Skip to content

Instantly share code, notes, and snippets.

@hirshant-sharma
Forked from tomfa/database.tf
Created March 20, 2023 10:03
Show Gist options
  • Save hirshant-sharma/50f0b7862d6838b77b0da16d5dcd4c75 to your computer and use it in GitHub Desktop.
Save hirshant-sharma/50f0b7862d6838b77b0da16d5dcd4c75 to your computer and use it in GitHub Desktop.
Draft EC2 instance with RDS using Terraform.
# TODO: THIS FILE MIGHT HAVE TO GO TO OWN FOLDER database/main.tf
variable "security_group_ids" {
description = "Ids of VPC Security groups"
type = list(string)
}
variable "database_password" {
description = "Enter a new root SQL password. This variable is ignored if the DB is already set up."
type = string
}
variable "subnet_ids" {
description = "Ids to subnets"
type = list(string)
}
module "rds" {
source = "terraform-aws-modules/rds/aws"
version = "~> 2.0"
identifier = "passboltdb"
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "5.7.19"
instance_class = "db.t3.micro"
allocated_storage = 5
storage_encrypted = false
# kms_key_id = "arm:aws:kms:<region>:<accound id>:key/<kms key id>"
name = "passboltdb"
username = "passboltuser"
password = var.database_password
port = "3306"
vpc_security_group_ids = var.security_group_ids
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = true
# disable backups to create DB faster
backup_retention_period = 0
tags = {
Owner = "user"
Environment = "passbolt-prod"
}
enabled_cloudwatch_logs_exports = ["audit", "general"]
# DB subnet group
subnet_ids = var.subnet_ids
# DB parameter group
family = "mysql5.7"
# DB option group
major_engine_version = "5.7"
# Snapshot name upon DB deletion
final_snapshot_identifier = "passboltdb"
# Database Deletion Protection
deletion_protection = true
parameters = [
{
name = "character_set_client"
value = "utf8"
},
{
name = "character_set_server"
value = "utf8"
}
]
options = [
{
option_name = "MARIADB_AUDIT_PLUGIN"
option_settings = [
{
name = "SERVER_AUDIT_EVENTS"
value = "CONNECT"
},
{
name = "SERVER_AUDIT_FILE_ROTATIONS"
value = "37"
},
]
},
]
}
output "this_db_instance_address" {
description = "The address of the RDS instance"
value = module.rds.this_db_instance_address
}
output "this_db_instance_arn" {
description = "The ARN of the RDS instance"
value = module.rds.this_db_instance_arn
}
output "this_db_instance_availability_zone" {
description = "The availability zone of the RDS instance"
value = module.rds.this_db_instance_availability_zone
}
output "this_db_instance_endpoint" {
description = "The connection endpoint"
value = module.rds.this_db_instance_endpoint
}
output "this_db_instance_hosted_zone_id" {
description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)"
value = module.rds.this_db_instance_hosted_zone_id
}
output "this_db_instance_id" {
description = "The RDS instance ID"
value = module.rds.this_db_instance_id
}
output "this_db_instance_resource_id" {
description = "The RDS Resource ID of this instance"
value = module.rds.this_db_instance_resource_id
}
output "this_db_instance_status" {
description = "The RDS instance status"
value = module.rds.this_db_instance_status
}
output "this_db_instance_name" {
description = "The database name"
value = module.rds.this_db_instance_name
}
output "this_db_instance_username" {
description = "The master username for the database"
value = module.rds.this_db_instance_username
}
output "this_db_instance_password" {
description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
value = module.rds.this_db_instance_password
}
output "this_db_instance_port" {
description = "The database port"
value = module.rds.this_db_instance_port
