {
|
|
db_creds = jsondecode(data.aws_secretsmanager_secret_version.creds.secret_string)
|
|
}
|
|
|
|
resource "random_password" "password" {
|
|
length = 24
|
|
override_special = "!#$%&*()-_=+[]{}<>:?"
|
|
}
|
|
|
|
resource "random_integer" "random" {
|
|
min = 100
|
|
max = 999
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret" "secretmasterdb" {
|
|
name = "${var.prefix}-${var.db_master_username}-${random_integer.random.result}"
|
|
kms_key_id = module.kms.key_arn
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "sversion" {
|
|
secret_id = aws_secretsmanager_secret.secretmasterdb.id
|
|
secret_string = <<EOF
|
|
{
|
|
"username": "${var.db_master_username}",
|
|
"password": "${random_password.password.result}",
|
|
"engine": "aurora-mysql",
|
|
"host": "${module.aurora.cluster_endpoint}",
|
|
"port": "${module.aurora.cluster_port}",
|
|
"dbClusterIdentifier": "${var.database_name}"
|
|
}
|
|
EOF
|
|
}
|