devops-adeel/rds.tf

## rds.tf
resource "random_uuid" "default" {}

resource "random_pet" "default" {}

resource "random_password" "default" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "aws_db_instance" "default" {
  allocated_storage    = 10
  db_name              = format("%s-%s-db", random_uuid.default.result, var.application)
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t3.micro"
  username             = random_pet.default.id
  password             = random_password.default.result
  parameter_group_name = "default.mysql5.7"
  skip_final_snapshot  = true
}

resource "vault_mount" "default" {
  path = aws_db_instance.default.db_name
  type = "database"
}

resource "vault_database_secret_backend_connection" "default" {
  backend       = vault_mount.default.path
  name          = aws_db_instance.default.db_name
  allowed_roles = ["dev", "prod"]

  mysql_rds {
    username = aws_db_instance.default.username
    password = aws_db_instance.default.password

    connection_url = format(
      "{{username}}:{{password}}@tcp(%s)/",
      aws_db_instance.default.endpoint
    )
  }
}

resource "vault_database_secret_backend_role" "default" {
  backend             = vault_mount.default.path
  name                = aws_db_instance.default.db_name
  db_name             = vault_database_secret_backend_connection.default.name
  creation_statements = ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"]
}
	resource "random_uuid" "default" {}

	resource "random_pet" "default" {}

	resource "random_password" "default" {
	length = 16
	special = true
	override_special = "!#$%&*()-_=+[]{}<>:?"
	}

	resource "aws_db_instance" "default" {
	allocated_storage = 10
	db_name = format("%s-%s-db", random_uuid.default.result, var.application)
	engine = "mysql"
	engine_version = "5.7"
	instance_class = "db.t3.micro"
	username = random_pet.default.id
	password = random_password.default.result
	parameter_group_name = "default.mysql5.7"
	skip_final_snapshot = true
	}

	resource "vault_mount" "default" {
	path = aws_db_instance.default.db_name
	type = "database"
	}

	resource "vault_database_secret_backend_connection" "default" {
	backend = vault_mount.default.path
	name = aws_db_instance.default.db_name
	allowed_roles = ["dev", "prod"]

	mysql_rds {
	username = aws_db_instance.default.username
	password = aws_db_instance.default.password

	connection_url = format(
	"{{username}}:{{password}}@tcp(%s)/",
	aws_db_instance.default.endpoint
	)
	}
	}

	resource "vault_database_secret_backend_role" "default" {
	backend = vault_mount.default.path
	name = aws_db_instance.default.db_name
	db_name = vault_database_secret_backend_connection.default.name
	creation_statements = ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';"]
	}