generated from DNXLabs/terraform-aws-template
-
Notifications
You must be signed in to change notification settings - Fork 9
/
rds.tf
138 lines (124 loc) · 5.34 KB
/
rds.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
resource "random_string" "rds_db_password" {
length = 34
special = false
}
resource "aws_db_instance" "rds_db" {
count = var.db_type == "rds" ? 1 : 0
publicly_accessible = var.publicly_accessible
allocated_storage = var.allocated_storage
max_allocated_storage = var.max_allocated_storage
storage_type = var.storage_type
iops = var.iops
license_model = var.license_model
engine = var.engine
engine_version = var.engine_version
instance_class = var.instance_class
db_name = var.database_name
backup_retention_period = var.retention
identifier = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier
username = var.user
password = random_string.rds_db_password.result
db_subnet_group_name = try(aws_db_subnet_group.rds_subnet_group[0].id, var.db_subnet_group_id)
vpc_security_group_ids = [aws_security_group.rds_db.id]
apply_immediately = var.apply_immediately
skip_final_snapshot = var.skip_final_snapshot
snapshot_identifier = var.snapshot_identifier != "" ? var.snapshot_identifier : null
kms_key_id = var.kms_key_arn
multi_az = var.multi_az
storage_encrypted = var.storage_encrypted
parameter_group_name = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : ""
option_group_name = var.create_db_option_group == true ? aws_db_option_group.rds_custom_db_og[count.index].name : ""
deletion_protection = var.deletion_protection
performance_insights_enabled = var.performance_insights_enabled
enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
monitoring_interval = var.monitoring_interval
monitoring_role_arn = var.monitoring_interval > 0 ? aws_iam_role.rds_monitoring[count.index].arn : ""
maintenance_window = var.maintenance_window
backup_window = var.backup_window
final_snapshot_identifier = var.final_snapshot_identifier == "" ? "${var.environment_name}-${var.name}-final-snapshot" : var.final_snapshot_identifier
auto_minor_version_upgrade = var.auto_minor_version_upgrade
tags = {
Backup = var.backup
Identifier = var.identifier == "" ? "${var.environment_name}-${var.name}" : var.identifier
}
}
resource "aws_db_parameter_group" "rds_custom_db_pg" {
count = var.create_db_parameter_group ? 1 : 0
name = var.parameter_group_name
description = var.parameter_group_description
family = var.family
dynamic "parameter" {
for_each = var.db_parameters
content {
name = parameter.value.name
value = parameter.value.value
apply_method = lookup(parameter.value, "apply_method", null)
}
}
tags = {
"Name" = var.parameter_group_name
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_db_option_group" "rds_custom_db_og" {
count = var.create_db_option_group ? 1 : 0
name = var.option_group_name
option_group_description = var.option_group_description
engine_name = var.engine
major_engine_version = var.major_engine_version
option {
option_name = var.option_name
dynamic "option_settings" {
for_each = var.options
content {
name = option_settings.value.name
value = option_settings.value.value
}
}
}
tags = {
"Name" = var.option_group_name
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_iam_role" "rds_monitoring" {
count = var.monitoring_interval > 0 ? 1 : 0
name = "rds-${var.name}-enhanced-monitoring"
managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"]
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "monitoring.rds.amazonaws.com"
}
},
]
})
}
resource "aws_db_instance" "rds_replica" {
count = var.db_type == "rds" && var.enable_replica ? 1 : 0
identifier = var.identifier == "" ? "${var.environment_name}-${var.name}-replica" : "${var.identifier}-replica"
instance_class = var.instance_class_replica == null ? var.instance_class : var.instance_class_replica
allocated_storage = var.allocated_storage
storage_type = var.storage_type
parameter_group_name = var.create_db_parameter_group == true ? aws_db_parameter_group.rds_custom_db_pg[count.index].name : ""
skip_final_snapshot = var.skip_final_snapshot
replicate_source_db = length(aws_db_instance.rds_db) > 0 ? aws_db_instance.rds_db[0].arn : null
vpc_security_group_ids = [aws_security_group.rds_db_replica.id]
storage_encrypted = var.storage_encrypted
db_subnet_group_name = try(var.db_subnet_group_replica_id, null)
publicly_accessible = var.publicly_accessible_replica
lifecycle {
ignore_changes = [
replicate_source_db
]
}
}