techiescamp · techiescamp · Jul 13, 2023 · Jul 13, 2023
diff --git a/README.md b/README.md
@@ -15,26 +15,17 @@ terraform destroy \
     -backend-config="region=us-west-2" \
     -backend-config="dynamodb_table=terraform-state-lock"
 
+## RDS DB
 
-## Requirements
-
-1. Create VPC (10.0.0.0/16)
-2. Create Subnets
-    - Public Subnets (For LB)
-        - 10.0.1.0/24
-        - 10.0.2.0/24
-        - 10.0.3.0/24
-    - App Subnetes (Private Subnet)
-        - 10.0.4.0/24
-        - 10.0.5.0/24
-        - 10.0.6.0/24
-    - DB Subnetes (Priavet Subnet)
-        - 10.0.7.0/24
-        - 10.0.8.0/24
-        - 10.0.9.0/24
-3. Public subnets can talk to app subnets (only on specific ports using NAC) not DB subnets.
-4. App Subnets can talk to DB subnets (On specify ports using NACL)
+cd into environments/dev/rds directory and run the following commands:
 
+terraform init
+
+terraform plan -var-file=../../../vars/dev/rds.tfvars
+
+terraform apply -var-file=../../../vars/dev/rds.tfvars
+
+terraform destroy -var-file=../../../vars/dev/rds.tfvars
 
 ## Command Reference
 

diff --git a/environments/dev/rds/main.tf b/environments/dev/rds/main.tf
@@ -3,16 +3,26 @@ provider "aws" {
 }
 
 module "rds" {
-  source            = "../../../modules/rds"
-  region            = var.region
-  owner             = var.owner
-  cost_center       = var.cost_center
-  environment       = var.environment
-  db_username       = var.db_username
+  source                      = "../../../modules/rds"
+  region                      = var.region
+  db_username                 = var.db_username
   set_secret_manager_password = var.set_secret_manager_password
-  set_db_password = var.set_db_password
-  db_password       = var.db_password
-  db_name           = var.db_name
-  db_instance_class = var.db_instance_class
-  parameter_name    = var.parameter_name
+  set_db_password             = var.set_db_password
+  db_password                 = var.db_password
+  db_name                     = var.db_name
+  db_instance_class           = var.db_instance_class
+  db_storage_size             = var.db_storage_size
+  sg_name                     = var.sg_name
+  cidr_block                  = var.cidr_block
+  backup_retention_period     = var.backup_retention_period
+  multi_az                    = var.multi_az
+  delete_automated_backups    = var.delete_automated_backups
+  copy_tags_to_snapshot       = var.copy_tags_to_snapshot
+  publicly_accessible         = var.publicly_accessible
+  skip_final_snapshot         = var.skip_final_snapshot
+  apply_immediately           = var.apply_immediately
+  owner                       = var.owner
+  cost_center                 = var.cost_center
+  environment                 = var.environment
+  application                 = var.application
 }
diff --git a/environments/dev/rds/variables.tf b/environments/dev/rds/variables.tf
@@ -23,6 +23,21 @@ variable "owner" {
   description = "Name of the owner for this RDS"
 }
 
+variable "application" {
+  type        = string
+  description = "Name of the application"
+}
+
+variable "sg_name" {
+  type        = string
+  description = "RDS security group name"
+}
+
+variable "cidr_block" {
+  type    = list(string)
+  description = "CIDR block for RDS security group"
+}
+
 variable "cost_center" {
   type        = string
   description = "Name of cost-center for this RDS"
@@ -54,12 +69,47 @@ variable "db_instance_class" {
   type    = string
 }
 
-variable "parameter_name" {
-  description = "The RDS instance class"
-  type    = string
-}
-
 variable "set_db_password" {
   description = "Condition to check for custom password"
   type = string
-}
+}
+
+variable "db_storage_size" {
+  description = "The allocated storage size for the RDS instance."
+  type        = number
+}
+
+variable "backup_retention_period" {
+  description = "The number of days to retain automated backups."
+  type        = number
+}
+
+variable "multi_az" {
+  description = "Enable multi-AZ deployment for the RDS instance."
+  type        = bool
+}
+
+variable "delete_automated_backups" {
+  description = "Enable deletion of automated backups when the RDS instance is deleted."
+  type        = bool
+}
+
+variable "copy_tags_to_snapshot" {
+  description = "Copy tags to DB snapshots created from the RDS instance."
+  type        = bool
+}
+
+variable "publicly_accessible" {
+  description = "Allow the RDS instance to be publicly accessible."
+  type        = bool
+}
+
+variable "skip_final_snapshot" {
+  description = "Skip the creation of a final DB snapshot when the RDS instance is deleted."
+  type        = bool
+}
+
+variable "apply_immediately" {
+  description = "Apply changes immediately to the RDS instance."
+  type        = bool
+}
diff --git a/modules/rds/main.tf b/modules/rds/main.tf
@@ -1,20 +1,20 @@
 # Create a DB security group
 resource "aws_security_group" "rds_security_group" {
-  name        = "rds-security-group"
+  name        = var.sg_name
   description = "Security group for RDS instance"
 
   ingress {
     from_port   = 3306
     to_port     = 3306
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = var.cidr_block
   }
 
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = var.cidr_block
   }
 
   tags = merge(
@@ -23,7 +23,7 @@ resource "aws_security_group" "rds_security_group" {
       Environment = var.environment,
       Owner       = var.owner,
       CostCenter  = var.cost_center,
-      Application = "petclinic-rds-sg"
+      Application = var.application,
     },
     var.tags
   )
@@ -33,28 +33,29 @@ resource "aws_db_instance" "rds_instance" {
   identifier                  = var.db_name
   engine                      = "mysql"
   instance_class              = var.db_instance_class
-  allocated_storage           = 10
+  allocated_storage           = var.db_storage_size
   storage_type                = "gp2"
   # manage_master_user_password = var.set_secret_manager_password ? true : false
   manage_master_user_password = var.set_secret_manager_password ? true : null
   username                    = var.db_username
   password                    = var.set_db_password ? var.db_password : null
   db_subnet_group_name        = "default"
   vpc_security_group_ids      = [aws_security_group.rds_security_group.id]
-  backup_retention_period     = 7
-  delete_automated_backups    = true
-  copy_tags_to_snapshot       = true
-  publicly_accessible         = true
-  skip_final_snapshot         = true
-  apply_immediately           = true
+  backup_retention_period     = var.backup_retention_period
+  multi_az                    = var.multi_az
+  delete_automated_backups    = var.delete_automated_backups
+  copy_tags_to_snapshot       = var.copy_tags_to_snapshot
+  publicly_accessible         = var.publicly_accessible
+  skip_final_snapshot         = var.skip_final_snapshot
+  apply_immediately           = var.apply_immediately
 
   tags = merge(
   {
     Name        = "petclinic-rds"
     Environment = var.environment,
     Owner       = var.owner,
     CostCenter  = var.cost_center,
-    Application = "pet-clinic"
+    Application = var.application,
   },
   var.tags
  )
@@ -63,17 +64,4 @@ resource "aws_db_instance" "rds_instance" {
 # Data source to retrieve RDS endpoint
 data "aws_db_instance" "rds_instance" {
   db_instance_identifier = aws_db_instance.rds_instance.id
-}
-
-
-# resource "aws_ssm_parameter" "rds_endpoint" {
-#   name  = var.parameter_name
-#   type  = "String"
-#   value = data.aws_db_instance.rds_instance.endpoint
-# }
-
-# resource "local_file" "password_file" {
-#   count      = var.manage_master_user_password ? 0 : 1
-#   filename   = "password.txt"
-#   content    = var.db_password
-# }
+}
diff --git a/modules/rds/outputs.tf b/modules/rds/outputs.tf
@@ -0,0 +1,4 @@
+output "rds_instance_endpoint" {
+  value = data.aws_db_instance.rds_instance.endpoint
+  description = "RDS endpoint"
+}
diff --git a/modules/rds/variables.tf b/modules/rds/variables.tf
@@ -23,11 +23,26 @@ variable "owner" {
   description = "Name of the owner for this RDS"
 }
 
+variable "application" {
+  type        = string
+  description = "Name of the application"
+}
+
 variable "cost_center" {
   type        = string
   description = "Name of cost-center for this RDS"
 }
 
+variable "sg_name" {
+  type        = string
+  description = "RDS security group name"
+}
+
+variable "cidr_block" {
+  type    = list(string)
+  description = "CIDR block for RDS security group"
+}
+
 variable "db_username" {
   description = "The username for the RDS database"
   type    = string
@@ -54,12 +69,47 @@ variable "db_instance_class" {
   type    = string
 }
 
-variable "parameter_name" {
-  description = "The RDS instance class"
-  type    = string
-}
-
 variable "set_db_password" {
   description = "Condition to check for custom password"
   type = string
-}
+}
+
+variable "db_storage_size" {
+  description = "The allocated storage size for the RDS instance."
+  type        = number
+}
+
+variable "backup_retention_period" {
+  description = "The number of days to retain automated backups."
+  type        = number
+}
+
+variable "multi_az" {
+  description = "Enable multi-AZ deployment for the RDS instance."
+  type        = bool
+}
+
+variable "delete_automated_backups" {
+  description = "Enable deletion of automated backups when the RDS instance is deleted."
+  type        = bool
+}
+
+variable "copy_tags_to_snapshot" {
+  description = "Copy tags to DB snapshots created from the RDS instance."
+  type        = bool
+}
+
+variable "publicly_accessible" {
+  description = "Allow the RDS instance to be publicly accessible."
+  type        = bool
+}
+
+variable "skip_final_snapshot" {
+  description = "Skip the creation of a final DB snapshot when the RDS instance is deleted."
+  type        = bool
+}
+
+variable "apply_immediately" {
+  description = "Apply changes immediately to the RDS instance."
+  type        = bool
+}