Merge pull request #14 from Guysnacho/22-Build-DB

22 - Build DB [ Part 3: Networking Strikes Back ]
Guysnacho · Sep 17, 2024 · 9f1a2d2 · 9f1a2d2
2 parents 8300a64 + df094f0
commit 9f1a2d2
Show file tree

Hide file tree

Showing 6 changed files with 108 additions and 51 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -27,7 +27,7 @@ jobs:
       - name: 🏗️ Terraform Apply
         run: |
           cd terraform
-          terraform apply -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" -auto-approve
+          terraform apply -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" -var="db-name=${{ secrets.DB_USER }}" -auto-approve
       - run: echo ${{ steps.plan.outputs.stdout }}
       - run: echo ${{ steps.plan.outputs.stderr }}
       - run: echo ${{ steps.plan.outputs.exitcode }}

diff --git a/.github/workflows/predeploy.yml b/.github/workflows/predeploy.yml
@@ -28,7 +28,7 @@ jobs:
       - name: 🏗️ Terraform Plan
         run: |
           cd terraform
-          terraform plan -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" # -auto-approve
+          terraform plan -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" -var="db-name=${{ secrets.DB_USER }}" # -auto-approve
       - run: echo ${{ steps.plan.outputs.stdout }}
       - run: echo ${{ steps.plan.outputs.stderr }}
       - run: echo ${{ steps.plan.outputs.exitcode }}

diff --git a/terraform/db.tf b/terraform/db.tf
@@ -1,38 +1,90 @@
 module "db" {
-  source  = "terraform-aws-modules/rds/aws"
-  version = "6.9.0"
+  source = "terraform-aws-modules/rds-aurora/aws"
 
-  identifier = "storefront-db"
+  name          = "aurora-storefront-db"
+  database_name = var.db-name
 
-  engine               = "postgres"
-  family               = "postgres16" # DB parameter group
-  engine_version       = "16"
-  major_engine_version = "16" # DB option group
-  instance_class       = "db.m5.large"
+  engine         = "aurora-postgresql"
+  engine_mode    = "provisioned"
+  engine_version = "14.7"
+  instance_class = "db.serverless"
 
-  allocated_storage     = 5
-  max_allocated_storage = 7
+  vpc_id = module.vpc.vpc_id
+
+  security_group_rules = {
+    vpc_ingress = {
+      type        = "ingress"
+      cidr_blocks = ["0.0.0.0/0"]
+      # cidr_blocks = module.vpc.database_subnets_cidr_blocks
+    }
+    egress_example = {
+      type        = "egress"
+      cidr_blocks = ["0.0.0.0/0"]
+      description = "Egress to anywhwere"
+      # cidr_blocks = ["10.33.0.0/28"]
+      # description = "Egress to corporate printer closet"
+    }
+  }
+
+  autoscaling_min_capacity = 1
+  autoscaling_max_capacity = 2
+  autoscaling_target_cpu   = 40
+  serverlessv2_scaling_configuration = {
+    max_capacity = 80
+    min_capacity = 30
+  }
+
+  autoscaling_enabled             = true
+  db_cluster_activity_stream_mode = "async"
+  instances = {
+    1 = {
+      instance_class            = "db.serverless"
+      db_parameter_group_name   = "default.aurora-postgresql14"
+      db_cluster_instance_class = "db.m5.large"
+    }
+    # 2 = {
+    #   identifier     = "static-member-1"
+    #   instance_class = "db.serverless"
+    # }
+    # 3 = {
+    #   identifier     = "excluded-member-1"
+    #   instance_class = "db.serverless"
+    # }
+  }
+
+  # endpoints = {
+  #   static = {
+  #     identifier     = "static-custom-endpt"
+  #     type           = "ANY"
+  #     static_members = ["static-member-1"]
+  #     tags           = { Endpoint = "static-members" }
+  #   }
+  #   excluded = {
+  #     identifier       = "excluded-custom-endpt"
+  #     type             = "READER"
+  #     excluded_members = ["excluded-member-1"]
+  #     tags             = { Endpoint = "excluded-members" }
+  #   }
+  # }
 
