diff --git a/documentation/rds-bastion.md b/documentation/rds-bastion.md index d3622aa..c24d0ea 100644 --- a/documentation/rds-bastion.md +++ b/documentation/rds-bastion.md @@ -7,19 +7,20 @@ The bastion doesn't have any service exposed to the public like a "jump box" bas The routine is - Enable + - Enable the bastion via an "enable" flag set in AWS SSM Parameter Store to `true`. - Deploy by running the CI pipeline. - Create an SSM Session. - Carry out required procedure - Configure + - Simple set up to enable assuming a role - Removal - Disallow the bastion via an "enable" flag set in AWS SSM Parameter Store to `false`. - Omit by running the CI pipeline. - ## Enable ### Spin up a bastion @@ -40,6 +41,7 @@ make aws_describe_instances ``` Then identify the running bastion host + ``` i-019174128cf7b4563| t3a.small | None | running | mojo-production-rds-admin-bastion ``` @@ -80,7 +82,7 @@ then access to the s3 bucket ``` aws s3 ls s3://mojo-file-transfer/ --profile s3-role; -```` +``` ## Get a DB dump @@ -93,16 +95,19 @@ make shell the issue a terraform command to get the database details Admin (dhcp & dns) + ```shell terraform output -json terraform_outputs | jq '.admin.db' ``` DHCP + ```shell terraform output -json terraform_outputs | jq '.dhcp.db' ``` -Admin (NAC)* note: NAC code used `rds` as module name. +Admin (NAC)\* note: NAC code used `rds` as module name. + ```shell terraform output -json terraform_outputs | jq '.admin.rds' ``` @@ -113,7 +118,7 @@ To get the password run ./scripts/get_db_parameters.sh ``` -## DHCP Database Backup and Restore +## DHCP Database Backup and Restore In order to connect to the database the following items will be needed. @@ -168,7 +173,7 @@ show databases; ### Use the database and see the table names ```sql -mysql> +mysql> use staffdevicedevelopmentdhcpadmin; show tables; ``` diff --git a/modules/admin/outputs.tf b/modules/admin/outputs.tf index 2e88dba..a06b577 100644 --- a/modules/admin/outputs.tf +++ b/modules/admin/outputs.tf @@ -26,11 +26,11 @@ output "rds" { admin_db_id = var.run_restore_from_backup ? element(aws_db_instance.admin_db_restored.*.id, 0) : aws_db_instance.admin_db.id admin_db_arn = var.run_restore_from_backup ? element(aws_db_instance.admin_db_restored.*.arn, 0) : aws_db_instance.admin_db.arn rds_monitoring_role = aws_iam_role.rds_monitoring_role.arn - fqdn = aws_route53_record.admin_db.fqdn - endpoint = aws_db_instance.admin_db.endpoint - name = aws_db_instance.admin_db.name - port = aws_db_instance.admin_db.port - username = aws_db_instance.admin_db.username + fqdn = aws_route53_record.admin_db.fqdn + endpoint = aws_db_instance.admin_db.endpoint + name = aws_db_instance.admin_db.name + port = aws_db_instance.admin_db.port + username = aws_db_instance.admin_db.username } }