/
rds.tf
101 lines (91 loc) · 4.05 KB
/
rds.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#####################
# RDS Single Instance
#####################
resource "aws_db_instance" "this" {
count = var.use_aurora || var.disable_db ? 0 : 1
allocated_storage = var.database_storage_size
apply_immediately = var.database_apply_immediately
backup_retention_period = var.database_backup_retention
backup_window = var.database_backup_window
ca_cert_identifier = var.database_ca_cert
db_subnet_group_name = aws_db_subnet_group.this.name
deletion_protection = var.database_deletion_protection
enabled_cloudwatch_logs_exports = var.database_log_types
engine = var.database_engine
engine_version = var.database_engine_version
identifier = var.namespace
instance_class = var.database_instance_type
monitoring_interval = var.database_monitoring_interval
multi_az = var.database_multi_az
name = var.database_name
password = var.database_password
publicly_accessible = var.database_publicly_accessible
skip_final_snapshot = var.database_skip_final_snapshot
storage_encrypted = var.database_storage_encrypted
storage_type = var.database_storage_type
username = var.database_username
vpc_security_group_ids = [module.vpc.default_security_group_id, aws_security_group.database.id]
tags = var.tags
}
####################
# RDS Aurora Cluster
####################
resource "aws_rds_cluster" "this" {
count = var.use_aurora && ! var.disable_db ? 1 : 0
cluster_identifier = var.namespace
engine = var.database_engine
engine_version = var.database_engine_version
availability_zones = module.vpc.azs
database_name = var.database_name
master_username = var.database_username
master_password = var.database_password
db_subnet_group_name = aws_db_subnet_group.this.name
apply_immediately = true
deletion_protection = var.database_deletion_protection
skip_final_snapshot = var.database_skip_final_snapshot
backup_retention_period = var.database_backup_retention
preferred_backup_window = var.database_backup_window
storage_encrypted = var.database_storage_encrypted
vpc_security_group_ids = [module.vpc.default_security_group_id, aws_security_group.database.id]
tags = var.tags
}
resource "aws_rds_cluster_instance" "this" {
count = var.use_aurora && ! var.disable_db ? var.database_instance_count : 0
engine = var.database_engine
engine_version = var.database_engine_version
identifier = "${var.namespace}-0${count.index + 1}"
cluster_identifier = aws_rds_cluster.this[0].id
instance_class = var.database_instance_type
db_subnet_group_name = aws_db_subnet_group.this.name
tags = var.tags
}
# resource "aws_rds_cluster_endpoint" "writer" {
# count = var.use_aurora ? var.database_instance_count : 0
# cluster_identifier = "${aws_rds_cluster.default.id}"
# cluster_endpoint_identifier = "reader"
# custom_endpoint_type = "READER"
# excluded_members = [
# "${aws_rds_cluster_instance.test1.id}",
# "${aws_rds_cluster_instance.test2.id}",
# ]
# }
################################
# Route53 CNAME for RDS Endpoint
################################
resource "aws_route53_record" "postgres" {
count = var.disable_db ? 0 : 1
zone_id = local.zone_id
name = "postgres"
type = "CNAME"
ttl = "300"
records = length(aws_db_instance.this) >= 1 ? [aws_db_instance.this[0].address] : [aws_rds_cluster.this[0].endpoint]
}
####################
# RDS - Subnet Group
####################
resource "aws_db_subnet_group" "this" {
name = var.namespace
description = "RDS - ${var.namespace} Subnet Group"
subnet_ids = module.vpc.database_subnets
tags = var.tags
}