diff --git a/.gitignore b/.gitignore index 155a0ed..1651bdd 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,5 @@ override.tf.json terraform.rc .terraform.lock.hcl + +backend.hcl \ No newline at end of file diff --git a/README.md b/README.md index 2e9dea2..59e5a9c 100644 --- a/README.md +++ b/README.md @@ -4,34 +4,41 @@ Authors: David Wright (dwright@hashicorp.com) and Tony Vattahil (tonynv@amazon.c To deploy the Terraform Amazon Aurora module, do the following: 1. Install Terraform. For instructions and a video tutorial, see [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli). + 2. Sign up and log into Terraform Cloud. (There is a free tier available.) + 3. Configure Terraform Cloud API access. Run the following to generate a Terraform Cloud token from the command line interface: ``` terraform login -Export the TERRAFORM_CONFIG variable + +--For Mac/Linux export TERRAFORM_CONFIG="$HOME/.terraform.d/credentials.tfrc.json" + +--For Windows +export TERRAFORM_CONFIG="$HOME/AppData/Roaming/terraform.d/credentials.tfrc.json" ``` 4. Configure the AWS Command Line Interface (AWS CLI). For more information, see [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html). + 5. If you don't have git installed, [install git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git). + 6. Clone this **aws-ia/terraform-aws-rds-aurora** repository using the following command: - `git clone https://github.com/aws-ia/terraform-aws-rds-aurora` + `git clone https://github.com/aws-ia/terraform-aws-rds-aurora.git` 7. Change directory to the root repository directory. `cd terraform-aws-rds-aurora/` -8. Change to the deploy directory. - - - For a new virtual private cloud (VPC), use `cd setup_workspace`. - - For an existing VPC, pass the VPC ID directly to the module. - -9. To perform operations locally, do the following: +8. For setting up a new terraform workspace: + + - `cd setup_workspace` + - `terraform init` + - `terraform apply` + +9. To create new VPC and deploy Aurora module: + - Change to the deploy directory. Run `cd ../deploy` + - Initialize the deploy directory. Run `terraform init`. + - Start a Terraform run using the configuration files in your deploy directory. Run `terraform apply` or `terraform apply -var-file="$HOME/.aws/terraform.tfvars"` (Note: The deployment is remotely run in Terraform Cloud) - a. Initialize the deploy directory. Run `terraform init`. - b. Start a Terraform run using the configuration files in your deploy directory. Run `terraform apply` or `terraform apply -var-file="$HOME/.aws/terraform.tfvars"`. - -10. Change to the deploy directory with `cd ../deploy`. -11. Run `terraform init`. -12. Run `terraform apply` or Run `terraform apply -var-file="$HOME/.aws/terraform.tfvars"`. `Terraform apply` is remotely run in Terraform Cloud. + For existing VPCs, pass the list of private subnets (var.Private_subnet_ids_p & var.Private_subnet_ids_s) directly to the Aurora module. \ No newline at end of file diff --git a/deploy/main.tf b/deploy/main.tf index 563c045..f416530 100644 --- a/deploy/main.tf +++ b/deploy/main.tf @@ -17,6 +17,10 @@ resource "random_string" "rand4" { upper = false } +###################################### +# Generate Tags +###################################### + module "vpc_label" { source = "aws-ia/label/aws" version = "0.0.2" @@ -32,14 +36,30 @@ module "vpc_label" { # Create VPC ###################################### -module "aurora_vpc" { - source = "aws-ia/vpc/aws" - version = "0.0.2" - region = var.region - cidr = "10.0.0.0/16" - public_subnets = ["10.0.128.0/20", "10.0.144.0/20", "10.0.160.0/20", "10.0.176.0/20", "10.0.240.0/22", "10.0.244.0/22"] - private_subnets_A = ["10.0.0.0/19", "10.0.32.0/19", "10.0.64.0/19", "10.0.96.0/19", "10.0.232.0/22", "10.0.236.0/22"] - tags = module.vpc_label.tags +module "aurora_vpc_p" { + source = "aws-ia/vpc/aws" + version = "0.0.3" + name = "aurora-vpc" + region = var.region + cidr = "10.0.0.0/16" + public_subnets = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"] + private_subnets_A = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"] + enable_dns_hostnames = true + tags = module.vpc_label.tags + create_vpc = true +} + +module "aurora_vpc_s" { + source = "aws-ia/vpc/aws" + version = "0.0.3" + name = "aurora-vpc" + region = var.sec_region + cidr = "10.0.0.0/16" + public_subnets = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"] + private_subnets_A = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"] + enable_dns_hostnames = true + tags = module.vpc_label.tags + create_vpc = var.setup_globaldb ? true : false } ###################################### @@ -47,10 +67,18 @@ module "aurora_vpc" { ###################################### module "aurora" { - depends_on = [module.aurora_vpc] - source = "../" - region = var.region - vpc_id = module.aurora_vpc.vpc_id - password = var.password - tags = module.vpc_label.tags + source = "../" + region = var.region + sec_region = var.sec_region + #vpc_id = module.aurora_vpc.vpc_id + Private_subnet_ids_p = [module.aurora_vpc_p.PrivateSubnet1AID, module.aurora_vpc_p.PrivateSubnet2AID, module.aurora_vpc_p.PrivateSubnet3AID] + Private_subnet_ids_s = var.setup_globaldb ? [module.aurora_vpc_s.PrivateSubnet1AID, module.aurora_vpc_s.PrivateSubnet2AID, module.aurora_vpc_s.PrivateSubnet3AID] : null + engine = var.engine + engine_version_pg = var.engine_version_pg + engine_version_mysql = var.engine_version_mysql + password = var.password + setup_globaldb = var.setup_globaldb + tags = module.vpc_label.tags + monitoring_interval = var.monitoring_interval + storage_encrypted = var.storage_encrypted } \ No newline at end of file diff --git a/deploy/variables.tf b/deploy/variables.tf index f377771..2370158 100644 --- a/deploy/variables.tf +++ b/deploy/variables.tf @@ -1,6 +1,13 @@ variable "region" { - default = "us-west-1" + description = "The name of the primary region you wish to deploy into" + default = "us-east-2" } + +variable "sec_region" { + description = "The name of the secondary region you wish to deploy into" + default = "us-west-2" +} + variable "namespace" { description = "namespace, which could be your organiation name, e.g. amazon" default = "aws" @@ -9,10 +16,6 @@ variable "env" { description = "environment, e.g. 'sit', 'uat', 'prod' etc" default = "dev" } -variable "account" { - description = "account, which could be AWS Account Name or Number" - default = "rds-test" -} variable "name" { description = "deployment name" default = "aurora" @@ -21,17 +24,51 @@ variable "delimiter" { description = "delimiter, which could be used between name, namespace and env" default = "-" } -variable "attributes" { - default = [] - description = "atttributes, which could be used for additional attributes" -} - variable "password" { default = "" - description = "If not password is provided a random password will be generated" + description = "If no password is provided, a random password will be generated" } variable "tags" { default = {} description = "tags, which could be used for additional tags" } +variable "engine" { + description = "Aurora database engine type: aurora, aurora-mysql, aurora-postgresql" + type = string + default = "aurora-postgresql" + #default = "aurora-mysql" +} + +variable "engine_version_pg" { + description = "Aurora database engine version." + type = string + default = "12.4" +} + +variable "engine_version_mysql" { + description = "Aurora database engine version." + type = string + default = "5.7.mysql_aurora.2.10.0" +} + +variable "setup_globaldb" { + description = "Setup Aurora Global Database with 1 Primary and 1 X-region Secondary cluster" + type = bool + default = false +} + +variable "monitoring_interval" { + description = "Enhanced Monitoring interval in seconds" + type = number + default = 1 + validation { + condition = contains([0, 1, 5, 10, 15, 30, 60], var.monitoring_interval) + error_message = "Valid values for var: monitoring_interval are (0, 1, 5, 10, 15, 30, 60)." + } +} +variable "storage_encrypted" { + description = "Specifies whether the underlying storage layer should be encrypted" + type = bool + default = false +} \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..dce72c0 --- /dev/null +++ b/locals.tf @@ -0,0 +1,117 @@ +locals { + apg_cluster_pgroup_params = [{ + name = "rds.force_autovacuum_logging_level" + value = "warning" + apply_method = "immediate" + },{ + name = "rds.force_admin_logging_level" + value = "warning" + apply_method = "immediate" + },{ + name = "rds.enable_plan_management" + value = 1 + apply_method = "pending-reboot" + }] + + apg_db_pgroup_params = [{ + name = "shared_preload_libraries" + value = "auto_explain,pg_stat_statements,pg_hint_plan,pgaudit" + apply_method = "pending-reboot" + },{ + name = "log_lock_waits" + value = 1 + apply_method = "immediate" + },{ + name = "log_statement" + value = "ddl" + apply_method = "immediate" + },{ + name = "log_temp_files" + value = 4096 + apply_method = "immediate" + },{ + name = "log_min_duration_statement" + value = 5000 + apply_method = "immediate" + },{ + name = "auto_explain.log_min_duration" + value = 5000 + apply_method = "immediate" + },{ + name = "auto_explain.log_verbose" + value = 1 + apply_method = "immediate" + },{ + name = "log_rotation_age" + value = 1440 + apply_method = "immediate" + },{ + name = "log_rotation_size" + value = "102400" + apply_method = "immediate" + },{ + name = "rds.log_retention_period" + value = 10080 + apply_method = "immediate" + },{ + name = "random_page_cost" + value = 1 + apply_method = "immediate" + },{ + name = "track_activity_query_size" + value = 16384 + apply_method = "pending-reboot" + },{ + name = "idle_in_transaction_session_timeout" + value = 7200000 + apply_method = "immediate" + },{ + name = "statement_timeout" + value = 7200000 + apply_method = "immediate" + },{ + name = "apg_plan_mgmt.capture_plan_baselines" + value = "automatic" + apply_method = "immediate" + },{ + name = "apg_plan_mgmt.use_plan_baselines" + value = true + apply_method = "immediate" + },{ + name = "apg_plan_mgmt.plan_retention_period" + value = 90 + apply_method = "pending-reboot" + },{ + name = "apg_plan_mgmt.unapproved_plan_execution_threshold" + value = 100 + apply_method = "immediate" + }] + + mysql_cluster_pgroup_params = [{ + name = "time_zone" + value = "UTC" + apply_method = "immediate" + },{ + name = "server_audit_logging" + value = 1 + apply_method = "immediate" + },{ + name = "server_audit_events" + value = "QUERY_DCL,QUERY_DDL,CONNECT" + apply_method = "immediate" + }] + + mysql_db_pgroup_params = [{ + name = "slow_query_log" + value = 1 + apply_method = "immediate" + },{ + name = "long_query_time" + value = 10 + apply_method = "immediate" + },{ + name = "innodb_print_all_deadlocks" + value = 1 + apply_method = "immediate" + }] +} \ No newline at end of file diff --git a/main.tf b/main.tf index 748fffa..5263563 100644 --- a/main.tf +++ b/main.tf @@ -1,85 +1,334 @@ ########### # Defaults -########## +########### terraform { required_version = ">= 0.14" - + backend "remote" {} } -###### -# Create Uniquie password -###### +provider "aws" { + alias = "primary" + region = var.region +} -resource "random_password" "master_password" { - length = 10 - special = false +provider "aws" { + alias = "secondary" + region = var.sec_region } -###### +######################### # Collect data -###### +######################### -data "aws_availability_zones" "available" { - state = "available" +data "aws_availability_zones" "region_p" { + state = "available" + provider = aws.primary } +data "aws_availability_zones" "region_s" { + state = "available" + provider = aws.secondary +} + +/* data "aws_subnet_ids" "private" { vpc_id = var.vpc_id } +*/ + +data "aws_rds_engine_version" "family" { + engine = var.engine + version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + provider = aws.primary +} + +data "aws_iam_policy_document" "monitoring_rds_assume_role" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["monitoring.rds.amazonaws.com"] + } + } +} + +data "aws_partition" "current" {} + +######################### +# Create Unique password +######################### + +resource "random_password" "master_password" { + length = 10 + special = false +} -resource "aws_db_subnet_group" "private-2" { - name = "${var.name}-main" - subnet_ids = data.aws_subnet_ids.private.ids +########### +# DB Subnet +########### + +resource "aws_db_subnet_group" "private_p" { + provider = aws.primary + name = "${var.name}-sg" + subnet_ids = var.Private_subnet_ids_p + tags = { + Name = "My DB subnet group" + } +} - tags = { +resource "aws_db_subnet_group" "private_s" { + provider = aws.secondary + count = var.setup_globaldb ? 1 : 0 + name = "${var.name}-sg" + subnet_ids = var.Private_subnet_ids_s + tags = { Name = "My DB subnet group" } } +########### +# KMS +########### + +resource "aws_kms_key" "kms_p" { + provider = aws.primary + count = var.storage_encrypted ? 