-  db_name  = var.db-name
-  port     = 5432
-  username = "storefront_admin"
   # Uncomment to manually set db auth via pipeline params
-  # username = var.db-username
-  # password                    = var.db-password
-  # manage_master_user_password = false
+  master_username = var.db-username
+  # master_password = var.db-password
+  manage_master_user_password = true
 
   enabled_cloudwatch_logs_exports = ["postgresql"]
   create_cloudwatch_log_group     = true
-  storage_type                    = "gp2"
+  storage_type                    = "aurora"
+
+  db_subnet_group_name   = aws_db_subnet_group.public.name
+  vpc_security_group_ids = [module.security_group.security_group_id]
+  subnets                = module.vpc.public_subnets
 
-  db_subnet_group_name        = module.vpc.database_subnet_group_name
-  vpc_security_group_ids      = [module.security_group.security_group_id]
-  subnet_ids                  = module.vpc.database_subnets
-  db_subnet_group_description = "DB Subnet"
-  publicly_accessible         = true
-  network_type                = "IPV4"
-  putin_khuylo                = true
+  publicly_accessible = true
+  network_type        = "IPV4"
+  putin_khuylo        = true
 
+  storage_encrypted   = true
   skip_final_snapshot = true
   apply_immediately   = true
   depends_on          = [module.vpc]
@@ -89,3 +141,12 @@ module "security_group" {
     }
   ]
 }
+
+resource "aws_db_subnet_group" "public" {
+  name       = "public_db"
+  subnet_ids = module.vpc.public_subnets
+
+  tags = {
+    Name = "Public"
+  }
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -11,37 +11,31 @@ output "s3_bucket-arn" {
 }
 
 output "db-arn" {
-  value       = module.db.db_instance_arn
-  description = "DB arn"
-  sensitive   = true
-}
-
-output "db-status" {
-  value       = module.db.db_instance_status
-  description = "DB status"
+  value       = module.db.cluster_arn
+  description = "DB cluster arn"
   sensitive   = true
 }
 
 output "db-port" {
-  value       = module.db.db_instance_port
-  description = "DB port"
+  value       = module.db.cluster_port
+  description = "DB cluster port"
   sensitive   = true
 }
 
 output "db-username" {
-  value       = module.db.db_instance_username
-  description = "DB username"
+  value       = module.db.cluster_master_username
+  description = "DB cluster username"
   sensitive   = true
 }
 
 output "db-endpoint" {
-  value       = module.db.db_instance_endpoint
-  description = "DB endpoint"
-  sensitive   = false
+  value       = module.db.cluster_endpoint
+  description = "DB cluster endpoint"
+  sensitive   = true
 }
 
-output "db-address" {
-  value       = module.db.db_instance_address
-  description = "DB address"
+output "db-name" {
+  value       = module.db.cluster_database_name
+  description = "DB cluster address"
   sensitive   = true
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -12,12 +12,12 @@ variable "db-name" {
   sensitive   = true
 }
 
-# variable "db-username" {
-#   description = "The username of our db user"
-#   type        = string
-#   default     = "username"
-#   sensitive   = true
-# }
+variable "db-username" {
+  description = "The username of our db user"
+  type        = string
+  default     = "username"
+  sensitive   = true
+}
 
 # variable "db-password" {
 #   description = "The password of our db user"

diff --git a/terraform/vpc.tf b/terraform/vpc.tf
@@ -32,5 +32,7 @@ module "vpc" {
   enable_dns_hostnames                   = true
   enable_dns_support                     = true
   create_database_internet_gateway_route = true
-  # create_database_nat_gateway_route      = true
+  create_database_nat_gateway_route      = true
+  enable_nat_gateway                     = true
+  enable_vpn_gateway                     = true
 }