Aurora Global Database Setup and other updates

.gitignore

@@ -34,3 +34,5 @@ override.tf.json
 terraform.rc
 
 .terraform.lock.hcl
+
+backend.hcl

README.md

@@ -4,34 +4,41 @@ Authors: David Wright ([email protected]) and Tony Vattahil ([email protected]
 To deploy the Terraform Amazon Aurora module, do the following:
 
 1. Install Terraform. For instructions and a video tutorial, see [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli). 
+
 2. Sign up and log into Terraform Cloud. (There is a free tier available.)
+
 3. Configure Terraform Cloud API access. Run the following to generate a Terraform Cloud token from the command line interface:
 ```
 terraform login
-Export the TERRAFORM_CONFIG variable
+
+--For Mac/Linux
 export TERRAFORM_CONFIG="$HOME/.terraform.d/credentials.tfrc.json"
+
+--For Windows
+export TERRAFORM_CONFIG="$HOME/AppData/Roaming/terraform.d/credentials.tfrc.json"
 ```
 
 4. Configure the AWS Command Line Interface (AWS CLI). For more information, see [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html).
+
 5. If you don't have git installed, [install git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git). 
+
 6. Clone this **aws-ia/terraform-aws-rds-aurora** repository using the following command:
 
-   `git clone https://github.com/aws-ia/terraform-aws-rds-aurora`
+   `git clone https://github.com/aws-ia/terraform-aws-rds-aurora.git`
 
 7. Change directory to the root repository directory.
 
    `cd terraform-aws-rds-aurora/`
 
-8. Change to the deploy directory.
-
-   - For a new virtual private cloud (VPC), use `cd setup_workspace`. 
-   - For an existing VPC, pass the VPC ID directly to the module.
-
-9. To perform operations locally, do the following: 
+8. For setting up a new terraform workspace:
+
+      - `cd setup_workspace`
+      - `terraform init`
+      - `terraform apply`
+
+9. To create new VPC and deploy Aurora module:
+      - Change to the deploy directory. Run `cd ../deploy`
+      - Initialize the deploy directory. Run `terraform init`.
+      - Start a Terraform run using the configuration files in your deploy directory. Run `terraform apply`  or `terraform apply -var-file="$HOME/.aws/terraform.tfvars"` (Note: The deployment is remotely run in Terraform Cloud)
 
-   a. Initialize the deploy directory. Run `terraform init`.  
-   b. Start a Terraform run using the configuration files in your deploy directory. Run `terraform apply` or `terraform apply  -var-file="$HOME/.aws/terraform.tfvars"`.
-
-10. Change to the deploy directory with `cd ../deploy`.
-11. Run `terraform init`.
-12. Run `terraform apply` or Run `terraform apply  -var-file="$HOME/.aws/terraform.tfvars"`. `Terraform apply` is remotely run in Terraform Cloud. 
+   For existing VPCs, pass the list of private subnets (var.Private_subnet_ids_p & var.Private_subnet_ids_s) directly to the Aurora module.

deploy/main.tf

@@ -17,6 +17,10 @@ resource "random_string" "rand4" {
   upper   = false
 }
 
+######################################
+# Generate Tags
+######################################
+
 module "vpc_label" {
   source    = "aws-ia/label/aws"
   version   = "0.0.2"
@@ -32,25 +36,49 @@ module "vpc_label" {
 # Create VPC
 ######################################
 
