Release 2.2.1

README.md

@@ -94,6 +94,7 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 |------|--------|---------|
 | <a name="module_aurora"></a> [aurora](#module\_aurora) | terraform-aws-modules/rds-aurora/aws | 8.3.0 |
 | <a name="module_aurora_secondary"></a> [aurora\_secondary](#module\_aurora\_secondary) | terraform-aws-modules/rds-aurora/aws | 8.3.0 |
+| <a name="module_backup_restore"></a> [backup\_restore](#module\_backup\_restore) | ./modules/db-backup-restore | n/a |
 
 ## Resources
 
@@ -125,10 +126,17 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 | <a name="input_autoscaling_scale_out_cooldown"></a> [autoscaling\_scale\_out\_cooldown](#input\_autoscaling\_scale\_out\_cooldown) | Cooldown in seconds before allowing further scaling operations after a scale out | `number` | `300` | no |
 | <a name="input_autoscaling_target_connections"></a> [autoscaling\_target\_connections](#input\_autoscaling\_target\_connections) | No of connections on which aurora has to scale if predefined\_metric\_type is RDSReaderAverageDatabaseConnections | `number` | `50` | no |
 | <a name="input_backup_retention_period"></a> [backup\_retention\_period](#input\_backup\_retention\_period) | The number of days to retain backups for | `number` | `null` | no |
+| <a name="input_bucket_provider_type"></a> [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"s3"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
 | <a name="input_create_monitoring_role"></a> [create\_monitoring\_role](#input\_create\_monitoring\_role) | Set it to true to create IAM role for Enhanced monitoring. | `bool` | `false` | no |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `false` | no |
 | <a name="input_create_random_password"></a> [create\_random\_password](#input\_create\_random\_password) | Whether to create a random password for the primary database cluster | `bool` | `true` | no |
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Whether to create a security group or not | `bool` | `true` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | The name for an automatically created database on cluster creation | `string` | `""` | no |
+| <a name="input_db_backup_config"></a> [db\_backup\_config](#input\_db\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | <pre>{<br/>  "bucket_uri": "",<br/>  "cron_for_full_backup": "",<br/>  "mysql_database_name": ""<br/>}</pre> | no |
+| <a name="input_db_backup_enabled"></a> [db\_backup\_enabled](#input\_db\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no |
+| <a name="input_db_restore_config"></a> [db\_restore\_config](#input\_db\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | <pre>{<br/>  "bucket_uri": "",<br/>  "file_name": ""<br/>}</pre> | no |
+| <a name="input_db_restore_enabled"></a> [db\_restore\_enabled](#input\_db\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no |
 | <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Whether accidental deletion protection is enabled | `bool` | `true` | no |
 | <a name="input_enable_egress"></a> [enable\_egress](#input\_enable\_egress) | Set it true if allow outbound traffic in rds security group | `bool` | `true` | no |
 | <a name="input_enable_http_endpoint"></a> [enable\_http\_endpoint](#input\_enable\_http\_endpoint) | Whether or not to enable the Data API for a serverless Aurora database engine | `bool` | `false` | no |
@@ -148,8 +156,11 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN.  If storage\_encrypted is set to true and kms\_key\_id is not specified the default KMS key created in your account will be used | `string` | `null` | no |
 | <a name="input_long_query_time"></a> [long\_query\_time](#input\_long\_query\_time) | To prevent fast-running queries from being logged in the slow query log, specify a value for the shortest query runtime to be logged, in seconds | `number` | `10` | no |
 | <a name="input_manage_master_user_password"></a> [manage\_master\_user\_password](#input\_manage\_master\_user\_password) | Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password` is provided | `bool` | `false` | no |
+| <a name="input_master_password"></a> [master\_password](#input\_master\_password) | The password for the primary cluster | `string` | `null` | no |
 | <a name="input_master_username"></a> [master\_username](#input\_master\_username) | The username for the primary cluster | `string` | `"root"` | no |
 | <a name="input_monitoring_interval"></a> [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disble. Default is 0 | `number` | `0` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the RDS instance | `string` | `""` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Name of the Kubernetes namespace where the MYSQL deployment will be deployed. | `string` | `"db"` | no |
 | <a name="input_performance_insights_enabled"></a> [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights is enabled or not | `bool` | `null` | no |
 | <a name="input_performance_insights_kms_key_id"></a> [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | ARN of KMS key to encrypt performance insights data. | `string` | `null` | no |
 | <a name="input_performance_insights_retention_period"></a> [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | Retention period for performance insights data, Either 7 (7 days) or 731 (2 years). | `number` | `null` | no |
@@ -182,6 +193,7 @@ Security scanning is graciously provided by Prowler. Proowler is the leading ful
 
 | Name | Description |
 |------|-------------|
+| <a name="output_rds_cluster_database_name"></a> [rds\_cluster\_database\_name](#output\_rds\_cluster\_database\_name) | Name for an automatically created database on cluster creation |
 | <a name="output_rds_cluster_endpoint"></a> [rds\_cluster\_endpoint](#output\_rds\_cluster\_endpoint) | The endpoint URL of the Aurora cluster |
 | <a name="output_rds_cluster_master_password"></a> [rds\_cluster\_master\_password](#output\_rds\_cluster\_master\_password) | The master password for the Aurora cluster |
 | <a name="output_rds_cluster_master_username"></a> [rds\_cluster\_master\_username](#output\_rds\_cluster\_master\_username) | The master username for the Aurora cluster |

examples/aurora-global/README.md

@@ -17,7 +17,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aurora"></a> [aurora](#module\_aurora) | squareops/rds-aurora/aws | n/a |
+| <a name="module_aurora"></a> [aurora](#module\_aurora) | squareops/rds-aurora/aws | 2.2.1 |
 | <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a |
 | <a name="module_secondary_vpc"></a> [secondary\_vpc](#module\_secondary\_vpc) | squareops/vpc/aws | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |

examples/aurora/README.md

@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_aurora"></a> [aurora](#module\_aurora) | squareops/rds-aurora/aws | n/a |
+| <a name="module_aurora"></a> [aurora](#module\_aurora) | squareops/rds-aurora/aws | 2.2.1 |
 | <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
 
@@ -25,6 +25,8 @@
 | Name | Type |
 |------|------|
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
@@ -35,6 +37,7 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_aurora_cluster_database_name"></a> [aurora\_cluster\_database\_name](#output\_aurora\_cluster\_database\_name) | The reader endpoint URL of the Aurora cluster |
 | <a name="output_aurora_cluster_endpoint"></a> [aurora\_cluster\_endpoint](#output\_aurora\_cluster\_endpoint) | The endpoint URL of the Aurora cluster |
 | <a name="output_aurora_cluster_master_password"></a> [aurora\_cluster\_master\_password](#output\_aurora\_cluster\_master\_password) | The master password for the Aurora cluster |
 | <a name="output_aurora_cluster_master_username"></a> [aurora\_cluster\_master\_username](#output\_aurora\_cluster\_master\_username) | The master username for the Aurora cluster |

examples/aurora/helm/values.yaml

@@ -0,0 +1,48 @@
+primary:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"
+
+secondary:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"
+backupjob:
+  resources:
+    requests:
+      memory: 100Mi
+      cpu: 50m
+    limits:
+      memory: 200Mi
+      cpu: 100m
+
+restorejob:
+  resources:
+    requests:
+      memory: 100Mi
+      cpu: 50m
+    limits:
+      memory: 200Mi
+      cpu: 100m