}
output "this_db_subnet_group_id" {
description = "The db subnet group name"
value = module.rds.this_db_subnet_group_id
}
output "this_db_subnet_group_arn" {
description = "The ARN of the db subnet group"
value = module.rds.this_db_subnet_group_arn
}
output "this_db_parameter_group_id" {
description = "The db parameter group id"
value = module.rds.this_db_parameter_group_id
}
output "this_db_parameter_group_arn" {
description = "The ARN of the db parameter group"
value = module.rds.this_db_parameter_group_arn
}
provider "aws" {
region = "eu-north-1"
}
resource "aws_key_pair" "passbolt" {
key_name = "passbolt-key"
public_key = "ssh-rsa 2134EXAMPLEqdNQ6GziBC6n8B9TvftGvHsKTYKQdVygP0+04qsV0XEVInl2iFbsmh/7/jnzvpyn4f17GJIfnTA/OEbVi8dmERctOv3tS7P3AhCU8eVXPVlgZwZyILGysK62wrr7Mg5jVHL/94Tr51P3G2yKkb0tonSnt7ENKywU7ndOiGYTsOwlvXXpt37mADmrkzPZMABwkEexxOlfYaVqUfvHtcKFd0MnuQrGRZ0oxzsluB3UkLNVvpwCK59bF4FhLE1aTclqNBseddPSf8Hr+yjInGq1v187w7OHSvzu7XrBnTGaFXav452Xcn/2BqbXMo9XSTWgvtFYfjOdqQGrci1bopK4RgKDJxvdJ4iTBkWDPqCGSfz8ADMjjERso3tedGsHXqx27Wxt0LMlu4ebBWp1W42zaDnLHRRAFl00j1uDogJ6qilQpXiVdtin4BQ8u71Vhl87U1dJc2h6HSYK2maUPOrei/zYiS82NRmpEt0WyBL02dv69LVY+7UuhtaUTLs= [email protected]"
}
variable "database_password" {
description = "Root SQL password"
}
variable "instances_number" {
default = 1
}
data "aws_vpc" "default" {
default = true
}
data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
}
data "aws_ami" "amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = [
"amzn2-ami-hvm-*-x86_64-gp2",
]
}
filter {
name = "owner-alias"
values = [
"amazon",
]
}
}
module "rds_security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3.0"
name = "rds"
description = "Security group allowing inbound sql connection from vpc"
vpc_id = data.aws_vpc.default.id
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_rules = ["mysql-tcp", "all-icmp"]
egress_rules = ["all-all"]
}
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3.0"
name = "ec2"
description = "Security group allowing http(s) and ssh"
vpc_id = data.aws_vpc.default.id
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_rules = ["http-80-tcp", "https-443-tcp", "ssh-tcp", "all-icmp"]
egress_rules = ["all-all"]
}
module "ec2" {
source = "terraform-aws-modules/ec2-instance/aws"
version = "~> 2.0"
instance_count = var.instances_number
name = "passbolt"
ami = data.aws_ami.amazon_linux.id
key_name = aws_key_pair.passbolt.key_name
instance_type = "t3.micro"
subnet_id = tolist(data.aws_subnet_ids.all.ids)[0]
vpc_security_group_ids = [module.security_group.this_security_group_id]
associate_public_ip_address = true
}
resource "aws_volume_attachment" "this_ec2" {
count = var.instances_number
device_name = "/dev/sdh"
volume_id = aws_ebs_volume.this[count.index].id
instance_id = module.ec2.id[count.index]
}
module "database" {
# TODO: THIS MIGHT HAVE TO CHANGE TO ./database
source = "./database.tf"
security_group_ids = [module.rds_security_group.this_security_group_id]
database_password = var.database_password
subnet_ids = tolist(data.aws_subnet_ids.all.ids)
}
resource "aws_ebs_volume" "this" {
count = var.instances_number
availability_zone = module.ec2.availability_zone[count.index]
size = 1
}
output "instances_public_ips" {
description = "Public IPs assigned to the EC2 instance"
value = module.ec2.public_ip
}
output "ebs_volume_attachment_id" {
description = "The volume ID"
value = aws_volume_attachment.this_ec2.*.volume_id
}
output "ebs_volume_attachment_instance_id" {
description = "The instance ID"
value = aws_volume_attachment.this_ec2.*.instance_id
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment