create kea backend rds

tf/core/rds.tf

@@ -0,0 +1,7 @@
+resource "aws_db_subnet_group" "rk-private" {
+  name = "rk-private"
+  subnet_ids = [
+    aws_subnet.c_private.id,
+    aws_subnet.d_private.id,
+  ]
+}

tf/dhcp/backend.tf

@@ -5,3 +5,12 @@ terraform {
     key    = "terraform/nw-dhcp.tfstate"
   }
 }
+
+data "terraform_remote_state" "k8s" {
+  backend = "s3"
+  config = {
+    bucket = "rk-infra"
+    region = "ap-northeast-1"
+    key    = "terraform/nw-k8s.tfstate"
+  }
+}

tf/dhcp/rds.tf

@@ -0,0 +1,68 @@
+resource "aws_rds_cluster" "kea" {
+  cluster_identifier = "kea1"
+  engine             = "aurora-mysql"
+  engine_version     = "8.0.mysql_aurora.3.02.0"
+
+  database_name = "kea"
+
+  master_username = "rk"
+  master_password = "himitsudayo"
+
+  db_subnet_group_name = "rk-private"
+
+  vpc_security_group_ids = [aws_security_group.kea-db.id]
+
+  backup_retention_period = 2
+  preferred_backup_window = "12:00-14:00"
+
+  final_snapshot_identifier = "kea22-final"
+
+  apply_immediately = true
+}
+
+
+resource "aws_rds_cluster_instance" "kea-001" {
+  identifier         = "kea-001"
+  cluster_identifier = aws_rds_cluster.kea.id
+  instance_class     = "db.t4g.medium"
+  engine             = aws_rds_cluster.kea.engine
+  engine_version     = aws_rds_cluster.kea.engine_version
+}
+
+resource "aws_security_group" "kea-db" {
+  name        = "kea-db"
+  description = "rubykaigi-nw tf/kea"
+  vpc_id      = data.aws_vpc.main.id
+}
+
+resource "aws_security_group_rule" "kea-db_k8s-node" {
+  security_group_id        = aws_security_group.kea-db.id
+  type                     = "ingress"
+  from_port                = 3306
+  to_port                  = 3306
+  protocol                 = "tcp"
+  source_security_group_id = data.terraform_remote_state.k8s.outputs.node_security_group
+}
+
+resource "aws_security_group_rule" "kea-db_icmp" {
+  security_group_id = aws_security_group.kea-db.id
+  type              = "ingress"
+  from_port         = -1
+  to_port           = -1
+  protocol          = "icmp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  ipv6_cidr_blocks  = ["::/0"]
+}
+
+data "aws_security_group" "bastion" {
+  vpc_id = data.aws_vpc.main.id
+  name   = "bastion"
+}
+resource "aws_security_group_rule" "kea-db_bastion" {
+  security_group_id        = aws_security_group.kea-db.id
+  type                     = "ingress"
+  from_port                = 3306
+  to_port                  = 3306
+  protocol                 = "tcp"
+  source_security_group_id = data.aws_security_group.bastion.id
+}

tf/dhcp/vpc.tf

@@ -0,0 +1,3 @@
+data "aws_vpc" "main" {
+  id = "vpc-004eca6fe0bf3494d"
+}

tf/k8s/outputs.tf

@@ -0,0 +1,3 @@
+output "node_security_group" {
+  value = module.cluster.config.node_security_group
+}

tf/k8s/sg.tf

@@ -1,8 +1,10 @@
 data "aws_security_group" "elb_http" {
-  name = "elb-http"
+  name   = "elb-http"
+  vpc_id = data.aws_vpc.main.id
 }
 data "aws_security_group" "bastion" {
-  name = "bastion"
+  name   = "bastion"
+  vpc_id = data.aws_vpc.main.id
 }
 resource "aws_security_group_rule" "common-lb-to-node" {
   security_group_id        = module.cluster.config.node_security_group
@@ -12,12 +14,3 @@ resource "aws_security_group_rule" "common-lb-to-node" {
   protocol                 = "tcp"
   source_security_group_id = data.aws_security_group.elb_http.id
 }
-
-resource "aws_security_group_rule" "bastion-to-node" {
-  security_group_id        = module.cluster.config.node_security_group
-  type                     = "ingress"
-  from_port                = 1
-  to_port                  = 65535
-  protocol                 = "tcp"
-  source_security_group_id = data.aws_security_group.bastion.id
-}