examples/aurora/main.tf

@@ -4,22 +4,25 @@ locals {
   external_id        = "" # Define your external ID here
   assume_role_config = length(local.role_arn) > 0 ? { role_arn = local.role_arn } : null
   name               = "skaf"
-  region             = "us-east-2"
-  port               = 5432                  #/3306
-  family             = "aurora-postgresql15" #/aurora-mysql5.7"
-  engine             = "aurora-postgresql"   #/aurora-mysql"
+  region             = "us-east-1"
+  port               = 5432                  # 3306 for MySQL
+  family             = "aurora-postgresql15" # aurora-mysql5.7"
+  engine             = "aurora-postgresql"   # aurora-mysql"
   vpc_cidr           = "10.0.0.0/16"
-  environment        = "production"
-  db_engine_version  = "15.2" #/5.7"
+  environment        = "prod"
+  db_engine_version  = "15.7" # 5.7"
   db_instance_class  = "db.r5.large"
-  master_password   = ""  # Leave this field empty to have a password automatically generated.
+  cluster_name       = ""
+  create_namespace   = false
+  namespace          = "mydb"
+  master_password    = "" # Leave this field empty to have a password automatically generated.
   additional_aws_tags = {
     Owner      = "Organization_Name"
     Expires    = "Never"
     Department = "Engineering"
   }
-  current_identity        = data.aws_caller_identity.current.arn
-  allowed_cidr_blocks     = ["10.10.0.0/16"]
+  current_identity    = data.aws_caller_identity.current.arn
+  allowed_cidr_blocks = ["10.0.0.0/16"]
 }
 
 data "aws_caller_identity" "current" {}
@@ -86,7 +89,9 @@ module "vpc" {
 
 module "aurora" {
   source                           = "squareops/rds-aurora/aws"
-  version                          = "2.2.1"
+  version                          = "3.0.0"
+  name                             = local.name
+  region                           = local.region
   role_arn                         = local.role_arn
   external_id                      = local.external_id
   environment                      = local.environment
@@ -123,4 +128,20 @@ module "aurora" {
   autoscaling_scale_in_cooldown    = 60
   autoscaling_scale_out_cooldown   = 30
   allowed_cidr_blocks              = local.allowed_cidr_blocks
+  #########
+  cluster_name         = local.cluster_name # cluster name where your backup or restore job will run.
+  namespace            = local.namespace
+  create_namespace     = local.create_namespace
+  bucket_provider_type = "s3"
+  db_backup_enabled    = false
+  db_backup_config = {
+    mysql_database_name  = "atmosly_db4"                    # Specify the database name or Leave empty if you wish to backup all databases
+    cron_for_full_backup = "*/2 * * * *"                    # set cronjob for backup
+    bucket_uri           = "s3://my-backup-dumps-databases" # S3 bucket URI (without a trailing slash /)
+  }
+  db_restore_enabled = false
+  db_restore_config = {
+    bucket_uri = "s3://my-backup-dumps-databases" # S3 bucket URI (without a trailing slash /) containing the backup dump file.
+    file_name  = "atmosly_db1.sql"                # Give .sql or .zip file for restore
+  }
 }

examples/aurora/provider.tf

@@ -9,3 +9,25 @@ provider "aws" {
     }
   }
 }
+
+data "aws_eks_cluster" "cluster" {
+  name = local.cluster_name
+
+}
+data "aws_eks_cluster_auth" "cluster" {
+  name = local.cluster_name
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}

helm/values/backup/values.yaml

@@ -0,0 +1,37 @@
+## Enable Full backup
+backup:
+  bucket_uri: ${bucket_uri}
+  cron_for_full_backup: "${cron_for_full_backup}"
+  database_name: "${mysql_database_name}"
+  database_endpoint: "${db_endpoint}"
+  database_password: "${db_password}"
+  database_user: "${db_username}"
+  engine: "${engine}"
+
+
+annotations:
+  ${annotations}
+
+auth:
+  username: "${custom_user_username}"
+
+bucket_provider_type: ${bucket_provider_type}
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"
+
+backupjob:
+  resources:
+    requests:
+      memory: 100Mi
+      cpu: 50m
+    limits:
+      memory: 200Mi
+      cpu: 100m

helm/values/restore/values.yaml

@@ -0,0 +1,35 @@
+restore:
+  file_name: ${file_name}
+  bucket_uri: ${bucket_uri}
+  database_endpoint: "${db_endpoint}"
+  database_password: "${db_password}"
+  database_user: "${db_username}"
+  engine: "${engine}"
+  # port: 5432
+
+auth:
+  username: "${custom_user_username}"
+
+annotations:
+  ${annotations}
+
+bucket_provider_type: ${bucket_provider_type}
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "Addons-Services"
+          operator: In
+          values:
+          - "true"
+
+restorejob:
+  resources:
+    requests:
+      memory: 100Mi
+      cpu: 50m
+    limits:
+      memory: 200Mi
+      cpu: 100m