Skip to content

Commit

Permalink
Update database replica configuration (#28)
Browse files Browse the repository at this point in the history 
- Removes conflicting variables.
- Adds `security_groups` option support on ingress block.
- Adds `Group` tag.
- Fix `postgresql_replicate_source_db` with default value being `null`.
  • Loading branch information
@bennsimon
bennsimon authored May 17, 2024
1 parent 3b6e4cb commit d3fccde
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 11 deletions.
13 changes: 8 additions & 5 deletions network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ resource "aws_security_group" "firewall_rule" {
vpc_id = var.postgresql_vpc_id

ingress {
from_port = var.postgresql_port
to_port = var.postgresql_port
protocol = "tcp"
cidr_blocks = var.postgresql_firewall_rule_ingress_cidr_blocks
from_port = var.postgresql_port
to_port = var.postgresql_port
protocol = "tcp"
security_groups = var.postgresql_firewall_rule_ingress_security_groups
cidr_blocks = var.postgresql_firewall_rule_ingress_cidr_blocks
}

egress {
Expand All @@ -31,6 +32,7 @@ resource "aws_security_group" "firewall_rule" {
EndDate = var.postgresql_end_date
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand All @@ -45,6 +47,7 @@ resource "aws_db_subnet_group" "main" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand All @@ -55,5 +58,5 @@ resource "aws_route53_record" "main" {
type = "CNAME"
allow_overwrite = var.allow_dns_record_overwrite
ttl = "300"
records = [length(var.postgresql_source_snapshot_identifier) == 0 ? (length(var.postgresql_replicate_source_db) == 0 ? aws_db_instance.blank-database[0].address : aws_db_instance.replica-database[0].address) : aws_db_instance.from-snapshot[0].address]
records = [length(var.postgresql_source_snapshot_identifier) == 0 ? (var.postgresql_replicate_source_db == null ? aws_db_instance.blank-database[0].address : aws_db_instance.replica-database[0].address) : aws_db_instance.from-snapshot[0].address]
}
12 changes: 6 additions & 6 deletions storage.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "aws_db_instance" "blank-database" {
final_snapshot_identifier = var.postgresql_name
backup_retention_period = var.postgresql_backup_retention_period
backup_window = var.postgresql_backup_window
replicate_source_db = length(var.postgresql_source_snapshot_identifier) == 0 && length(var.postgresql_replicate_source_db) != 0 ? var.postgresql_replicate_source_db : null
replicate_source_db = length(var.postgresql_source_snapshot_identifier) == 0 && var.postgresql_replicate_source_db != null ? var.postgresql_replicate_source_db : null
publicly_accessible = var.postgresql_publicly_accessible
performance_insights_enabled = var.postgresql_performance_insights_enabled
enabled_cloudwatch_logs_exports = ["postgresql"]
Expand All @@ -35,6 +35,7 @@ resource "aws_db_instance" "blank-database" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand Down Expand Up @@ -66,6 +67,7 @@ resource "aws_db_instance" "from-snapshot" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}

lifecycle {
Expand All @@ -86,19 +88,14 @@ resource "aws_db_instance" "replica-database" {
identifier = var.postgresql_name
allocated_storage = var.postgresql_allocated_storage
storage_type = var.postgresql_storage_type
engine = "postgres"
engine_version = var.postgresql_version
instance_class = var.postgresql_instance_class
db_name = var.postgresql_db_name
username = var.postgresql_username
parameter_group_name = aws_db_parameter_group.main.name
db_subnet_group_name = aws_db_subnet_group.main.name
deletion_protection = var.postgresql_deletion_protection
multi_az = var.postgresql_multi_az
port = var.postgresql_port
copy_tags_to_snapshot = var.postgresql_copy_tags_to_snapshot
storage_encrypted = var.postgresql_storage_encrypted
kms_key_id = aws_kms_key.main.arn
vpc_security_group_ids = [aws_security_group.firewall_rule.id]
replicate_source_db = var.is_promoted_to_standalone ? "" : var.postgresql_replicate_source_db
publicly_accessible = var.postgresql_publicly_accessible
Expand All @@ -115,6 +112,7 @@ resource "aws_db_instance" "replica-database" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand Down Expand Up @@ -175,6 +173,7 @@ resource "aws_db_parameter_group" "main" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand All @@ -187,6 +186,7 @@ resource "aws_kms_key" "main" {
ProjectList = var.postgresql_project
DeploymentType = var.postgresql_deployment_type
EndDate = var.postgresql_end_date
Group = "${var.postgresql_project}-${var.postgresql_env}"
}
}

Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,3 +370,9 @@ variable "allow_dns_record_overwrite" {
default = false
description = "Allow creation of this record in Terraform to overwrite an existing record, if any."
}

variable "postgresql_firewall_rule_ingress_security_groups" {
type = list(string)
default = []
description = "Security groups to allow to access the PostgreSQL instance"
}

0 comments on commit d3fccde

Please sign in to comment.