source = "terraform-aws-modules/vpc/aws" version = "~> 3.14.2" azs = local.availability_zones_0 cidr = local.vpc_cidr_0 create_database_subnet_group = true create_flow_log_cloudwatch_iam_role = true create_flow_log_cloudwatch_log_group = true database_subnets = local.database_subnets_0 enable_dhcp_options = true enable_dns_hostnames = true enable_dns_support = true enable_flow_log = true enable_ipv6 = true enable_nat_gateway = true flow_log_cloudwatch_log_group_retention_in_days = 7 flow_log_max_aggregation_interval = 60 name = local.environment one_nat_gateway_per_az = false private_subnet_suffix = "private" private_subnets = local.private_subnets_0 public_subnets = local.public_subnets_0 single_nat_gateway = true tags = var.tags }
resource "aws_rds_global_cluster" "this" { global_cluster_identifier = local.environment engine = "aurora-mysql" engine_version = "8.0.mysql_aurora.3.02.3" storage_encrypted = true } module "aurora_primary" { source = "terraform-aws-modules/rds-aurora/aws" name = local.environment database_name = aws_rds_global_cluster.this.database_name engine = aws_rds_global_cluster.this.engine engine_version = aws_rds_global_cluster.this.engine_version global_cluster_identifier = aws_rds_global_cluster.this.id instance_class = "db.r6g.large" instances = { for i in range(1) : i => {} } kms_key_id = data.aws_kms_key.rds_0.arn vpc_id = module.vpc_0.vpc_id db_subnet_group_name = module.vpc_0.database_subnet_group_name security_group_rules = { vpc_ingress = { cidr_blocks = concat( module.vpc_0.private_subnets_cidr_blocks, module.vpc_1.private_subnets_cidr_blocks, ) } } master_username = local.database_username master_password = local.database_password skip_final_snapshot = true tags = var.tags }
resource "aws_secretsmanager_secret" "rds_credentials" { name = "${local.environment}-aurora-credentials" description = "${local.environment} aurora username and password" recovery_window_in_days = "7" depends_on = [module.aurora_primary] } resource "aws_secretsmanager_secret_version" "rds_credentials" { secret_id = aws_secretsmanager_secret.rds_credentials.id secret_string = jsonencode( { username = module.aurora_primary.cluster_master_username password = module.aurora_primary.cluster_master_password } ) depends_on = [module.aurora_primary] }
resource "aws_instance" "ubuntu" {
ami = data.aws_ami.ubuntu.id
disable_api_termination = false
ebs_optimized = true
iam_instance_profile = aws_iam_instance_profile.this.name
instance_type = "t3.small"
monitoring = true
subnet_id = module.vpc_0.private_subnets[0]
metadata_options {
http_endpoint = "enabled"
http_put_response_hop_limit = 3
http_tokens = "required"
}
user_data = <<-EOF
#!/bin/bash
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get dist-upgrade -y
sudo apt-get install mysql-client -y
EOF
tags = merge(var.tags, { "Name" = "${var.environment}_ubuntu" })
volume_tags = merge(var.tags, { "Name" = "${var.environment}_ubuntu_vol" })
root_block_device {
encrypted = true
volume_type = "gp3"
}
lifecycle {
ignore_changes = [user_data, ami]
}
}
cd terraform terraform init terraform plan -out=plan.out terraform apply