-module "aurora_vpc" {
-  source            = "aws-ia/vpc/aws"
-  version           = "0.0.2"
-  region            = var.region
-  cidr              = "10.0.0.0/16"
-  public_subnets    = ["10.0.128.0/20", "10.0.144.0/20", "10.0.160.0/20", "10.0.176.0/20", "10.0.240.0/22", "10.0.244.0/22"]
-  private_subnets_A = ["10.0.0.0/19", "10.0.32.0/19", "10.0.64.0/19", "10.0.96.0/19", "10.0.232.0/22", "10.0.236.0/22"]
-  tags              = module.vpc_label.tags
+module "aurora_vpc_p" {
+  source                = "aws-ia/vpc/aws"
+  version               = "0.0.3"
+  name                  = "aurora-vpc"
+  region                = var.region
+  cidr                  = "10.0.0.0/16"
+  public_subnets        = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"]
+  private_subnets_A     = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"]
+  enable_dns_hostnames  = true
+  tags                  = module.vpc_label.tags
+  create_vpc            = true
+}
+
+module "aurora_vpc_s" {
+  source                = "aws-ia/vpc/aws"
+  version               = "0.0.3"
+  name                  = "aurora-vpc"
+  region                = var.sec_region
+  cidr                  = "10.0.0.0/16"
+  public_subnets        = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"]
+  private_subnets_A     = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"]
+  enable_dns_hostnames  = true
+  tags                  = module.vpc_label.tags
+  create_vpc            = var.setup_globaldb ? true : false
 }
 
 ######################################
 # Create Aurora DB
 ######################################
 
 module "aurora" {
-  depends_on = [module.aurora_vpc]
-  source     = "../"
-  region     = var.region
-  vpc_id     = module.aurora_vpc.vpc_id
-  password   = var.password
-  tags       = module.vpc_label.tags
+  source                = "../"
+  region                = var.region
+  sec_region            = var.sec_region
+  #vpc_id               = module.aurora_vpc.vpc_id
+  Private_subnet_ids_p  = [module.aurora_vpc_p.PrivateSubnet1AID, module.aurora_vpc_p.PrivateSubnet2AID, module.aurora_vpc_p.PrivateSubnet3AID]
+  Private_subnet_ids_s  = var.setup_globaldb ? [module.aurora_vpc_s.PrivateSubnet1AID, module.aurora_vpc_s.PrivateSubnet2AID, module.aurora_vpc_s.PrivateSubnet3AID] : null
+  engine                = var.engine
+  engine_version_pg     = var.engine_version_pg
+  engine_version_mysql  = var.engine_version_mysql
+  password              = var.password
+  setup_globaldb        = var.setup_globaldb
+  tags                  = module.vpc_label.tags
+  monitoring_interval   = var.monitoring_interval
+  storage_encrypted     = var.storage_encrypted
 }

deploy/variables.tf

@@ -1,6 +1,13 @@
 variable "region" {
-  default = "us-west-1"
+  description = "The name of the primary region you wish to deploy into"
+  default = "us-east-2"
 }
+
+variable "sec_region" {
+  description = "The name of the secondary region you wish to deploy into"
+  default = "us-west-2"
+}
+
 variable "namespace" {
   description = "namespace, which could be your organiation name, e.g. amazon"
   default     = "aws"
@@ -9,10 +16,6 @@ variable "env" {
   description = "environment, e.g. 'sit', 'uat', 'prod' etc"
   default     = "dev"
 }
-variable "account" {
-  description = "account, which could be AWS Account Name or Number"
-  default     = "rds-test"
-}
 variable "name" {
   description = "deployment name"
   default     = "aurora"
@@ -21,17 +24,51 @@ variable "delimiter" {
   description = "delimiter, which could be used between name, namespace and env"
   default     = "-"
 }
-variable "attributes" {
-  default     = []
-  description = "atttributes, which could be used for additional attributes"
-}
-
 variable "password" {
   default     = ""
-  description = "If not password is provided a random password will be generated"
+  description = "If no password is provided, a random password will be generated"
 }
 variable "tags" {
   default     = {}
   description = "tags, which could be used for additional tags"
 }
+variable "engine" {
+  description = "Aurora database engine type: aurora, aurora-mysql, aurora-postgresql"
+  type        = string
+  default     = "aurora-postgresql"
+  #default     = "aurora-mysql"
+}
+
+variable "engine_version_pg" {
+  description = "Aurora database engine version."
+  type        = string
+  default     = "12.4"
+}
+
+variable "engine_version_mysql" {
+  description = "Aurora database engine version."
+  type        = string
+  default     = "5.7.mysql_aurora.2.10.0"
+}
+
+variable "setup_globaldb" {
+  description = "Setup Aurora Global Database with 1 Primary and 1 X-region Secondary cluster"
+  type        = bool
+  default     = false
+}
+
+variable "monitoring_interval" {
+  description = "Enhanced Monitoring interval in seconds"
+  type        = number
+  default     = 1
+  validation {
+    condition     = contains([0, 1, 5, 10, 15, 30, 60], var.monitoring_interval)
+    error_message = "Valid values for var: monitoring_interval are (0, 1, 5, 10, 15, 30, 60)."
+  } 
+}
 
+variable "storage_encrypted" {
+  description = "Specifies whether the underlying storage layer should be encrypted"
+  type        = bool
+  default     = false
+}

locals.tf

@@ -0,0 +1,117 @@
+locals {
+  apg_cluster_pgroup_params = [{
+      name  = "rds.force_autovacuum_logging_level"
+      value = "warning"
+      apply_method = "immediate"
+  },{
+      name  = "rds.force_admin_logging_level"
+      value = "warning"
+      apply_method = "immediate"
+  },{
+      name  = "rds.enable_plan_management"
+      value = 1
+      apply_method = "pending-reboot"
+  }]
+
+  apg_db_pgroup_params = [{
+      name  = "shared_preload_libraries"
+      value = "auto_explain,pg_stat_statements,pg_hint_plan,pgaudit"
+      apply_method = "pending-reboot"
+  },{
+      name  = "log_lock_waits"
+      value = 1
+      apply_method = "immediate"
+  },{
+      name  = "log_statement"
+      value = "ddl"
+      apply_method = "immediate"
+  },{
+      name  = "log_temp_files"
+      value = 4096
+      apply_method = "immediate"
+  },{
+      name  = "log_min_duration_statement"
+      value = 5000
+      apply_method = "immediate"
+  },{
+      name  = "auto_explain.log_min_duration"
+      value = 5000
+      apply_method = "immediate"
+  },{
+      name  = "auto_explain.log_verbose"
+      value = 1
+      apply_method = "immediate"
+  },{
+      name  = "log_rotation_age"
+      value = 1440
+      apply_method = "immediate"
+  },{
+      name  = "log_rotation_size"
+      value = "102400"
+      apply_method = "immediate"
+  },{
+      name  = "rds.log_retention_period"
+      value = 10080
+      apply_method = "immediate"
+  },{
+      name  = "random_page_cost"
+      value = 1
+      apply_method = "immediate"
+  },{
+      name  = "track_activity_query_size"
+      value = 16384
+      apply_method = "pending-reboot"
+  },{
+      name  = "idle_in_transaction_session_timeout"
+      value = 7200000
+      apply_method = "immediate"
+  },{
+      name  = "statement_timeout"
+      value = 7200000
+      apply_method = "immediate"
+  },{
+      name  = "apg_plan_mgmt.capture_plan_baselines"
+      value = "automatic"
+      apply_method = "immediate"
+  },{
+      name  = "apg_plan_mgmt.use_plan_baselines"
+      value = true
+      apply_method = "immediate"
+  },{
+      name  = "apg_plan_mgmt.plan_retention_period"
+      value = 90
+      apply_method = "pending-reboot"
+  },{
+      name  = "apg_plan_mgmt.unapproved_plan_execution_threshold"
+      value = 100
+      apply_method = "immediate"
+  }]
+
+  mysql_cluster_pgroup_params = [{
+      name  = "time_zone"
+      value = "UTC"
+      apply_method = "immediate"
+  },{
+      name  = "server_audit_logging"
+      value = 1
+      apply_method = "immediate"
+  },{
+      name  = "server_audit_events"
+      value = "QUERY_DCL,QUERY_DDL,CONNECT"
+      apply_method = "immediate"
+  }]
+
+  mysql_db_pgroup_params = [{
+      name  = "slow_query_log"
+      value = 1
+      apply_method = "immediate"
+  },{
+      name  = "long_query_time"
+      value = 10
+      apply_method = "immediate"
+  },{
+      name  = "innodb_print_all_deadlocks"
+      value = 1
+      apply_method = "immediate"
+  }]
+}