Merge pull request #1 from rhythmictech:postgres

allow using any rds engine

Author: smiller171

.vscode/settings.json

@@ -0,0 +1,9 @@
+{
+  "terraform.indexing": {
+    "enabled": false,
+    "liveIndexing": false,
+    "exclude": [
+      "**/*"
+    ]
+  }
+}

instance.tf

@@ -0,0 +1,96 @@
+resource "aws_db_instance" "this" {
+  allocated_storage                   = var.storage
+  backup_retention_period             = var.backup_retention_period
+  copy_tags_to_snapshot               = true
+  db_subnet_group_name                = aws_db_subnet_group.mysql.id
+  deletion_protection                 = true
+  engine                              = var.engine
+  engine_version                      = var.engine_version
+  iam_database_authentication_enabled = true
+  instance_class                      = var.instance_class
+  multi_az                            = var.multi_az
+  password                            = random_string.password.result
+  port                                = var.port
+  storage_encrypted                   = true
+  storage_type                        = var.storage_type
+  final_snapshot_identifier           = "${var.name}-final-snapshot"
+  skip_final_snapshot                 = var.skip_final_snapshot
+  username                            = var.username
+  vpc_security_group_ids              = [aws_security_group.mysql.id]
+
+  enabled_cloudwatch_logs_exports = [
+    "audit",
+    "error",
+    "general",
+    "slowquery",
+  ]
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    {
+      "Name" = "${var.name}-mysql-db"
+    },
+  )
+}
+
+resource "aws_db_subnet_group" "this" {
+  subnet_ids = var.subnet_ids
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    {
+      "Name" = "${var.name}-subnet-group"
+    },
+  )
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = var.vpc_id
+
+  ingress {
+    from_port        = var.port
+    to_port          = var.port
+    protocol         = "tcp"
+    security_groups  = var.allowed_security_groups
+    cidr_blocks      = var.allowed_cidr_blocks
+    ipv6_cidr_blocks = var.allowed_ipv6_cidr_blocks
+  }
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    {
+      "Name" = "${var.name}-security-group"
+    },
+  )
+}
+
+resource "random_string" "password" {
+  length           = 40
+  special          = true
+  min_special      = 5
+  override_special = "!#$%^&*()-_=+[]{}<>:?"
+
+  keepers = {
+    pass_version = var.pass_version
+  }
+}
+
+resource "aws_secretsmanager_secret" "password" {
+  description = "MySQL database password"
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    {
+      "Name" = "${var.name}-mysql-pass-secret"
+    },
+  )
+}
+
+resource "aws_secretsmanager_secret_version" "password_val" {
+  secret_id     = aws_secretsmanager_secret.mysql-pass.id
+  secret_string = random_string.password.result
+}

main.tf

@@ -1,28 +1,28 @@
 output "password-arn" {
-  value = aws_secretsmanager_secret.mysql-pass.arn
+  value = aws_secretsmanager_secret.password.arn
 }
 
 output "password-version" {
-  value = aws_secretsmanager_secret_version.password-val.version_id
+  value = aws_secretsmanager_secret_version.password_val.version_id
 }
 
 output "instance" {
   value = {
-    id       = aws_db_instance.mysql.id
-    username = aws_db_instance.mysql.username
-    address  = aws_db_instance.mysql.address
+    id       = aws_db_instance.this.id
+    username = aws_db_instance.this.username
+    address  = aws_db_instance.this.address
   }
 }
 
 output "instance-id" {
-  value = aws_db_instance.mysql.id
+  value = aws_db_instance.this.id
 }
 
 output "username" {
-  value = aws_db_instance.mysql.username
+  value = aws_db_instance.this.username
 }
 
 output "address" {
-  value = aws_db_instance.mysql.address
+  value = aws_db_instance.this.address
 }
 

networking.tf

@@ -56,8 +56,14 @@ variable "storage_type" {
   default     = "gp2"
 }
 
-variable "mysql_version" {
-  description = "Version of MySQL to use"
+variable "engine" {
+  description = "Which RDS Engine to use"
+  type        = "string"
+  default     = "mysql"
+}
+
+variable "engine_version" {
+  description = "Version of database engine to use"
   type        = string
   default     = "5.6"
 }
@@ -103,4 +109,3 @@ variable "pass_version" {
   type        = string
   default     = 1
 }
-