1 : 0 + description = "KMS key for Aurora Storage Enryption" + tags = var.tags + # following causes terraform destory to fail. But this is needed so that old Aurora encrypted snapshots can be restored. + lifecycle { + prevent_destroy = true + } +} + +resource "aws_kms_key" "kms_s" { + provider = aws.secondary + count = var.setup_globaldb && var.storage_encrypted ? 1 : 0 + description = "KMS key for Aurora Storage Enryption" + tags = var.tags + # following causes terraform destory to fail. But this is needed so that old Aurora encrypted snapshots can be restored. + lifecycle { + prevent_destroy = true + } +} + +########### +# IAM +########### + +resource "aws_iam_role" "rds_enhanced_monitoring" { + description = "IAM Role for RDS Enhanced monitoring" + path = "/" + assume_role_policy = data.aws_iam_policy_document.monitoring_rds_assume_role.json + managed_policy_arns = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"] + tags = var.tags +} + ############# # RDS Aurora ############# -resource "aws_rds_cluster" "postgresql" { - cluster_identifier = var.identifier - engine = var.engine - availability_zones = [data.aws_availability_zones.available.names[0], data.aws_availability_zones.available.names[1]] - database_name = var.database_name - master_username = var.username - master_password = var.password == "" ? random_password.master_password.result : var.password - backup_retention_period = var.backup_retention_period - preferred_backup_window = var.preferred_backup_window - engine_version = var.engine_version - db_subnet_group_name = aws_db_subnet_group.private-2.name - port = var.port == "" ? var.engine == "aurora-postgresql" ? "5432" : "3306" : var.port - storage_encrypted = var.storage_encrypted - skip_final_snapshot = var.skip_final_snapshot - tags = var.tags + +# Aurora Global DB +resource "aws_rds_global_cluster" "globaldb" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.primary + global_cluster_identifier = "${var.identifier}-globaldb" + engine = var.engine + engine_version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + storage_encrypted = var.storage_encrypted +} + +resource "aws_rds_cluster" "primary" { + provider = aws.primary + global_cluster_identifier = var.setup_globaldb ? aws_rds_global_cluster.globaldb[0].id : null + cluster_identifier = "${var.identifier}-${var.region}" + engine = var.engine + engine_version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + availability_zones = [data.aws_availability_zones.region_p.names[0], data.aws_availability_zones.region_p.names[1], data.aws_availability_zones.region_p.names[2]] + db_subnet_group_name = aws_db_subnet_group.private_p.name + port = var.port == "" ? var.engine == "aurora-postgresql" ? "5432" : "3306" : var.port + database_name = var.database_name + master_username = var.username + master_password = var.password == "" ? random_password.master_password.result : var.password + db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_cluster_parameter_group_p.id + backup_retention_period = var.backup_retention_period + preferred_backup_window = var.preferred_backup_window + storage_encrypted = var.storage_encrypted + kms_key_id = var.storage_encrypted ? aws_kms_key.kms_p[0].arn : null + apply_immediately = true + skip_final_snapshot = var.skip_final_snapshot + tags = var.tags + lifecycle { + ignore_changes = [ + replication_source_identifier, + ] + } } -resource "aws_rds_cluster_instance" "postgresql" { - count = 3 - identifier = "${var.name}-${count.index + 1}" - cluster_identifier = aws_rds_cluster.postgresql.id - engine = aws_rds_cluster.postgresql.engine - engine_version = aws_rds_cluster.postgresql.engine_version - auto_minor_version_upgrade = var.auto_minor_version_upgrade - instance_class = var.instance_class - db_subnet_group_name = aws_db_subnet_group.private-2.name - tags = var.tags +resource "aws_rds_cluster_instance" "primary" { + count = 2 + provider = aws.primary + identifier = "${var.name}-${var.region}-${count.index + 1}" + cluster_identifier = aws_rds_cluster.primary.id + engine = aws_rds_cluster.primary.engine + engine_version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + auto_minor_version_upgrade = var.setup_globaldb ? false : var.auto_minor_version_upgrade + instance_class = var.instance_class + db_subnet_group_name = aws_db_subnet_group.private_p.name + db_parameter_group_name = aws_db_parameter_group.aurora_db_parameter_group_p.id + performance_insights_enabled = true + monitoring_interval = var.monitoring_interval + monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn + apply_immediately = true + tags = var.tags } -resource "aws_sns_topic" "default" { - name = "rds-events" +# Secondary Aurora Cluster +resource "aws_rds_cluster" "secondary" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + global_cluster_identifier = aws_rds_global_cluster.globaldb[0].id + cluster_identifier = "${var.identifier}-${var.sec_region}" + engine = var.engine + engine_version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + availability_zones = [data.aws_availability_zones.region_s.names[0], data.aws_availability_zones.region_s.names[1], data.aws_availability_zones.region_s.names[2]] + db_subnet_group_name = aws_db_subnet_group.private_s[0].name + port = var.port == "" ? var.engine == "aurora-postgresql" ? "5432" : "3306" : var.port + db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_cluster_parameter_group_s[0].id + backup_retention_period = var.backup_retention_period + preferred_backup_window = var.preferred_backup_window + source_region = var.storage_encrypted ? var.region : null + kms_key_id = var.storage_encrypted ? aws_kms_key.kms_s[0].arn : null + apply_immediately = true + skip_final_snapshot = var.skip_final_snapshot + tags = var.tags + depends_on = [ + aws_rds_cluster.primary, + ] + lifecycle { + ignore_changes = [ + replication_source_identifier, + ] + } +} + +# Secondary Cluster Instances +resource "aws_rds_cluster_instance" "secondary" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + identifier = "${var.name}-${var.sec_region}-${count.index + 1}" + cluster_identifier = aws_rds_cluster.secondary[0].id + engine = var.engine + engine_version = var.engine == "aurora-postgresql" ? var.engine_version_pg : var.engine_version_mysql + auto_minor_version_upgrade = false + instance_class = var.instance_class + db_subnet_group_name = aws_db_subnet_group.private_s[0].name + db_parameter_group_name = aws_db_parameter_group.aurora_db_parameter_group_s[0].id + performance_insights_enabled = true + monitoring_interval = var.monitoring_interval + monitoring_role_arn = aws_iam_role.rds_enhanced_monitoring.arn + apply_immediately = true + tags = var.tags + depends_on = [ + aws_rds_cluster.primary, + ] } -resource "aws_db_event_subscription" "default" { - name = "${var.name}-rds-event-sub" - sns_topic = aws_sns_topic.default.arn +############################# +# RDS Aurora Parameter Groups +############################## + +resource "aws_rds_cluster_parameter_group" "aurora_cluster_parameter_group_p" { + provider = aws.primary + name = "${var.name}-cluster-parameter-group" + family = data.aws_rds_engine_version.family.parameter_group_family + description = "aurora-cluster-parameter-group" + + dynamic "parameter" { + for_each = var.engine == "aurora-postgresql" ? local.apg_cluster_pgroup_params : local.mysql_cluster_pgroup_params + iterator = pblock + + content { + name = pblock.value.name + value = pblock.value.value + apply_method = pblock.value.apply_method + } + } +} + +resource "aws_db_parameter_group" "aurora_db_parameter_group_p" { + provider = aws.primary + name = "${var.name}-db-parameter-group" + family = data.aws_rds_engine_version.family.parameter_group_family + description = "aurora-db-parameter-group" + + dynamic "parameter" { + for_each = var.engine == "aurora-postgresql" ? local.apg_db_pgroup_params : local.mysql_db_pgroup_params + iterator = pblock + + content { + name = pblock.value.name + value = pblock.value.value + apply_method = pblock.value.apply_method + } + } +} - source_type = "db-cluster" - source_ids = [aws_rds_cluster.postgresql.id] +resource "aws_rds_cluster_parameter_group" "aurora_cluster_parameter_group_s" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + name = "${var.name}-cluster-parameter-group" + family = data.aws_rds_engine_version.family.parameter_group_family + description = "aurora-cluster-parameter-group" + dynamic "parameter" { + for_each = var.engine == "aurora-postgresql" ? local.apg_cluster_pgroup_params : local.mysql_cluster_pgroup_params + iterator = pblock + + content { + name = pblock.value.name + value = pblock.value.value + apply_method = pblock.value.apply_method + } + } +} + +resource "aws_db_parameter_group" "aurora_db_parameter_group_s" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + name = "${var.name}-db-parameter-group" + family = data.aws_rds_engine_version.family.parameter_group_family + description = "aurora-db-parameter-group" + + dynamic "parameter" { + for_each = var.engine == "aurora-postgresql" ? local.apg_db_pgroup_params : local.mysql_db_pgroup_params + iterator = pblock + + content { + name = pblock.value.name + value = pblock.value.value + apply_method = pblock.value.apply_method + } + } +} + +############################# +# Monitoring +############################## + +resource "aws_sns_topic" "default_p" { + provider = aws.primary + name = "rds-events" +} + +resource "aws_db_event_subscription" "default_p" { + provider = aws.primary + name = "${var.name}-rds-event-sub" + sns_topic = aws_sns_topic.default_p.arn + source_type = "db-cluster" + source_ids = [aws_rds_cluster.primary.id] event_categories = [ "creation", "deletion", @@ -90,14 +339,25 @@ resource "aws_db_event_subscription" "default" { ] } -resource "aws_db_parameter_group" "aurora_db_postgres11_parameter_group" { - name = "${var.name}-aurora-db-postgres11-parameter-group" - family = "aurora-postgresql11" - description = "aurora-db-postgres11-parameter-group" +resource "aws_sns_topic" "default_s" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + name = "rds-events" } -resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres11_parameter_group" { - name = "${var.name}-aurora-postgres11-cluster-parameter-group" - family = "aurora-postgresql11" - description = "aurora-postgres11-cluster-parameter-group" +resource "aws_db_event_subscription" "default_s" { + count = var.setup_globaldb ? 1 : 0 + provider = aws.secondary + name = "${var.name}-rds-event-sub" + sns_topic = aws_sns_topic.default_s[0].arn + source_type = "db-cluster" + source_ids = [aws_rds_cluster.secondary[0].id] + event_categories = [ + "creation", + "deletion", + "failover", + "failure", + "maintenance", + "notification", + ] } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index df1e22f..34c5830 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,63 +1,63 @@ // aws_rds_cluster -output "postgresql_rds_cluster_arn" { +output "aurora_cluster_arn" { description = "The ID of the cluster" - value = aws_rds_cluster.postgresql.arn + value = aws_rds_cluster.primary.arn } -output "postgresql_rds_cluster_id" { +output "aurora_cluster_id" { description = "The ID of the cluster" - value = aws_rds_cluster.postgresql.id + value = aws_rds_cluster.primary.id } -output "postgresql_rds_cluster_resource_id" { +output "aurora_cluster_resource_id" { description = "The Resource ID of the cluster" - value = aws_rds_cluster.postgresql.cluster_resource_id + value = aws_rds_cluster.primary.cluster_resource_id } -output "postgresql_rds_cluster_endpoint" { +output "aurora_cluster_endpoint" { description = "The cluster endpoint" - value = aws_rds_cluster.postgresql.endpoint + value = aws_rds_cluster.primary.endpoint } -output "postgresql_rds_cluster_reader_endpoint" { +output "aurora_cluster_reader_endpoint" { description = "The cluster reader endpoint" - value = aws_rds_cluster.postgresql.reader_endpoint + value = aws_rds_cluster.primary.reader_endpoint } // database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output -output "postgresql_rds_cluster_database_name" { +output "aurora_cluster_database_name" { description = "Name for an automatically created database on cluster creation" value = var.database_name } -output "postgresql_rds_cluster_master_password" { +output "aurora_cluster_master_password" { description = "The master password" - value = aws_rds_cluster.postgresql.master_password + value = aws_rds_cluster.primary.master_password sensitive = true } -output "postgresql_rds_cluster_port" { +output "aurora_cluster_port" { description = "The port" - value = aws_rds_cluster.postgresql.port + value = aws_rds_cluster.primary.port } -output "postgresql_rds_cluster_master_username" { +output "aurora_cluster_master_username" { description = "The master username" - value = aws_rds_cluster.postgresql.master_username + value = aws_rds_cluster.primary.master_username } -output "postgresql_rds_cluster_hosted_zone_id" { +output "aurora_cluster_hosted_zone_id" { description = "Route53 hosted zone id of the created cluster" - value = aws_rds_cluster.postgresql.hosted_zone_id + value = aws_rds_cluster.primary.hosted_zone_id } // aws_rds_cluster_instance -output "postgresql_rds_cluster_instance_endpoints" { +output "aurora_cluster_instance_endpoints" { description = "A list of all cluster instance endpoints" - value = aws_rds_cluster_instance.postgresql.