-
Notifications
You must be signed in to change notification settings - Fork 0
/
rds.tf
69 lines (64 loc) · 2.45 KB
/
rds.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Seems to require 2+ AZs to support multi AZ RDS, even if we're not using multi AZ RDS
# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets
# Fine, just give it all our created subnets
resource "aws_db_subnet_group" "main" {
subnet_ids = [
for subnet in aws_subnet.subnets :
subnet.id
]
}
# Free tier RDS instance
resource "aws_db_instance" "database" {
allocated_storage = 20
storage_type = "gp2"
engine = "mariadb"
engine_version = "10.4"
instance_class = "db.t2.micro"
username = "root"
password = var.db_password
availability_zone = aws_instance.instance.availability_zone
backup_retention_period = 35
deletion_protection = true
delete_automated_backups = true
identifier = "db"
# encryption isn't supported on t2 machines
# storage_encrypted = true
# kms_key_id =
skip_final_snapshot = false
final_snapshot_identifier = "final-snapshot"
vpc_security_group_ids = [aws_security_group.allow_mysql.id]
db_subnet_group_name = aws_db_subnet_group.main.id
}
# Setting up the RDS security rules separately because we're going to
# reference the default port security group id, which includes the
# RDS security group.
# Separate setup allows us to break the deadlock.
resource "aws_security_group" "allow_mysql" {
name_prefix = "allow_mysql"
description = "Allow mysql traffic within the security group"
vpc_id = aws_vpc.default.id
lifecycle {
create_before_destroy = true
}
tags = {
Name = "allow_mysql"
}
}
resource "aws_security_group_rule" "to_mysql" {
type = "ingress"
description = "MySQL"
protocol = "tcp"
from_port = 3306
to_port = 3306
security_group_id = aws_security_group.allow_mysql.id
source_security_group_id = aws_security_group.allow_default_ports.id
}
resource "aws_security_group_rule" "from_mysql" {
type = "egress"
description = "MySQL"
protocol = "tcp"
from_port = 3306
to_port = 3306
security_group_id = aws_security_group.allow_mysql.id
source_security_group_id = aws_security_group.allow_default_ports.id
}