Merge pull request #12 from Guysnacho/22-Build-DB

22 Build DB
Guysnacho · Sep 15, 2024 · aa86acc · aa86acc
2 parents f431be1 + 622f7f4
commit aa86acc
Show file tree

Hide file tree

Showing 6 changed files with 168 additions and 5 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -27,7 +27,7 @@ jobs:
       - name: 🏗️ Terraform Apply
         run: |
           cd terraform
-          terraform apply -auto-approve -var="bucket-name=${{ secrets.S3_BUCKET }}"
+          terraform apply -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" -auto-approve
       - run: echo ${{ steps.plan.outputs.stdout }}
       - run: echo ${{ steps.plan.outputs.stderr }}
       - run: echo ${{ steps.plan.outputs.exitcode }}

diff --git a/.github/workflows/predeploy.yml b/.github/workflows/predeploy.yml
@@ -28,7 +28,7 @@ jobs:
       - name: 🏗️ Terraform Plan
         run: |
           cd terraform
-          terraform plan -var="bucket-name=${{ secrets.S3_BUCKET }}" # -auto-approve
+          terraform plan -var="bucket-name=${{ secrets.S3_BUCKET }}" -var="db-name=${{ secrets.DB_NAME }}" # -auto-approve
       - run: echo ${{ steps.plan.outputs.stdout }}
       - run: echo ${{ steps.plan.outputs.stderr }}
       - run: echo ${{ steps.plan.outputs.exitcode }}

diff --git a/terraform/db.tf b/terraform/db.tf
@@ -0,0 +1,49 @@
+module "db" {
+  source  = "terraform-aws-modules/rds/aws"
+  version = "6.9.0"
+
+  identifier = "storefront-db"
+
+  engine               = "postgres"
+  family               = "postgres16" # DB parameter group
+  engine_version       = "16"
+  major_engine_version = "16" # DB option group
+  instance_class       = "db.m5.large"
+
+  allocated_storage     = 5
+  max_allocated_storage = 7
+
+  db_name = var.db-name
+  port    = 5432
+  # Uncomment to manually set db auth via pipeline params
+  username = "storefront_admin"
+  # username = var.db-username
+  # password                    = var.db-password
+  # manage_master_user_password = false
+
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  create_cloudwatch_log_group     = true
+  storage_type                    = "gp2"
+
+  db_subnet_group_name        = module.vpc.database_subnet_group
+  vpc_security_group_ids      = [module.security_group.security_group_id]
+  subnet_ids                  = module.vpc.database_subnets
+  db_subnet_group_description = "DB Subnet"
+  publicly_accessible         = true
+  network_type                = "IPV4"
+
+  depends_on = [module.vpc]
+  # Databases using Secrets Manager are not currently supported for Blue Green Deployments
+  # blue_green_update = {
+  #   enabled = true
+  # }
+  # parameters = [
+  #   # required for blue-green deployment
+  #   {
+  #     name         = "rds.logical_replication"
+  #     value        = 1
+  #     apply_method = "pending-reboot"
+  #   }
+  # ]
+  skip_final_snapshot = true
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -1,11 +1,47 @@
 output "s3_bucket-region" {
   value       = module.s3_bucket.s3_bucket_region
   description = "Current S3 region"
-  sensitive = true
+  sensitive   = true
 }
 
 output "s3_bucket-arn" {
   value       = module.s3_bucket.s3_bucket_arn
   description = "Current S3 arn"
-  sensitive = true
+  sensitive   = true
 }
+
+output "db-arn" {
+  value       = module.db.db_instance_arn
+  description = "DB arn"
+  sensitive   = true
+}
+
+output "db-domain-ips" {
+  value       = module.db.db_instance_domain_dns_ips
+  description = "DB domain ips"
+  sensitive   = false
+}
+
+output "db-port" {
+  value       = module.db.db_instance_port
+  description = "DB port"
+  sensitive   = true
+}
+
+output "db-endpoint" {
+  value       = module.db.db_instance_endpoint
+  description = "DB endpoint"
+  sensitive   = false
+}
+
+output "db-status" {
+  value       = module.db.db_instance_status
+  description = "DB status"
+  sensitive   = true
+}
+
+# output "db-username" {
+#   value       = module.db.db_instance_username
+#   description = "DB username"
+#   sensitive   = true
+# }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -3,4 +3,25 @@ variable "bucket-name" {
   type        = string
   default     = "bucketName"
   sensitive   = true
-}
+}
+
+variable "db-name" {
+  description = "The name of our db"
+  type        = string
+  default     = "storefront"
+  sensitive   = true
+}
+
+# variable "db-username" {
+#   description = "The username of our db user"
+#   type        = string
+#   default     = "username"
+#   sensitive   = true
+# }
+
+# variable "db-password" {
+#   description = "The password of our db user"
+#   type        = string
+#   default     = "top_secret"
+#   sensitive   = true
+# }
diff --git a/terraform/vpc.tf b/terraform/vpc.tf
@@ -0,0 +1,57 @@
+locals {
+  # vpc_cidr = "10.0.0.0/16"
+  vpc_cidr = "192.0.0.0/16"
+  port     = 5432
+  azs      = ["us-west-2a", "us-west-2b"]
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "5.13.0"
+
+  name = "storefront_vpc"
+  cidr = local.vpc_cidr
+
+  azs              = local.azs
+  public_subnets   = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+  private_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 3)]
+  database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 6)]
+
+  create_database_internet_gateway_route = true
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "5.2.0"
+
+  name        = "storefront_security_group"
+  description = "Complete PostgreSQL example security group"
+  vpc_id      = module.vpc.vpc_id
+
+
+  # ingress
+  ingress_with_cidr_blocks = [
+    {
+      action      = "allow"
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "tcp"
+      rule_action = "allow"
+      rule_number = 100
+      description = "PostgreSQL ingress access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+  egress_with_cidr_blocks = [
+    {
+      action      = "allow"
+      from_port   = 5432
+      to_port     = 5432
+      protocol    = "-1"
+      rule_action = "allow"
+      rule_number = 100
+      description = "PostgreSQL egress access from within VPC"
+      cidr_blocks = module.vpc.vpc_cidr_block
+    },
+  ]
+}