gabrielhamel/database.tf

## database.tf
resource "random_password" "random_password_for_root_user" {
  length  = 32
  special = false
}

resource "aws_secretsmanager_secret" "secret_db_root_password" {
  name = "${var.project}-db-root-password"
}

resource "aws_secretsmanager_secret_version" "db_branching_root_password_value" {
  secret_id     = aws_secretsmanager_secret.secret_db_root_password.id
  secret_string = random_password.random_password_for_root_user.result
}

resource "aws_db_subnet_group" "db_subnets_group" {
  name       = "${var.project}-db-branching-subnets"
  subnet_ids = [aws_subnet.subnet_1.id, aws_subnet.subnet_2.id, aws_subnet.subnet_3.id]
}

resource "aws_rds_cluster" "db_cluster" {
  cluster_identifier = "${var.project}-db-branching"

  engine         = "aurora-postgresql"
  engine_version = "15.3"
  engine_mode    = "provisioned"

  apply_immediately   = true
  skip_final_snapshot = true

  master_username                     = "root"
  master_password                     = aws_secretsmanager_secret_version.db_branching_root_password_value.secret_string
  iam_database_authentication_enabled = true

  database_name = "master"

  allow_major_version_upgrade = true

  db_subnet_group_name   = aws_db_subnet_group.db_subnets_group.name
  vpc_security_group_ids = [aws_vpc.db_vpc.default_security_group_id]

  serverlessv2_scaling_configuration {
    max_capacity = 1.0
    min_capacity = 0.5
  }
}

resource "aws_rds_cluster_instance" "db_instance" {
  cluster_identifier = aws_rds_cluster.db_cluster.id

  instance_class = "db.serverless"

  engine         = aws_rds_cluster.db_cluster.engine
  engine_version = aws_rds_cluster.db_cluster.engine_version

  apply_immediately = aws_rds_cluster.db_cluster.apply_immediately

  publicly_accessible = true
}

## internet-gateway.tf
resource "aws_internet_gateway" "vpc_igw" {}

resource "aws_internet_gateway_attachment" "igw_to_db_vpc" {
  internet_gateway_id = aws_internet_gateway.vpc_igw.id
  vpc_id              = aws_vpc.db_vpc.id
}

## route-table.tf
resource "aws_route" "route_allow_all_traffic" {
  route_table_id         = aws_vpc.db_vpc.main_route_table_id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.vpc_igw.id
}

## security-group.tf
resource "aws_security_group_rule" "sg_allow_inbound_postgres" {
  from_port         = 5432
  protocol          = "tcp"
  security_group_id = aws_vpc.db_vpc.default_security_group_id
  cidr_blocks       = ["0.0.0.0/0"]
  to_port           = 5432
  type              = "ingress"
}

## subnet.tf
resource "aws_subnet" "subnet_1" {
  vpc_id            = aws_vpc.db_vpc.id
  availability_zone = "eu-west-3a"
  cidr_block        = "172.32.0.0/20"
}

resource "aws_subnet" "subnet_2" {
  vpc_id            = aws_vpc.db_vpc.id
  availability_zone = "eu-west-3b"
  cidr_block        = "172.32.16.0/20"
}

resource "aws_subnet" "subnet_3" {
  vpc_id            = aws_vpc.db_vpc.id
  availability_zone = "eu-west-3c"
  cidr_block        = "172.32.32.0/20"
}

## variables.tf
variable "project" {
  type = string
}

## vpc.tf
resource "aws_vpc" "db_vpc" {
  cidr_block = "172.32.0.0/16"

  enable_dns_hostnames = true
}
	resource "random_password" "random_password_for_root_user" {
	length = 32
	special = false
	}

	resource "aws_secretsmanager_secret" "secret_db_root_password" {
	name = "${var.project}-db-root-password"
	}

	resource "aws_secretsmanager_secret_version" "db_branching_root_password_value" {
	secret_id = aws_secretsmanager_secret.secret_db_root_password.id
	secret_string = random_password.random_password_for_root_user.result
	}

	resource "aws_db_subnet_group" "db_subnets_group" {
	name = "${var.project}-db-branching-subnets"
	subnet_ids = [aws_subnet.subnet_1.id, aws_subnet.subnet_2.id, aws_subnet.subnet_3.id]
	}

	resource "aws_rds_cluster" "db_cluster" {
	cluster_identifier = "${var.project}-db-branching"

	engine = "aurora-postgresql"
	engine_version = "15.3"
	engine_mode = "provisioned"

	apply_immediately = true
	skip_final_snapshot = true

	master_username = "root"
	master_password = aws_secretsmanager_secret_version.db_branching_root_password_value.secret_string
	iam_database_authentication_enabled = true

	database_name = "master"

	allow_major_version_upgrade = true

	db_subnet_group_name = aws_db_subnet_group.db_subnets_group.name
	vpc_security_group_ids = [aws_vpc.db_vpc.default_security_group_id]

	serverlessv2_scaling_configuration {
	max_capacity = 1.0
	min_capacity = 0.5
	}
	}

	resource "aws_rds_cluster_instance" "db_instance" {
	cluster_identifier = aws_rds_cluster.db_cluster.id

	instance_class = "db.serverless"

	engine = aws_rds_cluster.db_cluster.engine
	engine_version = aws_rds_cluster.db_cluster.engine_version

	apply_immediately = aws_rds_cluster.db_cluster.apply_immediately

	publicly_accessible = true
	}
	resource "aws_internet_gateway" "vpc_igw" {}

	resource "aws_internet_gateway_attachment" "igw_to_db_vpc" {
	internet_gateway_id = aws_internet_gateway.vpc_igw.id
	vpc_id = aws_vpc.db_vpc.id
	}
	resource "aws_route" "route_allow_all_traffic" {
	route_table_id = aws_vpc.db_vpc.main_route_table_id
	destination_cidr_block = "0.0.0.0/0"
	gateway_id = aws_internet_gateway.vpc_igw.id
	}
	resource "aws_security_group_rule" "sg_allow_inbound_postgres" {
	from_port = 5432
	protocol = "tcp"
	security_group_id = aws_vpc.db_vpc.default_security_group_id
	cidr_blocks = ["0.0.0.0/0"]
	to_port = 5432
	type = "ingress"
	}
	resource "aws_subnet" "subnet_1" {
	vpc_id = aws_vpc.db_vpc.id
	availability_zone = "eu-west-3a"
	cidr_block = "172.32.0.0/20"
	}

	resource "aws_subnet" "subnet_2" {
	vpc_id = aws_vpc.db_vpc.id
	availability_zone = "eu-west-3b"
	cidr_block = "172.32.16.0/20"
	}

	resource "aws_subnet" "subnet_3" {
	vpc_id = aws_vpc.db_vpc.id
	availability_zone = "eu-west-3c"
	cidr_block = "172.32.32.0/20"
	}
	resource "aws_vpc" "db_vpc" {
	cidr_block = "172.32.0.0/16"

	enable_dns_hostnames = true
	}