*.endpoint + value = aws_rds_cluster_instance.primary.*.endpoint } -output "postgresql_rds_cluster_instance_ids" { +output "aurora_cluster_instance_ids" { description = "A list of all cluster instance ids" - value = aws_rds_cluster_instance.postgresql.*.id -} + value = aws_rds_cluster_instance.primary.*.id +} \ No newline at end of file diff --git a/setup_workspace/variables.tf b/setup_workspace/variables.tf index b69e1e1..7192c67 100644 --- a/setup_workspace/variables.tf +++ b/setup_workspace/variables.tf @@ -26,5 +26,4 @@ variable "working_directory" { variable "region" { type = string default = "us-east-2" -} - +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 82dce24..17b9377 100644 --- a/variables.tf +++ b/variables.tf @@ -1,23 +1,41 @@ variable "region" { type = string - description = "The name of the region you wish to deploy into" + description = "The name of the primary region you wish to deploy into" +} + +variable "sec_region" { + type = string + description = "The name of the secondary region you wish to deploy into" } variable "identifier" { description = "Cluster identifier" type = string - default = "rds" + default = "tfm-aurora" } + variable "name" { - description = "Name given resources" + description = "Prefix for resource names" type = string - default = "tfm-aws" + default = "tfm-aurora" } +/* variable "vpc_id" { type = string description = "VPC id" } +*/ + +variable "Private_subnet_ids_p" { + type = list(string) + description = "A list of private subnet IDs in your Primary AWS region VPC" +} + +variable "Private_subnet_ids_s" { + type = list(string) + description = "A list of private subnet IDs in your Secondary AWS region VPC" +} variable "allowed_security_groups" { description = "A list of Security Group ID's to allow access to." @@ -28,12 +46,13 @@ variable "allowed_security_groups" { variable "instance_class" { type = string description = "Instance type to use at replica instance" - default = "db.r4.large" + default = "db.r5.large" } variable "skip_final_snapshot" { type = string description = "skip creating a final snapshot before deleting the DB" + #set the value to false for actual workload default = true } @@ -87,23 +106,35 @@ variable "auto_minor_version_upgrade" { variable "storage_encrypted" { description = "Specifies whether the underlying storage layer should be encrypted" type = bool - default = true + default = false } variable "engine" { - description = "Aurora database engine type, currently aurora, aurora-postgresql" + description = "Aurora database engine type: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora), aurora-postgresql" type = string - default = "aurora" + default = "aurora-postgresql" } -variable "engine_version" { +variable "engine_version_pg" { description = "Aurora database engine version." type = string - default = "5.6.10a" + default = "12.4" +} + +variable "engine_version_mysql" { + description = "Aurora database engine version." + type = string + default = "5.7.mysql_aurora.2.10.0" +} + +variable "setup_globaldb" { + description = "Setup Aurora Global Database with 1 Primary and 1 X-region Secondary cluster" + type = bool + default = false } variable "replica_scale_enabled" { - description = "Whether to enable autoscaling for RDS Aurora (MySQL) read replicas" + description = "Whether to enable autoscaling for Aurora read replica auto scaling" type = bool default = false } @@ -114,4 +145,14 @@ variable "tags" { default = { Name = "tfm-aws-aurora-db" } +} + +variable "monitoring_interval" { + description = "Enhanced Monitoring interval in seconds" + type = number + default = 1 + validation { + condition = contains([0, 1, 5, 10, 15, 30, 60], var.monitoring_interval) + error_message = "Valid values for var: monitoring_interval are (0, 1, 5, 10, 15, 30, 60)." + } } \ No newline at end of file