Skip to content

Instantly share code, notes, and snippets.

@gabrielhamel
Created November 26, 2023 18:36
Show Gist options
  • Save gabrielhamel/62bbcbbf83027425eeac25b8ac011356 to your computer and use it in GitHub Desktop.
Save gabrielhamel/62bbcbbf83027425eeac25b8ac011356 to your computer and use it in GitHub Desktop.
Aurora Postgresql serverless Terraform module
resource "random_password" "random_password_for_root_user" {
length = 32
special = false
}
resource "aws_secretsmanager_secret" "secret_db_root_password" {
name = "${var.project}-db-root-password"
}
resource "aws_secretsmanager_secret_version" "db_branching_root_password_value" {
secret_id = aws_secretsmanager_secret.secret_db_root_password.id
secret_string = random_password.random_password_for_root_user.result
}
resource "aws_db_subnet_group" "db_subnets_group" {
name = "${var.project}-db-branching-subnets"
subnet_ids = [aws_subnet.subnet_1.id, aws_subnet.subnet_2.id, aws_subnet.subnet_3.id]
}
resource "aws_rds_cluster" "db_cluster" {
cluster_identifier = "${var.project}-db-branching"
engine = "aurora-postgresql"
engine_version = "15.3"
engine_mode = "provisioned"
apply_immediately = true
skip_final_snapshot = true
master_username = "root"
master_password = aws_secretsmanager_secret_version.db_branching_root_password_value.secret_string
iam_database_authentication_enabled = true
database_name = "master"
allow_major_version_upgrade = true
db_subnet_group_name = aws_db_subnet_group.db_subnets_group.name
vpc_security_group_ids = [aws_vpc.db_vpc.default_security_group_id]
serverlessv2_scaling_configuration {
max_capacity = 1.0
min_capacity = 0.5
}
}
resource "aws_rds_cluster_instance" "db_instance" {
cluster_identifier = aws_rds_cluster.db_cluster.id
instance_class = "db.serverless"
engine = aws_rds_cluster.db_cluster.engine
engine_version = aws_rds_cluster.db_cluster.engine_version
apply_immediately = aws_rds_cluster.db_cluster.apply_immediately
publicly_accessible = true
}
resource "aws_internet_gateway" "vpc_igw" {}
resource "aws_internet_gateway_attachment" "igw_to_db_vpc" {
internet_gateway_id = aws_internet_gateway.vpc_igw.id
vpc_id = aws_vpc.db_vpc.id
}
resource "aws_route" "route_allow_all_traffic" {
route_table_id = aws_vpc.db_vpc.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.vpc_igw.id
}
resource "aws_security_group_rule" "sg_allow_inbound_postgres" {
from_port = 5432
protocol = "tcp"
security_group_id = aws_vpc.db_vpc.default_security_group_id
cidr_blocks = ["0.0.0.0/0"]
to_port = 5432
type = "ingress"
}
resource "aws_subnet" "subnet_1" {
vpc_id = aws_vpc.db_vpc.id
availability_zone = "eu-west-3a"
cidr_block = "172.32.0.0/20"
}
resource "aws_subnet" "subnet_2" {
vpc_id = aws_vpc.db_vpc.id
availability_zone = "eu-west-3b"
cidr_block = "172.32.16.0/20"
}
resource "aws_subnet" "subnet_3" {
vpc_id = aws_vpc.db_vpc.id
availability_zone = "eu-west-3c"
cidr_block = "172.32.32.0/20"
}
variable "project" {
type = string
}
resource "aws_vpc" "db_vpc" {
cidr_block = "172.32.0.0/16"
enable_dns_hostnames = true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment