From f34b6e3b8b1c0a32c09598afaafe2f02139aad7e Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Thu, 20 Jun 2024 12:53:11 +0530 Subject: [PATCH 01/42] upgrade backup-restore functionality --- examples/complete/main.tf | 25 +++- examples/complete/provider.tf | 21 ++++ examples/complete/version.tf | 2 +- helm/values/backup/values.yaml | 35 ++++++ helm/values/restore/values.yaml | 33 +++++ main.tf | 33 ++++- modules/db-backup-restore/backup/.helmignore | 21 ++++ modules/db-backup-restore/backup/Chart.yaml | 4 + .../backup/templates/backup-secret.yaml | 8 ++ .../backup/templates/cronjob.yaml | 37 ++++++ .../backup/templates/service_account.yaml | 7 ++ modules/db-backup-restore/main.tf | 49 ++++++++ modules/db-backup-restore/restore/.helmignore | 21 ++++ modules/db-backup-restore/restore/Chart.yaml | 4 + .../restore/templates/job.yaml | 30 +++++ .../restore/templates/restore-secret.yaml | 8 ++ .../restore/templates/service_account.yaml | 6 + modules/db-backup-restore/roles.tf | 98 +++++++++++++++ modules/db-backup-restore/variables.tf | 115 ++++++++++++++++++ variables.tf | 59 +++++++++ 20 files changed, 610 insertions(+), 6 deletions(-) create mode 100644 helm/values/backup/values.yaml create mode 100644 helm/values/restore/values.yaml create mode 100644 modules/db-backup-restore/backup/.helmignore create mode 100644 modules/db-backup-restore/backup/Chart.yaml create mode 100644 modules/db-backup-restore/backup/templates/backup-secret.yaml create mode 100644 modules/db-backup-restore/backup/templates/cronjob.yaml create mode 100644 modules/db-backup-restore/backup/templates/service_account.yaml create mode 100644 modules/db-backup-restore/main.tf create mode 100644 modules/db-backup-restore/restore/.helmignore create mode 100644 modules/db-backup-restore/restore/Chart.yaml create mode 100644 modules/db-backup-restore/restore/templates/job.yaml create mode 100644 modules/db-backup-restore/restore/templates/restore-secret.yaml create mode 100644 modules/db-backup-restore/restore/templates/service_account.yaml create mode 100644 modules/db-backup-restore/roles.tf create mode 100644 modules/db-backup-restore/variables.tf diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 3223e4c..9cfed56 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -4,7 +4,9 @@ locals { family = "postgres15" vpc_cidr = "10.20.0.0/16" environment = "prod" - engine_version = "15.2" + create_namespace = true + namespace = "postgres" + engine_version = "15.4" instance_class = "db.m5d.large" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn @@ -22,7 +24,7 @@ data "aws_region" "current" {} module "kms" { source = "terraform-aws-modules/kms/aws" - + version = "~> 1.0" deletion_window_in_days = 7 description = "Complete key example showing various configurations available" enable_key_rotation = true @@ -97,7 +99,7 @@ module "vpc" { } module "rds-pg" { - source = "squareops/rds-postgresql/aws" + source = "../.." name = local.name db_name = "postgres" multi_az = "true" @@ -127,4 +129,21 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password + cluster_name = "test-atmosly-task-ipv4" + namespace = local.namespace + create_namespace = local.create_namespace + postgresdb_backup_enabled = false + postgresdb_backup_config = { + postgres_database_name = "postgres" # which database backup you want + s3_bucket_region = "us-west-1" + cron_for_full_backup = "*/3 * * * *" + bucket_uri = "s3://rdstaskbacupbucket/" + } + postgresdb_restore_enabled = false + postgresdb_restore_config = { + bucket_uri = "s3://rdstaskbacupbucket//backup_20240620055848.dump" + backup_file_name = "backup_20240620055848.dump" #Give only .sql or .zip file for restore + s3_bucket_region = "us-west-1" + DB_NAME = "postgres" # which db to restore backup file + } } diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index 369af88..accd565 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -4,3 +4,24 @@ provider "aws" { tags = local.additional_tags } } +data "aws_eks_cluster" "cluster" { + name = "test-atmosly-task-ipv4" + +} +data "aws_eks_cluster_auth" "cluster" { + name = "test-atmosly-task-ipv4" +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token + } +} diff --git a/examples/complete/version.tf b/examples/complete/version.tf index 515c2d2..d8e2113 100644 --- a/examples/complete/version.tf +++ b/examples/complete/version.tf @@ -3,7 +3,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.43.0" + version = ">= 5.0.0" } } } diff --git a/helm/values/backup/values.yaml b/helm/values/backup/values.yaml new file mode 100644 index 0000000..15fe1a8 --- /dev/null +++ b/helm/values/backup/values.yaml @@ -0,0 +1,35 @@ +## Enable Full backup +backup: + bucket_uri: ${bucket_uri} + aws_default_region: ${s3_bucket_region} + cron_for_full_backup: "${cron_for_full_backup}" + postgres_database_name: "${postgres_database_name}" + database_endpoint: "${db_endpoint}" + database_password: "${db_password}" + database_user: "${db_username}" + + +annotations: + ${annotations} + +auth: + username: "${db_username}" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "Addons-Services" + operator: In + values: + - "true" + +backupjob: + resources: + requests: + memory: 100Mi + cpu: 50m + limits: + memory: 200Mi + cpu: 100m diff --git a/helm/values/restore/values.yaml b/helm/values/restore/values.yaml new file mode 100644 index 0000000..5c9874b --- /dev/null +++ b/helm/values/restore/values.yaml @@ -0,0 +1,33 @@ +restore: + bucket_uri: ${bucket_uri} + aws_default_region: ${s3_bucket_region} + db_endpoint: "${db_endpoint}" + db_password: "${db_password}" + db_username: "${db_username}" + DB_NAME: "${DB_NAME}" + backup_file_name: "${backup_file_name}" + +auth: + username: "${db_username}" + +annotations: + ${annotations} + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "Addons-Services" + operator: In + values: + - "true" + +restorejob: + resources: + requests: + memory: 100Mi + cpu: 50m + limits: + memory: 200Mi + cpu: 100m diff --git a/main.tf b/main.tf index bc343f3..f7be46b 100644 --- a/main.tf +++ b/main.tf @@ -131,7 +131,7 @@ resource "aws_security_group_rule" "cidr_ingress" { module "security_group_rds" { source = "terraform-aws-modules/security-group/aws" - version = "~> 4" + version = "~> 5.0" name = format("%s-%s-%s", var.environment, var.name, "rds-sg") create = var.create_security_group vpc_id = var.vpc_id @@ -155,7 +155,7 @@ module "security_group_rds" { resource "aws_secretsmanager_secret" "secret_master_db" { name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") tags = merge( - { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-mysql-pass") }, + { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-postgres-pass") }, local.tags, ) } @@ -317,3 +317,32 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" { principal = "sns.amazonaws.com" source_arn = aws_sns_topic.slack_topic[0].arn } + +module "backup_restore" { + depends_on = [module.db] + source = "./modules/db-backup-restore" + cluster_name = var.cluster_name + namespace = var.namespace + create_namespace = var.create_namespace + postgresdb_backup_enabled = var.postgresdb_backup_enabled + postgresdb_backup_config = { + db_username = var.master_username + db_password = nonsensitive(random_password.master[0].result) + postgres_database_name = var.postgresdb_backup_config.postgres_database_name + s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup + bucket_uri = var.postgresdb_backup_config.bucket_uri + db_endpoint = replace(module.db.db_instance_endpoint, ":5432", "") + } + + postgresdb_restore_enabled = var.postgresdb_restore_enabled + postgresdb_restore_config = { + db_endpoint = replace(module.db.db_instance_endpoint, ":5432", "") + db_username = var.master_username + db_password = nonsensitive(random_password.master[0].result) + bucket_uri = var.postgresdb_restore_config.bucket_uri + s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region + DB_NAME = var.postgresdb_restore_config.DB_NAME, + backup_file_name = var.postgresdb_restore_config.backup_file_name, + } +} \ No newline at end of file diff --git a/modules/db-backup-restore/backup/.helmignore b/modules/db-backup-restore/backup/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/modules/db-backup-restore/backup/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/modules/db-backup-restore/backup/Chart.yaml b/modules/db-backup-restore/backup/Chart.yaml new file mode 100644 index 0000000..38491ed --- /dev/null +++ b/modules/db-backup-restore/backup/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A helm chart for Backup of postgres and stored in S3 +name: postgres-backup +version: 1.0.0 diff --git a/modules/db-backup-restore/backup/templates/backup-secret.yaml b/modules/db-backup-restore/backup/templates/backup-secret.yaml new file mode 100644 index 0000000..18dbb52 --- /dev/null +++ b/modules/db-backup-restore/backup/templates/backup-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: postgres-bucket-uri + namespace: {{ .Release.Namespace }} + labels: +data: + MYSQL_BUCKET_URI: {{ .Values.backup.bucket_uri | b64enc | quote }} diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml new file mode 100644 index 0000000..3f83bcd --- /dev/null +++ b/modules/db-backup-restore/backup/templates/cronjob.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: backup-postgresdb +spec: + schedule: {{ .Values.backup.cron_for_full_backup | quote }} + concurrencyPolicy: Forbid + suspend: false + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + + jobTemplate: + spec: + template: + spec: + affinity: {{ .Values.affinity | toYaml | nindent 10 }} + restartPolicy: OnFailure + serviceAccountName: sa-postgres-backup + containers: + - name: backup-postgresdb + image: divyanshujain11/rds:postgres-backup-restore + imagePullPolicy: Always + command: ["./backup.sh"] + env: + - name: db_endpoint + value: {{ .Values.backup.database_endpoint }} + - name: db_username + value: {{ .Values.backup.database_user }} + - name: db_password + value: {{ .Values.backup.database_password }} + - name: bucket_uri + value: {{ .Values.backup.bucket_uri }} + - name: AWS_DEFAULT_REGION + value: {{ .Values.backup.aws_default_region}} + - name: postgres_database_name + value: {{ .Values.backup.postgres_database_name }} + resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }} diff --git a/modules/db-backup-restore/backup/templates/service_account.yaml b/modules/db-backup-restore/backup/templates/service_account.yaml new file mode 100644 index 0000000..e1c79e3 --- /dev/null +++ b/modules/db-backup-restore/backup/templates/service_account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sa-postgres-backup + namespace: {{ .Release.Namespace }} + annotations: + {{ toYaml .Values.annotations | indent 4 }} diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf new file mode 100644 index 0000000..2ac2342 --- /dev/null +++ b/modules/db-backup-restore/main.tf @@ -0,0 +1,49 @@ +resource "kubernetes_namespace" "postgresdb" { + count = var.create_namespace ? 1 : 0 + metadata { + annotations = {} + name = var.namespace + } +} + +resource "helm_release" "postgresdb_backup" { + count = var.postgresdb_backup_enabled ? 1 : 0 + name = "postgresdb-backup" + chart = "../../modules/db-backup-restore/backup" + timeout = 600 + namespace = var.namespace + values = [ + templatefile("../../helm/values/backup/values.yaml", { + bucket_uri = var.postgresdb_backup_config.bucket_uri, + postgres_database_name = var.postgresdb_backup_config.postgres_database_name, + db_endpoint = var.postgresdb_backup_config.db_endpoint, + db_password = var.postgresdb_backup_config.db_password , + db_username = var.postgresdb_backup_config.db_username , + s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" + }) + ] +} + + +## DB dump restore +resource "helm_release" "postgresdb_restore" { + count = var.postgresdb_restore_enabled ? 1 : 0 + name = "postgresdb-restore" + chart = "../../modules/db-backup-restore/restore" + timeout = 600 + namespace = var.namespace + values = [ + templatefile("../../helm/values/restore/values.yaml", { + bucket_uri = var.postgresdb_restore_config.bucket_uri, + db_endpoint = var.postgresdb_restore_config.db_endpoint , + db_password = var.postgresdb_restore_config.db_password, + s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , + db_username = var.postgresdb_restore_config.db_username , + DB_NAME = var.postgresdb_restore_config.DB_NAME, + backup_file_name = var.postgresdb_restore_config.backup_file_name, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" + }) + ] +} \ No newline at end of file diff --git a/modules/db-backup-restore/restore/.helmignore b/modules/db-backup-restore/restore/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/modules/db-backup-restore/restore/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/modules/db-backup-restore/restore/Chart.yaml b/modules/db-backup-restore/restore/Chart.yaml new file mode 100644 index 0000000..2badf7b --- /dev/null +++ b/modules/db-backup-restore/restore/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A helm chart for restore of postgres and stored in S3 +name: postgres-restore +version: 1.0.0 diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml new file mode 100644 index 0000000..f39b80d --- /dev/null +++ b/modules/db-backup-restore/restore/templates/job.yaml @@ -0,0 +1,30 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: restore +spec: + template: + spec: + affinity: {{ .Values.affinity | toYaml | nindent 6 }} + serviceAccountName: sa-postgres-restore + containers: + - name: restore-postgresdb + image: divyanshujain11/rds:postgres-backup-restore + imagePullPolicy: Always + command: ["./restore.sh"] + env: + - name: DB_HOST + value: {{ .Values.restore.db_endpoint }} + - name: DB_USER + value: {{ .Values.restore.db_username }} + - name: DB_PASSWORD + value: {{ .Values.restore.db_password }} + - name: bucket_uri + value: {{ .Values.restore.bucket_uri }} + - name: DB_NAME + value: {{ .Values.restore.DB_NAME }} + - name: backup_file_name + value: {{ .Values.restore.backup_file_name }} + resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }} + restartPolicy: Never + backoffLimit: 4 \ No newline at end of file diff --git a/modules/db-backup-restore/restore/templates/restore-secret.yaml b/modules/db-backup-restore/restore/templates/restore-secret.yaml new file mode 100644 index 0000000..35b0c98 --- /dev/null +++ b/modules/db-backup-restore/restore/templates/restore-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: postgres-bucket-uri-restore + namespace: {{ .Release.Namespace }} + labels: +data: + MYSQL_BUCKET_URI: {{ .Values.restore.bucket_uri | b64enc | quote }} diff --git a/modules/db-backup-restore/restore/templates/service_account.yaml b/modules/db-backup-restore/restore/templates/service_account.yaml new file mode 100644 index 0000000..9af74f0 --- /dev/null +++ b/modules/db-backup-restore/restore/templates/service_account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sa-postgres-restore + annotations: + {{ toYaml .Values.annotations | indent 4 }} diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf new file mode 100644 index 0000000..a19589b --- /dev/null +++ b/modules/db-backup-restore/roles.tf @@ -0,0 +1,98 @@ +locals { + oidc_provider = replace( + data.aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer, + "/^https:///", + "" + ) +} + +data "aws_caller_identity" "current" {} + +data "aws_eks_cluster" "kubernetes_cluster" { + name = var.cluster_name +} + +resource "aws_iam_role" "postgres_backup_role" { + name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-backup-rds") + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Principal = { + Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}" + }, + Action = "sts:AssumeRoleWithWebIdentity", + Condition = { + StringEquals = { + "${local.oidc_provider}:aud" = "sts.amazonaws.com", + "${local.oidc_provider}:sub" = "system:serviceaccount:${var.namespace}:sa-postgres-backup" + } + } + } + ] + }) + inline_policy { + name = "AllowS3PutObject" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:ListBucket", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ] + Effect = "Allow" + Resource = "*" + } + ] + }) + } +} + + +resource "aws_iam_role" "postgres_restore_role" { + name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore") + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Principal = { + Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}" + }, + Action = "sts:AssumeRoleWithWebIdentity", + Condition = { + StringEquals = { + "${local.oidc_provider}:aud" = "sts.amazonaws.com", + "${local.oidc_provider}:sub" = "system:serviceaccount:${var.namespace}:sa-postgres-restore" + } + } + } + ] + }) + inline_policy { + name = "AllowS3PutObject" + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:ListBucket", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ] + Effect = "Allow" + Resource = "*" + } + ] + }) + } +} \ No newline at end of file diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf new file mode 100644 index 0000000..d2e7f8d --- /dev/null +++ b/modules/db-backup-restore/variables.tf @@ -0,0 +1,115 @@ +variable "iam_role_arn_backup" { + description = "IAM role ARN for backup (AWS)" + type = string + default = "" +} + +variable "service_account_backup" { + description = "Service account for backup (GCP)" + type = string + default = "" +} + +variable "azure_storage_account_name" { + description = "Azure storage account name" + type = string + default = "" +} + +variable "azure_storage_account_key" { + description = "Azure storage account key" + type = string + default = "" +} + +variable "azure_container_name" { + description = "Azure container name" + type = string + default = "" +} + +variable "namespace" { + type = string + default = "postgresdb" + description = "Name of the Kubernetes namespace where the MYSQL deployment will be deployed." +} + +variable "create_namespace" { + type = string + description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace." + default = false +} + +variable "iam_role_arn_restore" { + description = "IAM role ARN for restore (AWS)" + type = string + default = "" +} + +variable "service_account_restore" { + description = "Service account for restore (GCP)" + type = string + default = "" +} + +# two variable of clustername and name +variable "name" { + description = "Name identifier for module to be added as suffix to resources" + type = string + default = "test" +} + +variable "cluster_name" { + type = string + default = "" + description = "Specifies the name of the EKS cluster to deploy the MySQL application on." +} + +variable "postgresdb_permission" { + default = false + description = "access" + type = bool +} + +variable "bucket_provider_type" { + type = string + default = "s3" + description = "Choose what type of provider you want (s3, gcs)" +} + + +variable "postgresdb_backup_enabled" { + type = bool + default = false + description = "Specifies whether to enable backups for MySQL database." +} + +variable "postgresdb_restore_enabled" { + type = bool + default = false + description = "Specifies whether to enable restoring dump to the MySQL database." +} + +variable "postgresdb_backup_config" { + type = map(string) + default = { + bucket_uri = "" + s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" + # db_endpoint="" + } + description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." +} + +variable "postgresdb_restore_config" { + type = any + default = { + bucket_uri = "" + file_name = "" + s3_bucket_region = "" + DB_NAME = "" + backup_file_name = "" + } + description = "Configuration options for restoring dump to the MySQL database." +} diff --git a/variables.tf b/variables.tf index 6ecf7c4..b8dc7b7 100644 --- a/variables.tf +++ b/variables.tf @@ -311,3 +311,62 @@ variable "custom_user_password" { default = "" type = string } + +variable "create_namespace" { + type = string + description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace." + default = false +} + +variable "namespace" { + type = string + default = "postgresdb" + description = "Name of the Kubernetes namespace where the MYSQL deployment will be deployed." +} + +variable "postgresdb_backup_enabled" { + type = bool + default = false + description = "Specifies whether to enable backups for MySQL database." +} + +variable "postgresdb_restore_enabled" { + type = bool + default = false + description = "Specifies whether to enable restoring dump to the MySQL database." +} + + +variable "bucket_provider_type" { + type = string + default = "s3" + description = "Choose what type of provider you want (s3, gcs)" +} + +variable "postgresdb_backup_config" { + type = map(string) + default = { + bucket_uri = "" + s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" + # db_endpoint="" + } + description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." +} + +variable "postgresdb_restore_config" { + type = any + default = { + bucket_uri = "" + file_name = "" + s3_bucket_region = "" + } + description = "Configuration options for restoring dump to the MySQL database." +} + +variable "cluster_name" { + type = string + default = "" + description = "Specifies the name of the EKS cluster to deploy the MySQL application on." +} \ No newline at end of file From 41f3a283ff5e3ed77d5e42b882e3c57ea3fef18e Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 18:44:11 +0530 Subject: [PATCH 02/42] update backup-restore feature --- examples/complete/main.tf | 24 +++++++++++++----------- examples/complete/provider.tf | 4 ++-- main.tf | 4 ++-- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 9cfed56..4d73279 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,5 +1,5 @@ locals { - region = "us-east-2" + region = "us-west-2" name = "postgresql" family = "postgres15" vpc_cidr = "10.20.0.0/16" @@ -99,12 +99,12 @@ module "vpc" { } module "rds-pg" { - source = "../.." + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" multi_az = "true" family = local.family - vpc_id = module.vpc.vpc_id + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn @@ -129,21 +129,23 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - cluster_name = "test-atmosly-task-ipv4" + #if you want backup and restore then you have to provide you cluster vpc ip, subnet, key_arn also. + #And allow cluster security group in rds security group + cluster_name = "cluster-name" namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { - postgres_database_name = "postgres" # which database backup you want - s3_bucket_region = "us-west-1" + postgres_database_name = "" # which database backup you want + s3_bucket_region = "" #s3 bucket region cron_for_full_backup = "*/3 * * * *" - bucket_uri = "s3://rdstaskbacupbucket/" + bucket_uri = "s3://xyz" #s3 bucket uri } postgresdb_restore_enabled = false postgresdb_restore_config = { - bucket_uri = "s3://rdstaskbacupbucket//backup_20240620055848.dump" - backup_file_name = "backup_20240620055848.dump" #Give only .sql or .zip file for restore - s3_bucket_region = "us-west-1" - DB_NAME = "postgres" # which db to restore backup file + bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file + backup_file_name = "abc.dump" #Give only .sql or .zip file for restore + s3_bucket_region = "" # bucket region + DB_NAME = "" # which db to restore backup file } } diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index accd565..af8c494 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "test-atmosly-task-ipv4" + name = "" } data "aws_eks_cluster_auth" "cluster" { - name = "test-atmosly-task-ipv4" + name = "" } provider "kubernetes" { diff --git a/main.tf b/main.tf index f7be46b..da8c22d 100644 --- a/main.tf +++ b/main.tf @@ -327,7 +327,7 @@ module "backup_restore" { postgresdb_backup_enabled = var.postgresdb_backup_enabled postgresdb_backup_config = { db_username = var.master_username - db_password = nonsensitive(random_password.master[0].result) + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) postgres_database_name = var.postgresdb_backup_config.postgres_database_name s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup @@ -339,7 +339,7 @@ module "backup_restore" { postgresdb_restore_config = { db_endpoint = replace(module.db.db_instance_endpoint, ":5432", "") db_username = var.master_username - db_password = nonsensitive(random_password.master[0].result) + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) bucket_uri = var.postgresdb_restore_config.bucket_uri s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region DB_NAME = var.postgresdb_restore_config.DB_NAME, From fc2d643c928c868fbf75569e46c2a9d817f8a7b8 Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 18:45:29 +0530 Subject: [PATCH 03/42] update backup-restore feature --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 553275c..aa59b87 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ *.tfvars *.pem vars +modules/db-backup-restore/backup/.helmignore +modules/db-backup-restore/restore/.helmignore \ No newline at end of file From bbda84bd678172fc803172b54735ce9686fe0c19 Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 18:48:39 +0530 Subject: [PATCH 04/42] update backup-restore feature --- .gitignore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index aa59b87..addeb4b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,4 @@ *.tfvars *.pem vars -modules/db-backup-restore/backup/.helmignore -modules/db-backup-restore/restore/.helmignore \ No newline at end of file +*.helmignore \ No newline at end of file From 6b8d7212afde3a8f5bc7d2083105b973611f1e24 Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 18:52:44 +0530 Subject: [PATCH 05/42] update backup-restore feature --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index addeb4b..6e255ef 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ *.tfvars *.pem vars -*.helmignore \ No newline at end of file +.helmignore \ No newline at end of file From a36032e79a0bdce6416962eec59aaf43f15f8f16 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Mon, 24 Jun 2024 18:57:25 +0530 Subject: [PATCH 06/42] Delete modules/db-backup-restore/backup/.helmignore --- modules/db-backup-restore/backup/.helmignore | 21 -------------------- 1 file changed, 21 deletions(-) delete mode 100644 modules/db-backup-restore/backup/.helmignore diff --git a/modules/db-backup-restore/backup/.helmignore b/modules/db-backup-restore/backup/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/modules/db-backup-restore/backup/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj From 337691933c5788a103f199578af70b8cd8380f0b Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Mon, 24 Jun 2024 18:57:40 +0530 Subject: [PATCH 07/42] Delete modules/db-backup-restore/restore/.helmignore --- modules/db-backup-restore/restore/.helmignore | 21 ------------------- 1 file changed, 21 deletions(-) delete mode 100644 modules/db-backup-restore/restore/.helmignore diff --git a/modules/db-backup-restore/restore/.helmignore b/modules/db-backup-restore/restore/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/modules/db-backup-restore/restore/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj From 8d81967fff5d968b1d538f8683e6c0e115ff5a70 Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 19:14:15 +0530 Subject: [PATCH 08/42] update backup-restore feature --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4d73279..4a482c3 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -129,7 +129,7 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to provide you cluster vpc ip, subnet, key_arn also. + #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. #And allow cluster security group in rds security group cluster_name = "cluster-name" namespace = local.namespace From 4e1028f83236fef0e3c4ba6e73f13a64040fa1ef Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 19:17:22 +0530 Subject: [PATCH 09/42] update backup-restore feature --- examples/complete-psql-replica/main.tf | 23 ++++++++++++++++++++++- examples/complete/main.tf | 2 +- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 8b74987..f6d8321 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -4,6 +4,8 @@ locals { family = "postgres15" vpc_cidr = "10.20.0.0/16" environment = "prod" + create_namespace = true + namespace = "postgres" storage_type = "gp3" engine_version = "15.2" instance_class = "db.m5d.large" @@ -81,7 +83,7 @@ module "vpc" { } module "rds-pg" { - source = "squareops/rds-postgresql/aws" + source = "../.." name = local.name db_name = "postgres" family = local.family @@ -113,4 +115,23 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password + #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. + #And allow cluster security group in rds security group + cluster_name = "cluster-name" + namespace = local.namespace + create_namespace = local.create_namespace + postgresdb_backup_enabled = false + postgresdb_backup_config = { + postgres_database_name = "" # which database backup you want + s3_bucket_region = "" #s3 bucket region + cron_for_full_backup = "*/3 * * * *" + bucket_uri = "s3://xyz" #s3 bucket uri + } + postgresdb_restore_enabled = false + postgresdb_restore_config = { + bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file + backup_file_name = "abc.dump" #Give only .sql or .zip file for restore + s3_bucket_region = "" # bucket region + DB_NAME = "" # which db to restore backup file + } } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 4a482c3..793ff61 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -129,7 +129,7 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. + #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group cluster_name = "cluster-name" namespace = local.namespace From 004d9ae25accf1aa47d9291e522d85064c7d7230 Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Mon, 24 Jun 2024 19:18:00 +0530 Subject: [PATCH 10/42] update backup-restore feature --- examples/complete-psql-replica/main.tf | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index f6d8321..8b74987 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -4,8 +4,6 @@ locals { family = "postgres15" vpc_cidr = "10.20.0.0/16" environment = "prod" - create_namespace = true - namespace = "postgres" storage_type = "gp3" engine_version = "15.2" instance_class = "db.m5d.large" @@ -83,7 +81,7 @@ module "vpc" { } module "rds-pg" { - source = "../.." + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" family = local.family @@ -115,23 +113,4 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. - #And allow cluster security group in rds security group - cluster_name = "cluster-name" - namespace = local.namespace - create_namespace = local.create_namespace - postgresdb_backup_enabled = false - postgresdb_backup_config = { - postgres_database_name = "" # which database backup you want - s3_bucket_region = "" #s3 bucket region - cron_for_full_backup = "*/3 * * * *" - bucket_uri = "s3://xyz" #s3 bucket uri - } - postgresdb_restore_enabled = false - postgresdb_restore_config = { - bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file - backup_file_name = "abc.dump" #Give only .sql or .zip file for restore - s3_bucket_region = "" # bucket region - DB_NAME = "" # which db to restore backup file - } } From 2cf312e3fadb29b3cc4b8cf4baa96d98677b42dd Mon Sep 17 00:00:00 2001 From: divyanshu jain Date: Wed, 26 Jun 2024 10:06:35 +0530 Subject: [PATCH 11/42] update backup-restore feature --- examples/complete-psql-replica/main.tf | 25 +++++++++++++++++-- examples/complete/main.tf | 34 +++++++++++++------------- main.tf | 8 +++--- 3 files changed, 44 insertions(+), 23 deletions(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 8b74987..1787d39 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -4,6 +4,8 @@ locals { family = "postgres15" vpc_cidr = "10.20.0.0/16" environment = "prod" + create_namespace = true + namespace = "postgres" storage_type = "gp3" engine_version = "15.2" instance_class = "db.m5d.large" @@ -81,7 +83,7 @@ module "vpc" { } module "rds-pg" { - source = "squareops/rds-postgresql/aws" + source = "../.." name = local.name db_name = "postgres" family = local.family @@ -101,7 +103,7 @@ module "rds-pg" { publicly_accessible = false skip_final_snapshot = true backup_window = "03:00-06:00" - maintenance_window = "Mon:00:00-Mon:03:00" + maintenance_window = "Mon:00:00-Mon:03:00 final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version deletion_protection = true @@ -113,4 +115,23 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password + #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. + #And allow cluster security group in rds security group + # cluster_name = "cluster-name" + # namespace = local.namespace + # create_namespace = local.create_namespace + # postgresdb_backup_enabled = false + # postgresdb_backup_config = { + # postgres_database_name = "" # which database backup you want + # s3_bucket_region = "" #s3 bucket region + # cron_for_full_backup = "*/3 * * * *" + # bucket_uri = "s3://xyz" #s3 bucket uri + # } + # postgresdb_restore_enabled = false + # postgresdb_restore_config = { + # bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file + # backup_file_name = "abc.dump" #Give only .sql or .zip file for restore + # s3_bucket_region = "" # bucket region + # DB_NAME = "" # which db to restore backup file + # } } diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 793ff61..436ef22 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -131,21 +131,21 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group - cluster_name = "cluster-name" - namespace = local.namespace - create_namespace = local.create_namespace - postgresdb_backup_enabled = false - postgresdb_backup_config = { - postgres_database_name = "" # which database backup you want - s3_bucket_region = "" #s3 bucket region - cron_for_full_backup = "*/3 * * * *" - bucket_uri = "s3://xyz" #s3 bucket uri - } - postgresdb_restore_enabled = false - postgresdb_restore_config = { - bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file - backup_file_name = "abc.dump" #Give only .sql or .zip file for restore - s3_bucket_region = "" # bucket region - DB_NAME = "" # which db to restore backup file - } + # cluster_name = "cluster-name" + # namespace = local.namespace + # create_namespace = local.create_namespace + # postgresdb_backup_enabled = false + # postgresdb_backup_config = { + # postgres_database_name = "" # which database backup you want + # s3_bucket_region = "" #s3 bucket region + # cron_for_full_backup = "*/3 * * * *" + # bucket_uri = "s3://xyz" #s3 bucket uri + # } + # postgresdb_restore_enabled = false + # postgresdb_restore_config = { + # bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file + # backup_file_name = "abc.dump" #Give only .sql or .zip file for restore + # s3_bucket_region = "" # bucket region + # DB_NAME = "" # which db to restore backup file + # } } diff --git a/main.tf b/main.tf index da8c22d..54b2f49 100644 --- a/main.tf +++ b/main.tf @@ -327,19 +327,19 @@ module "backup_restore" { postgresdb_backup_enabled = var.postgresdb_backup_enabled postgresdb_backup_config = { db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + db_password = nonsensitive(random_password.master[0].result) postgres_database_name = var.postgresdb_backup_config.postgres_database_name s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup bucket_uri = var.postgresdb_backup_config.bucket_uri - db_endpoint = replace(module.db.db_instance_endpoint, ":5432", "") + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") } postgresdb_restore_enabled = var.postgresdb_restore_enabled postgresdb_restore_config = { - db_endpoint = replace(module.db.db_instance_endpoint, ":5432", "") + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + db_password = nonsensitive(random_password.master[0].result) bucket_uri = var.postgresdb_restore_config.bucket_uri s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region DB_NAME = var.postgresdb_restore_config.DB_NAME, From 9e7dfb4733bfcf472f27e338c26794bf4f34b289 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Wed, 26 Jun 2024 12:23:46 +0530 Subject: [PATCH 12/42] Update main.tf --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 54b2f49..7c31468 100644 --- a/main.tf +++ b/main.tf @@ -327,7 +327,7 @@ module "backup_restore" { postgresdb_backup_enabled = var.postgresdb_backup_enabled postgresdb_backup_config = { db_username = var.master_username - db_password = nonsensitive(random_password.master[0].result) + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) postgres_database_name = var.postgresdb_backup_config.postgres_database_name s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup @@ -339,10 +339,10 @@ module "backup_restore" { postgresdb_restore_config = { db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") db_username = var.master_username - db_password = nonsensitive(random_password.master[0].result) + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) bucket_uri = var.postgresdb_restore_config.bucket_uri s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region DB_NAME = var.postgresdb_restore_config.DB_NAME, backup_file_name = var.postgresdb_restore_config.backup_file_name, } -} \ No newline at end of file +} From 1b0d849a5a27c7b3c18394c301c41b06b3652f1d Mon Sep 17 00:00:00 2001 From: ankush-sqops Date: Fri, 30 Aug 2024 13:30:19 +0530 Subject: [PATCH 13/42] Updated terraform aws privider version (#13) Co-authored-by: vinayakgautamops <95210787+vinayakgautamops@users.noreply.github.com> --- versions.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/versions.tf b/versions.tf index 4d5173d..d8e2113 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,9 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" - version = "5.13.1" + version = ">= 5.0.0" } } } From 43af34b1342109d5098b131188f6fc7f958bdc50 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Thu, 14 Nov 2024 18:58:12 +0530 Subject: [PATCH 14/42] added backup-restore functionality --- examples/complete/main.tf | 56 +++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 436ef22..864d26b 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -1,17 +1,17 @@ locals { - region = "us-west-2" + region = "us-east-1" name = "postgresql" family = "postgres15" vpc_cidr = "10.20.0.0/16" - environment = "prod" - create_namespace = true - namespace = "postgres" + environment = "test" + create_namespace = false + namespace = "pg" engine_version = "15.4" - instance_class = "db.m5d.large" + instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn - allowed_security_groups = ["sg-0a680afd35"] - custom_user_password = "" + allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] + custom_user_password = "Amanrajj12" additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -101,27 +101,28 @@ module "vpc" { module "rds-pg" { source = "squareops/rds-postgresql/aws" name = local.name - db_name = "postgres" + db_name = "test" multi_az = "true" family = local.family vpc_id = module.vpc.vpc_id + allowed_security_groups = local.allowed_security_groups subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class - master_username = "pguser" + master_username = "admin" allocated_storage = "20" max_allocated_storage = 120 publicly_accessible = false skip_final_snapshot = true backup_window = "03:00-06:00" maintenance_window = "Mon:00:00-Mon:03:00" - final_snapshot_identifier_prefix = "final" + final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version deletion_protection = false - cloudwatch_metric_alarms_enabled = true + cloudwatch_metric_alarms_enabled = false alarm_cpu_threshold_percent = 70 disk_free_storage_space = "10000000" # in bytes slack_notification_enabled = false @@ -131,21 +132,20 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group - # cluster_name = "cluster-name" - # namespace = local.namespace - # create_namespace = local.create_namespace - # postgresdb_backup_enabled = false - # postgresdb_backup_config = { - # postgres_database_name = "" # which database backup you want - # s3_bucket_region = "" #s3 bucket region - # cron_for_full_backup = "*/3 * * * *" - # bucket_uri = "s3://xyz" #s3 bucket uri - # } - # postgresdb_restore_enabled = false - # postgresdb_restore_config = { - # bucket_uri = "s3://xyz" #s3 bucket uri which have dackup dump file - # backup_file_name = "abc.dump" #Give only .sql or .zip file for restore - # s3_bucket_region = "" # bucket region - # DB_NAME = "" # which db to restore backup file - # } + cluster_name = "" + namespace = local.namespace + create_namespace = local.create_namespace + postgresdb_backup_enabled = false + postgresdb_backup_config = { + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + cron_for_full_backup = "*/2 * * * *" # set cronjob for backup + bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri + } + postgresdb_restore_enabled = false + postgresdb_restore_config = { + bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. + backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore + } } + + From df03298e60933da7ed54131bd88bf11fe97fd5a9 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Thu, 14 Nov 2024 19:04:02 +0530 Subject: [PATCH 15/42] Update main.tf --- examples/complete/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 864d26b..efa23bd 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -3,15 +3,15 @@ locals { name = "postgresql" family = "postgres15" vpc_cidr = "10.20.0.0/16" - environment = "test" - create_namespace = false + environment = "prod" + create_namespace = true namespace = "pg" engine_version = "15.4" instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] - custom_user_password = "Amanrajj12" + custom_user_password = "" additional_tags = { Owner = "Organization_Name" Expires = "Never" From 9ab3d7339cd96ce28633650ea82d9dccb0df8ffa Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:54:40 +0530 Subject: [PATCH 16/42] update module location --- examples/complete-psql-replica/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 1787d39..3e2d328 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -83,7 +83,7 @@ module "vpc" { } module "rds-pg" { - source = "../.." + source = "squareops/rds-postgresql/aws" name = local.name db_name = "postgres" family = local.family From ad5cba4792dccc448aff34fab5eea2742f1fcb7b Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Fri, 15 Nov 2024 16:20:41 +0530 Subject: [PATCH 17/42] updated readme file --- examples/complete/README.md | 10 ++++++---- examples/complete/main.tf | 26 ++++++++++++-------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/examples/complete/README.md b/examples/complete/README.md index d056d1b..b738988 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -14,20 +14,20 @@ This example will be very useful for users who are new to a module and want to q | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 3.43.0 | +| [aws](#requirement\_aws) | >= 5.0.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.43.0 | +| [aws](#provider\_aws) | >= 5.0.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [kms](#module\_kms) | terraform-aws-modules/kms/aws | n/a | -| [rds-pg](#module\_rds-pg) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | +| [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources @@ -35,6 +35,8 @@ This example will be very useful for users who are new to a module and want to q | Name | Type | |------|------| | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/examples/complete/main.tf b/examples/complete/main.tf index efa23bd..780dc90 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -23,8 +23,8 @@ data "aws_caller_identity" "current" {} data "aws_region" "current" {} module "kms" { - source = "terraform-aws-modules/kms/aws" - version = "~> 1.0" + source = "terraform-aws-modules/kms/aws" + version = "~> 1.0" deletion_window_in_days = 7 description = "Complete key example showing various configurations available" enable_key_rotation = true @@ -104,7 +104,7 @@ module "rds-pg" { db_name = "test" multi_az = "true" family = local.family - vpc_id = module.vpc.vpc_id + vpc_id = module.vpc.vpc_id allowed_security_groups = local.allowed_security_groups subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment @@ -119,7 +119,7 @@ module "rds-pg" { skip_final_snapshot = true backup_window = "03:00-06:00" maintenance_window = "Mon:00:00-Mon:03:00" - final_snapshot_identifier_prefix = "final" + final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version deletion_protection = false cloudwatch_metric_alarms_enabled = false @@ -130,22 +130,20 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. + #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group - cluster_name = "" - namespace = local.namespace - create_namespace = local.create_namespace + cluster_name = "" + namespace = local.namespace + create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { - postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases - cron_for_full_backup = "*/2 * * * *" # set cronjob for backup - bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + cron_for_full_backup = "*/2 * * * *" # set cronjob for backup + bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri } postgresdb_restore_enabled = false postgresdb_restore_config = { bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. - backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore + backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore } } - - From 4b1d355657eecb5f2d5551800c287680c7204a7d Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:28:55 +0530 Subject: [PATCH 18/42] Update README.md --- README.md | 59 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 49cc740..e5f5550 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,20 @@ module "rds-pg" { slack_channel = "skaf-dev" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = "postgresqlpasswd" + cluster_name = "" + namespace = local.namespace + create_namespace = local.create_namespace + postgresdb_backup_enabled = false + postgresdb_backup_config = { + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + cron_for_full_backup = "*/2 * * * *" # set cronjob for backup + bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri + } + postgresdb_restore_enabled = false + postgresdb_restore_config = { + bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. + backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore + } } ``` Refer [examples](https://github.com/squareops/terraform-aws-rds-postgresql/tree/main/examples) for more details. @@ -66,51 +80,52 @@ The required IAM permissions to create resources from this module can be found [ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.13 | -| [aws](#requirement\_aws) | 5.13.1 | +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.0.0 | ## Providers | Name | Version | |------|---------| | [archive](#provider\_archive) | n/a | -| [aws](#provider\_aws) | 5.13.1 | +| [aws](#provider\_aws) | >= 5.0.0 | | [random](#provider\_random) | n/a | ## Modules | Name | Source | Version | |------|--------|---------| +| [backup\_restore](#module\_backup\_restore) | ./modules/db-backup-restore | n/a | | [cw\_sns\_slack](#module\_cw\_sns\_slack) | ./lambda | n/a | | [db](#module\_db) | terraform-aws-modules/rds/aws | 6.1.0 | | [db\_replica](#module\_db\_replica) | terraform-aws-modules/rds/aws | 6.1.0 | -| [security\_group\_rds](#module\_security\_group\_rds) | terraform-aws-modules/security-group/aws | ~> 4 | +| [security\_group\_rds](#module\_security\_group\_rds) | terraform-aws-modules/security-group/aws | ~> 5.0 | ## Resources | Name | Type | |------|------| -| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_kms_ciphertext.slack_url](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/kms_ciphertext) | resource | -| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/kms_key) | resource | -| [aws_lambda_permission.sns_lambda_slack_invoke](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/lambda_permission) | resource | -| [aws_secretsmanager_secret.secret_master_db](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret) | resource | -| [aws_secretsmanager_secret_version.rds_credentials](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/secretsmanager_secret_version) | resource | -| [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | -| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/security_group_rule) | resource | -| [aws_sns_topic.slack_topic](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/sns_topic) | resource | -| [aws_sns_topic_subscription.slack-endpoint](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/resources/sns_topic_subscription) | resource | +| [aws_cloudwatch_metric_alarm.cache_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_kms_ciphertext.slack_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_ciphertext) | resource | +| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_lambda_permission.sns_lambda_slack_invoke](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | +| [aws_secretsmanager_secret.secret_master_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.rds_credentials](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | +| [aws_security_group_rule.cidr_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_security_group_rule.default_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | +| [aws_sns_topic.slack_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [aws_sns_topic_subscription.slack-endpoint](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource | | [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [archive_file.lambdazip](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/availability_zones) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.13.1/docs/data-sources/region) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [additional\_tags](#input\_additional\_tags) | A map of additional tags to apply to the AWS resources | `map(string)` | 
{
  "automation": "true"
}
| no | +| [additional\_tags](#input\_additional\_tags) | A map of additional tags to apply to the AWS resources | `map(string)` | 
{
  "automation": "true"
}
| no | | [alarm\_actions](#input\_alarm\_actions) | Alarm action list | `list(string)` | `[]` | no | | [alarm\_cpu\_threshold\_percent](#input\_alarm\_cpu\_threshold\_percent) | CPU threshold alarm level | `number` | `75` | no | | [allocated\_storage](#input\_allocated\_storage) | The allocated storage capacity for the database in gibibytes (GiB) | `number` | `20` | no | @@ -119,8 +134,11 @@ The required IAM permissions to create resources from this module can be found [ | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately or during the next maintenance window | `bool` | `false` | no | | [backup\_retention\_period](#input\_backup\_retention\_period) | The number of days to retain backups for | `number` | `5` | no | | [backup\_window](#input\_backup\_window) | The preferred window for taking automated backups of the database | `string` | `"03:00-06:00"` | no | +| [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"s3"` | no | | [cloudwatch\_metric\_alarms\_enabled](#input\_cloudwatch\_metric\_alarms\_enabled) | Boolean flag to enable/disable CloudWatch metrics alarms | `bool` | `false` | no | +| [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no | | [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Whether to create a database subnet group | `bool` | `true` | no | +| [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `false` | no | | [create\_security\_group](#input\_create\_security\_group) | Whether to create a security group for the database | `bool` | `true` | no | | [custom\_user\_password](#input\_custom\_user\_password) | Custom password for the RDS master user | `string` | `""` | no | | [cw\_sns\_topic\_arn](#input\_cw\_sns\_topic\_arn) | The username to use when sending notifications to Slack. | `string` | `""` | no | @@ -143,10 +161,15 @@ The required IAM permissions to create resources from this module can be found [ | [max\_allocated\_storage](#input\_max\_allocated\_storage) | The Maximum storage capacity for the database value after autoscaling | `number` | `null` | no | | [multi\_az](#input\_multi\_az) | Enable multi-AZ for disaster recovery | `bool` | `false` | no | | [name](#input\_name) | The name of the RDS instance | `string` | `""` | no | +| [namespace](#input\_namespace) | Name of the Kubernetes namespace where the MYSQL deployment will be deployed. | `string` | `"postgresdb"` | no | | [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | `list(string)` | `[]` | no | | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no | | [port](#input\_port) | The port number for the database | `number` | `5432` | no | +| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no | +| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "bucket_uri": "",
  "file_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no | | [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no | | [replica\_count](#input\_replica\_count) | The number of replica instance | `number` | `1` | no | From 8722dbefed6436a325dd5c7f2445bc554353776f Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 13:14:20 +0530 Subject: [PATCH 19/42] updated the repo --- .gitignore | 2 +- README.md | 4 +- examples/complete-psql-replica/main.tf | 6 +- examples/complete/README.md | 4 + examples/complete/main.tf | 168 +++++++++++------- examples/complete/provider.tf | 4 +- helm/values/backup/values.yaml | 1 - helm/values/restore/values.yaml | 2 - main.tf | 60 ++++--- .../backup/templates/cronjob.yaml | 18 +- modules/db-backup-restore/main.tf | 36 ++-- .../restore/templates/job.yaml | 16 +- modules/db-backup-restore/roles.tf | 2 +- modules/db-backup-restore/variables.tf | 20 +-- variables.tf | 16 +- 15 files changed, 205 insertions(+), 154 deletions(-) diff --git a/.gitignore b/.gitignore index 6e255ef..f0174c7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ *.tfvars *.pem vars -.helmignore \ No newline at end of file +.helmignore diff --git a/README.md b/README.md index e5f5550..b8893f8 100644 --- a/README.md +++ b/README.md @@ -166,9 +166,9 @@ The required IAM permissions to create resources from this module can be found [ | [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no | | [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no | | [port](#input\_port) | The port number for the database | `number` | `5432` | no | -| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": ""
}
| no | | [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no | -| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "bucket_uri": "",
  "file_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "bucket_uri": "",
  "file_name": ""
}
| no | | [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no | | [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no | | [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no | diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index 3e2d328..b7245f7 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -115,16 +115,16 @@ module "rds-pg" { slack_channel = "postgresql-notification" slack_webhook_url = "https://hooks/xxxxxxxx" custom_user_password = local.custom_user_password - #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. + #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn. #And allow cluster security group in rds security group - # cluster_name = "cluster-name" + # cluster_name = "cluster-name" # namespace = local.namespace # create_namespace = local.create_namespace # postgresdb_backup_enabled = false # postgresdb_backup_config = { # postgres_database_name = "" # which database backup you want # s3_bucket_region = "" #s3 bucket region - # cron_for_full_backup = "*/3 * * * *" + # cron_for_full_backup = "*/3 * * * *" # bucket_uri = "s3://xyz" #s3 bucket uri # } # postgresdb_restore_enabled = false diff --git a/examples/complete/README.md b/examples/complete/README.md index b738988..214ceb5 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,9 +26,13 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| +<<<<<<< Updated upstream | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | +======= +| [rds-pg](#module\_rds-pg) | ../../ | n/a | +>>>>>>> Stashed changes ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 780dc90..0b41433 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,8 +10,13 @@ locals { instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn +<<<<<<< Updated upstream allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] custom_user_password = "" +======= + allowed_security_groups = ["sg-0c982318e4a801035"] + custom_user_password = "Amanrajj12" +>>>>>>> Stashed changes additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -22,6 +27,7 @@ locals { data "aws_caller_identity" "current" {} data "aws_region" "current" {} +<<<<<<< Updated upstream module "kms" { source = "terraform-aws-modules/kms/aws" version = "~> 1.0" @@ -31,74 +37,86 @@ module "kms" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" multi_region = true +======= +# module "kms" { +# source = "terraform-aws-modules/kms/aws" +# version = "~> 1.0" +# deletion_window_in_days = 7 +# description = "Complete key example showing various configurations available" +# enable_key_rotation = true +# is_enabled = true +# key_usage = "ENCRYPT_DECRYPT" +# multi_region = true +>>>>>>> Stashed changes - # Policy - enable_default_policy = true - key_owners = [local.current_identity] - key_administrators = [local.current_identity] - key_users = [local.current_identity] - key_service_users = [local.current_identity] - key_statements = [ - { - sid = "Allow use of the key" - actions = [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ] - resources = ["*"] +# # Policy +# enable_default_policy = true +# key_owners = [local.current_identity] +# key_administrators = [local.current_identity] +# key_users = [local.current_identity] +# key_service_users = [local.current_identity] +# key_statements = [ +# { +# sid = "Allow use of the key" +# actions = [ +# "kms:Encrypt*", +# "kms:Decrypt*", +# "kms:ReEncrypt*", +# "kms:GenerateDataKey*", +# "kms:Describe*" +# ] +# resources = ["*"] - principals = [ - { - type = "Service" - identifiers = [ - "monitoring.rds.amazonaws.com", - "rds.amazonaws.com", - ] - } - ] - }, - { - sid = "Enable IAM User Permissions" - actions = ["kms:*"] - resources = ["*"] +# principals = [ +# { +# type = "Service" +# identifiers = [ +# "monitoring.rds.amazonaws.com", +# "rds.amazonaws.com", +# ] +# } +# ] +# }, +# { +# sid = "Enable IAM User Permissions" +# actions = ["kms:*"] +# resources = ["*"] - principals = [ - { - type = "AWS" - identifiers = [ - "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", - data.aws_caller_identity.current.arn, - ] - } - ] - } - ] +# principals = [ +# { +# type = "AWS" +# identifiers = [ +# "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", +# data.aws_caller_identity.current.arn, +# ] +# } +# ] +# } +# ] - # Aliases - aliases = ["${local.name}"] +# # Aliases +# aliases = ["${local.name}"] - tags = local.additional_tags -} +# tags = local.additional_tags +# } -module "vpc" { - source = "squareops/vpc/aws" - name = local.name - vpc_cidr = local.vpc_cidr - environment = local.environment - availability_zones = ["us-east-2a", "us-east-2b"] - public_subnet_enabled = true - auto_assign_public_ip = true - intra_subnet_enabled = false - private_subnet_enabled = true - one_nat_gateway_per_az = false - database_subnet_enabled = true -} +# module "vpc" { +# source = "squareops/vpc/aws" +# name = local.name +# vpc_cidr = local.vpc_cidr +# environment = local.environment +# availability_zones = ["us-east-2a", "us-east-2b"] +# public_subnet_enabled = true +# auto_assign_public_ip = true +# intra_subnet_enabled = false +# private_subnet_enabled = true +# one_nat_gateway_per_az = false +# database_subnet_enabled = true +# } module "rds-pg" { +<<<<<<< Updated upstream source = "squareops/rds-postgresql/aws" name = local.name db_name = "test" @@ -109,10 +127,26 @@ module "rds-pg" { subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn +======= + # source = "squareops/rds-postgresql/aws" + source = "../../" + name = local.name + db_name = "test" + multi_az = "true" + family = local.family + # vpc_id = module.vpc.vpc_id + vpc_id = "vpc-0596c94ef9a8c1cf3" + allowed_security_groups = local.allowed_security_groups + # subnet_ids = module.vpc.database_subnets ## db subnets + subnet_ids = ["subnet-02d397a523ad1b92c", "subnet-0786584f53f23322d"] + environment = local.environment + kms_key_arn = "arn:aws:kms:us-east-1:767398031518:key/b2b4a98b-ea65-4ebd-b304-0660735e1580" + # kms_key_arn = module.kms.key_arn +>>>>>>> Stashed changes storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class - master_username = "admin" + master_username = "pguser" allocated_storage = "20" max_allocated_storage = 120 publicly_accessible = false @@ -132,18 +166,30 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group +<<<<<<< Updated upstream cluster_name = "" +======= + cluster_name = "non-prod-15nov" +>>>>>>> Stashed changes namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { +<<<<<<< Updated upstream postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases +======= + postgres_database_name = "dummydb" # Specify the database name or Leave empty if you wish to backup all databases +>>>>>>> Stashed changes cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri } - postgresdb_restore_enabled = false + postgresdb_restore_enabled = true postgresdb_restore_config = { bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. +<<<<<<< Updated upstream backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore +======= + backup_file_name = "dummydb_20241115100801.sql" #Give .sql or .zip file for restore +>>>>>>> Stashed changes } } diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index af8c494..9eda20a 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "" + name = "non-prod-15nov" } data "aws_eks_cluster_auth" "cluster" { - name = "" + name = "non-prod-15nov" } provider "kubernetes" { diff --git a/helm/values/backup/values.yaml b/helm/values/backup/values.yaml index 15fe1a8..ae304b5 100644 --- a/helm/values/backup/values.yaml +++ b/helm/values/backup/values.yaml @@ -1,7 +1,6 @@ ## Enable Full backup backup: bucket_uri: ${bucket_uri} - aws_default_region: ${s3_bucket_region} cron_for_full_backup: "${cron_for_full_backup}" postgres_database_name: "${postgres_database_name}" database_endpoint: "${db_endpoint}" diff --git a/helm/values/restore/values.yaml b/helm/values/restore/values.yaml index 5c9874b..13dbf8d 100644 --- a/helm/values/restore/values.yaml +++ b/helm/values/restore/values.yaml @@ -1,10 +1,8 @@ restore: bucket_uri: ${bucket_uri} - aws_default_region: ${s3_bucket_region} db_endpoint: "${db_endpoint}" db_password: "${db_password}" db_username: "${db_username}" - DB_NAME: "${DB_NAME}" backup_file_name: "${backup_file_name}" auth: diff --git a/main.tf b/main.tf index 7c31468..7f2d485 100644 --- a/main.tf +++ b/main.tf @@ -2,6 +2,11 @@ data "aws_region" "current" {} data "aws_availability_zones" "available" {} locals { + + db_password = var.custom_user_password != "" ? var.custom_user_password : ( + length(random_password.master) > 0 ? element(random_password.master, 0).result : var.custom_user_password + ) + tags = { Automation = "true" Environment = var.environment @@ -153,7 +158,7 @@ module "security_group_rds" { } resource "aws_secretsmanager_secret" "secret_master_db" { - name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-passssss4") tags = merge( { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-postgres-pass") }, local.tags, @@ -167,16 +172,13 @@ resource "random_password" "master" { } resource "aws_secretsmanager_secret_version" "rds_credentials" { - count = length(random_password.master) > 0 ? 1 : 0 - secret_id = aws_secretsmanager_secret.secret_master_db.id - secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password, - "engine": "${var.engine}", - "host": "${module.db.db_instance_endpoint}" -} -EOF + secret_id = aws_secretsmanager_secret.secret_master_db.id + secret_string = jsonencode({ + username = module.db.db_instance_username + password = local.db_password + engine = var.engine + host = module.db.db_instance_endpoint + }) } # Cloudwatch alarms @@ -319,30 +321,30 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" { } module "backup_restore" { - depends_on = [module.db] - source = "./modules/db-backup-restore" - cluster_name = var.cluster_name - namespace = var.namespace - create_namespace = var.create_namespace + depends_on = [module.db] + source = "./modules/db-backup-restore" + cluster_name = var.cluster_name + namespace = var.namespace + create_namespace = var.create_namespace postgresdb_backup_enabled = var.postgresdb_backup_enabled postgresdb_backup_config = { - db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) - postgres_database_name = var.postgresdb_backup_config.postgres_database_name - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region - cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup + db_username = var.master_username + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + postgres_database_name = var.postgresdb_backup_config.postgres_database_name + # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup bucket_uri = var.postgresdb_backup_config.bucket_uri db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") } postgresdb_restore_enabled = var.postgresdb_restore_enabled - postgresdb_restore_config = { - db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") - db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) - bucket_uri = var.postgresdb_restore_config.bucket_uri - s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region - DB_NAME = var.postgresdb_restore_config.DB_NAME, - backup_file_name = var.postgresdb_restore_config.backup_file_name, + postgresdb_restore_config = { + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") + db_username = var.master_username + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + bucket_uri = var.postgresdb_restore_config.bucket_uri + # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region + # DB_NAME = var.postgresdb_restore_config.DB_NAME, + backup_file_name = var.postgresdb_restore_config.backup_file_name, } } diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml index 3f83bcd..f32d59e 100644 --- a/modules/db-backup-restore/backup/templates/cronjob.yaml +++ b/modules/db-backup-restore/backup/templates/cronjob.yaml @@ -18,20 +18,20 @@ spec: serviceAccountName: sa-postgres-backup containers: - name: backup-postgresdb - image: divyanshujain11/rds:postgres-backup-restore + image: amanravi12/postgresql-backup:v5 imagePullPolicy: Always - command: ["./backup.sh"] + command: ["/backup/backup_script.sh"] env: - - name: db_endpoint + - name: DB_HOST value: {{ .Values.backup.database_endpoint }} - - name: db_username + - name: DB_USER value: {{ .Values.backup.database_user }} - - name: db_password + - name: DB_PASSWORD value: {{ .Values.backup.database_password }} - - name: bucket_uri + - name: S3_BUCKET value: {{ .Values.backup.bucket_uri }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.backup.aws_default_region}} - - name: postgres_database_name + - name: DB_PORT + value: "5432" + - name: DB_NAME value: {{ .Values.backup.postgres_database_name }} resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }} diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf index 2ac2342..60c0f71 100644 --- a/modules/db-backup-restore/main.tf +++ b/modules/db-backup-restore/main.tf @@ -8,21 +8,22 @@ resource "kubernetes_namespace" "postgresdb" { resource "helm_release" "postgresdb_backup" { count = var.postgresdb_backup_enabled ? 1 : 0 + depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-backup" chart = "../../modules/db-backup-restore/backup" timeout = 600 namespace = var.namespace values = [ templatefile("../../helm/values/backup/values.yaml", { - bucket_uri = var.postgresdb_backup_config.bucket_uri, - postgres_database_name = var.postgresdb_backup_config.postgres_database_name, - db_endpoint = var.postgresdb_backup_config.db_endpoint, - db_password = var.postgresdb_backup_config.db_password , - db_username = var.postgresdb_backup_config.db_username , - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , - cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" - }) + bucket_uri = var.postgresdb_backup_config.bucket_uri, + postgres_database_name = var.postgresdb_backup_config.postgres_database_name, + db_endpoint = var.postgresdb_backup_config.db_endpoint, + db_password = var.postgresdb_backup_config.db_password, + db_username = var.postgresdb_backup_config.db_username, + # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" + }) ] } @@ -30,20 +31,19 @@ resource "helm_release" "postgresdb_backup" { ## DB dump restore resource "helm_release" "postgresdb_restore" { count = var.postgresdb_restore_enabled ? 1 : 0 + depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-restore" chart = "../../modules/db-backup-restore/restore" timeout = 600 namespace = var.namespace values = [ templatefile("../../helm/values/restore/values.yaml", { - bucket_uri = var.postgresdb_restore_config.bucket_uri, - db_endpoint = var.postgresdb_restore_config.db_endpoint , - db_password = var.postgresdb_restore_config.db_password, - s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , - db_username = var.postgresdb_restore_config.db_username , - DB_NAME = var.postgresdb_restore_config.DB_NAME, - backup_file_name = var.postgresdb_restore_config.backup_file_name, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" + bucket_uri = var.postgresdb_restore_config.bucket_uri, + db_endpoint = var.postgresdb_restore_config.db_endpoint, + db_password = var.postgresdb_restore_config.db_password, + db_username = var.postgresdb_restore_config.db_username, + backup_file_name = var.postgresdb_restore_config.backup_file_name, + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" }) ] -} \ No newline at end of file +} diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml index f39b80d..fa2e0fd 100644 --- a/modules/db-backup-restore/restore/templates/job.yaml +++ b/modules/db-backup-restore/restore/templates/job.yaml @@ -9,9 +9,9 @@ spec: serviceAccountName: sa-postgres-restore containers: - name: restore-postgresdb - image: divyanshujain11/rds:postgres-backup-restore + image: amanravi12/postgresql-restore:v6 imagePullPolicy: Always - command: ["./restore.sh"] + command: ["/restore/restore_script.sh"] env: - name: DB_HOST value: {{ .Values.restore.db_endpoint }} @@ -19,12 +19,14 @@ spec: value: {{ .Values.restore.db_username }} - name: DB_PASSWORD value: {{ .Values.restore.db_password }} - - name: bucket_uri + - name: POSTGRESQL_BUCKET_RESTORE_URI value: {{ .Values.restore.bucket_uri }} - - name: DB_NAME - value: {{ .Values.restore.DB_NAME }} - - name: backup_file_name + - name: DB_PORT + value: "5432" + # - name: DB_NAME + # value: {{ .Values.restore.DB_NAME }} + - name: RESTORE_FILE_NAME value: {{ .Values.restore.backup_file_name }} resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }} restartPolicy: Never - backoffLimit: 4 \ No newline at end of file + backoffLimit: 4 diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf index a19589b..0abc253 100644 --- a/modules/db-backup-restore/roles.tf +++ b/modules/db-backup-restore/roles.tf @@ -95,4 +95,4 @@ resource "aws_iam_role" "postgres_restore_role" { ] }) } -} \ No newline at end of file +} diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf index d2e7f8d..1a23f03 100644 --- a/modules/db-backup-restore/variables.tf +++ b/modules/db-backup-restore/variables.tf @@ -66,9 +66,9 @@ variable "cluster_name" { } variable "postgresdb_permission" { - default = false + default = false description = "access" - type = bool + type = bool } variable "bucket_provider_type" { @@ -93,10 +93,10 @@ variable "postgresdb_restore_enabled" { variable "postgresdb_backup_config" { type = map(string) default = { - bucket_uri = "" - s3_bucket_region = "" - cron_for_full_backup = "" - postgres_database_name = "" + bucket_uri = "" + s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" # db_endpoint="" } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." @@ -105,10 +105,10 @@ variable "postgresdb_backup_config" { variable "postgresdb_restore_config" { type = any default = { - bucket_uri = "" - file_name = "" - s3_bucket_region = "" - DB_NAME = "" + bucket_uri = "" + file_name = "" + # s3_bucket_region = "" + DB_NAME = "" backup_file_name = "" } description = "Configuration options for restoring dump to the MySQL database." diff --git a/variables.tf b/variables.tf index b8dc7b7..db9bf05 100644 --- a/variables.tf +++ b/variables.tf @@ -346,10 +346,10 @@ variable "bucket_provider_type" { variable "postgresdb_backup_config" { type = map(string) default = { - bucket_uri = "" - s3_bucket_region = "" - cron_for_full_backup = "" - postgres_database_name = "" + bucket_uri = "" + # s3_bucket_region = "" + cron_for_full_backup = "" + postgres_database_name = "" # db_endpoint="" } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." @@ -358,9 +358,9 @@ variable "postgresdb_backup_config" { variable "postgresdb_restore_config" { type = any default = { - bucket_uri = "" - file_name = "" - s3_bucket_region = "" + bucket_uri = "" + file_name = "" + # s3_bucket_region = "" } description = "Configuration options for restoring dump to the MySQL database." } @@ -369,4 +369,4 @@ variable "cluster_name" { type = string default = "" description = "Specifies the name of the EKS cluster to deploy the MySQL application on." -} \ No newline at end of file +} From e429c8cc016da0ea028c76a511ab936979595c8a Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 14:59:44 +0530 Subject: [PATCH 20/42] updated the repo --- examples/complete/main.tf | 166 ++++++++++++++------------------------ 1 file changed, 60 insertions(+), 106 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0b41433..8a26232 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,13 +10,8 @@ locals { instance_class = "db.t4g.micro" storage_type = "gp3" current_identity = data.aws_caller_identity.current.arn -<<<<<<< Updated upstream allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] custom_user_password = "" -======= - allowed_security_groups = ["sg-0c982318e4a801035"] - custom_user_password = "Amanrajj12" ->>>>>>> Stashed changes additional_tags = { Owner = "Organization_Name" Expires = "Never" @@ -27,7 +22,6 @@ locals { data "aws_caller_identity" "current" {} data "aws_region" "current" {} -<<<<<<< Updated upstream module "kms" { source = "terraform-aws-modules/kms/aws" version = "~> 1.0" @@ -37,86 +31,74 @@ module "kms" { is_enabled = true key_usage = "ENCRYPT_DECRYPT" multi_region = true -======= -# module "kms" { -# source = "terraform-aws-modules/kms/aws" -# version = "~> 1.0" -# deletion_window_in_days = 7 -# description = "Complete key example showing various configurations available" -# enable_key_rotation = true -# is_enabled = true -# key_usage = "ENCRYPT_DECRYPT" -# multi_region = true ->>>>>>> Stashed changes -# # Policy -# enable_default_policy = true -# key_owners = [local.current_identity] -# key_administrators = [local.current_identity] -# key_users = [local.current_identity] -# key_service_users = [local.current_identity] -# key_statements = [ -# { -# sid = "Allow use of the key" -# actions = [ -# "kms:Encrypt*", -# "kms:Decrypt*", -# "kms:ReEncrypt*", -# "kms:GenerateDataKey*", -# "kms:Describe*" -# ] -# resources = ["*"] + # Policy + enable_default_policy = true + key_owners = [local.current_identity] + key_administrators = [local.current_identity] + key_users = [local.current_identity] + key_service_users = [local.current_identity] + key_statements = [ + { + sid = "Allow use of the key" + actions = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + resources = ["*"] -# principals = [ -# { -# type = "Service" -# identifiers = [ -# "monitoring.rds.amazonaws.com", -# "rds.amazonaws.com", -# ] -# } -# ] -# }, -# { -# sid = "Enable IAM User Permissions" -# actions = ["kms:*"] -# resources = ["*"] + principals = [ + { + type = "Service" + identifiers = [ + "monitoring.rds.amazonaws.com", + "rds.amazonaws.com", + ] + } + ] + }, + { + sid = "Enable IAM User Permissions" + actions = ["kms:*"] + resources = ["*"] -# principals = [ -# { -# type = "AWS" -# identifiers = [ -# "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", -# data.aws_caller_identity.current.arn, -# ] -# } -# ] -# } -# ] + principals = [ + { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root", + data.aws_caller_identity.current.arn, + ] + } + ] + } + ] -# # Aliases -# aliases = ["${local.name}"] + # Aliases + aliases = ["${local.name}"] -# tags = local.additional_tags -# } + tags = local.additional_tags +} -# module "vpc" { -# source = "squareops/vpc/aws" -# name = local.name -# vpc_cidr = local.vpc_cidr -# environment = local.environment -# availability_zones = ["us-east-2a", "us-east-2b"] -# public_subnet_enabled = true -# auto_assign_public_ip = true -# intra_subnet_enabled = false -# private_subnet_enabled = true -# one_nat_gateway_per_az = false -# database_subnet_enabled = true -# } +module "vpc" { + source = "squareops/vpc/aws" + name = local.name + vpc_cidr = local.vpc_cidr + environment = local.environment + availability_zones = ["us-east-2a", "us-east-2b"] + public_subnet_enabled = true + auto_assign_public_ip = true + intra_subnet_enabled = false + private_subnet_enabled = true + one_nat_gateway_per_az = false + database_subnet_enabled = true +} module "rds-pg" { -<<<<<<< Updated upstream source = "squareops/rds-postgresql/aws" name = local.name db_name = "test" @@ -127,22 +109,6 @@ module "rds-pg" { subnet_ids = module.vpc.database_subnets ## db subnets environment = local.environment kms_key_arn = module.kms.key_arn -======= - # source = "squareops/rds-postgresql/aws" - source = "../../" - name = local.name - db_name = "test" - multi_az = "true" - family = local.family - # vpc_id = module.vpc.vpc_id - vpc_id = "vpc-0596c94ef9a8c1cf3" - allowed_security_groups = local.allowed_security_groups - # subnet_ids = module.vpc.database_subnets ## db subnets - subnet_ids = ["subnet-02d397a523ad1b92c", "subnet-0786584f53f23322d"] - environment = local.environment - kms_key_arn = "arn:aws:kms:us-east-1:767398031518:key/b2b4a98b-ea65-4ebd-b304-0660735e1580" - # kms_key_arn = module.kms.key_arn ->>>>>>> Stashed changes storage_type = local.storage_type engine_version = local.engine_version instance_class = local.instance_class @@ -166,30 +132,18 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group -<<<<<<< Updated upstream cluster_name = "" -======= - cluster_name = "non-prod-15nov" ->>>>>>> Stashed changes namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { -<<<<<<< Updated upstream postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases -======= - postgres_database_name = "dummydb" # Specify the database name or Leave empty if you wish to backup all databases ->>>>>>> Stashed changes cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri } - postgresdb_restore_enabled = true + postgresdb_restore_enabled = false postgresdb_restore_config = { bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. -<<<<<<< Updated upstream backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore -======= - backup_file_name = "dummydb_20241115100801.sql" #Give .sql or .zip file for restore ->>>>>>> Stashed changes } } From e9f34cde7c7cae63ac7612083bd5e0afe58c1466 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:06:05 +0530 Subject: [PATCH 21/42] updated readme file --- examples/complete/README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/examples/complete/README.md b/examples/complete/README.md index 214ceb5..b738988 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -26,13 +26,9 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| -<<<<<<< Updated upstream | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | | [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | -======= -| [rds-pg](#module\_rds-pg) | ../../ | n/a | ->>>>>>> Stashed changes ## Resources From b563e9ecfc41c7e5d6c8bbd85c983ef42096bca6 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:08:49 +0530 Subject: [PATCH 22/42] updated readme file --- examples/complete/provider.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index 9eda20a..af8c494 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "non-prod-15nov" + name = "" } data "aws_eks_cluster_auth" "cluster" { - name = "non-prod-15nov" + name = "" } provider "kubernetes" { From 1ff5b733bf4aacdd75cb3e918acf69f7cca16275 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Mon, 18 Nov 2024 15:09:53 +0530 Subject: [PATCH 23/42] updated readme file --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 7f2d485..9aa3795 100644 --- a/main.tf +++ b/main.tf @@ -158,7 +158,7 @@ module "security_group_rds" { } resource "aws_secretsmanager_secret" "secret_master_db" { - name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-passssss4") + name = format("%s/%s/%s", var.environment, var.name, "rds-postgresql-pass") tags = merge( { "Name" = format("%s/%s/%s", var.environment, var.name, "rds-postgres-pass") }, local.tags, From 70b0ff2c7912d031f50534b19396483cd3d83eb2 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:02:29 +0530 Subject: [PATCH 24/42] Update main.tf --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 8a26232..197934b 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -89,7 +89,7 @@ module "vpc" { name = local.name vpc_cidr = local.vpc_cidr environment = local.environment - availability_zones = ["us-east-2a", "us-east-2b"] + availability_zones = ["us-east-1a", "us-east-1b"] public_subnet_enabled = true auto_assign_public_ip = true intra_subnet_enabled = false From 79a953ba0f6b0df231f7dcc15656725bb5c1029d Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:16:04 +0530 Subject: [PATCH 25/42] Update main.tf --- examples/complete/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 197934b..44df0a8 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -139,11 +139,11 @@ module "rds-pg" { postgresdb_backup_config = { postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases cron_for_full_backup = "*/2 * * * *" # set cronjob for backup - bucket_uri = "s3://mongodb-backups-atmosly" # s3 bucket uri + bucket_uri = "s3://postgres-backups-atmosly" # s3 bucket uri } postgresdb_restore_enabled = false postgresdb_restore_config = { - bucket_uri = "s3://mongodb-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. + bucket_uri = "s3://postgres-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore } } From 9487cddcc444f89663e80df93d4ad7e89979024e Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Wed, 27 Nov 2024 11:48:10 +0530 Subject: [PATCH 26/42] added backup restore functionality and fixed security group --- examples/complete/main.tf | 10 ++++++---- .../db-backup-restore/backup/templates/cronjob.yaml | 2 +- modules/db-backup-restore/restore/templates/job.yaml | 4 +--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 44df0a8..e45dd02 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -9,8 +9,9 @@ locals { engine_version = "15.4" instance_class = "db.t4g.micro" storage_type = "gp3" + cluster_name = "" current_identity = data.aws_caller_identity.current.arn - allowed_security_groups = ["sg-xxxxxxxxxxxxxxxx"] + allowed_security_groups = ["sg-xxxxxxxxxxxxxx"] custom_user_password = "" additional_tags = { Owner = "Organization_Name" @@ -100,13 +101,14 @@ module "vpc" { module "rds-pg" { source = "squareops/rds-postgresql/aws" + version = "2.0.0" name = local.name db_name = "test" - multi_az = "true" + multi_az = false family = local.family vpc_id = module.vpc.vpc_id allowed_security_groups = local.allowed_security_groups - subnet_ids = module.vpc.database_subnets ## db subnets + subnet_ids = module.vpc.database_subnets environment = local.environment kms_key_arn = module.kms.key_arn storage_type = local.storage_type @@ -132,7 +134,7 @@ module "rds-pg" { custom_user_password = local.custom_user_password #if you want backup and restore then you have to create your cluster with rds vpc id , private subnets, kms key. #And allow cluster security group in rds security group - cluster_name = "" + cluster_name = local.cluster_name namespace = local.namespace create_namespace = local.create_namespace postgresdb_backup_enabled = false diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml index f32d59e..01a70fc 100644 --- a/modules/db-backup-restore/backup/templates/cronjob.yaml +++ b/modules/db-backup-restore/backup/templates/cronjob.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: sa-postgres-backup containers: - name: backup-postgresdb - image: amanravi12/postgresql-backup:v5 + image: squareops01/rds-postgresql-backup:v1 imagePullPolicy: Always command: ["/backup/backup_script.sh"] env: diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml index fa2e0fd..473b3ee 100644 --- a/modules/db-backup-restore/restore/templates/job.yaml +++ b/modules/db-backup-restore/restore/templates/job.yaml @@ -9,7 +9,7 @@ spec: serviceAccountName: sa-postgres-restore containers: - name: restore-postgresdb - image: amanravi12/postgresql-restore:v6 + image: squareops01/rds-postgresql-restore:v1 imagePullPolicy: Always command: ["/restore/restore_script.sh"] env: @@ -23,8 +23,6 @@ spec: value: {{ .Values.restore.bucket_uri }} - name: DB_PORT value: "5432" - # - name: DB_NAME - # value: {{ .Values.restore.DB_NAME }} - name: RESTORE_FILE_NAME value: {{ .Values.restore.backup_file_name }} resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }} From 395620469fcd60a2aa582600a4562befb2027f37 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:57:13 +0530 Subject: [PATCH 27/42] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b8893f8..ce0993a 100644 --- a/README.md +++ b/README.md @@ -27,10 +27,12 @@ module "rds-pg" { name = "postgresql" db_name = "proddb" vpc_id = "vpc-047eb8acfb73" - multi_az = "true" + multi_az = false subnet_ids = ["subnet-b39cfc", "subnet-090b8d8"] environment = "prod" + create_namespace = true storage_type = "gp3" + cluster_name = "" replica_enable = false replica_count = 1 kms_key_arn = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b" From 609ddc8278481b58aba3c62eb2f9f41a9302ee21 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops Date: Wed, 27 Nov 2024 06:31:33 +0000 Subject: [PATCH 28/42] updated readme file --- examples/complete/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index e45dd02..0e65a24 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -139,13 +139,13 @@ module "rds-pg" { create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { - postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases - cron_for_full_backup = "*/2 * * * *" # set cronjob for backup + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://postgres-backups-atmosly" # s3 bucket uri } postgresdb_restore_enabled = false postgresdb_restore_config = { bucket_uri = "s3://postgres-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. - backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore + backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore } } From cce7d351a3c91eea183b1b1d11c87de620ee0564 Mon Sep 17 00:00:00 2001 From: divyanshujainSquareops <148210383+divyanshujainSquareops@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:37:52 +0530 Subject: [PATCH 29/42] Update main.tf --- examples/complete-psql-replica/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf index b7245f7..a0988b3 100644 --- a/examples/complete-psql-replica/main.tf +++ b/examples/complete-psql-replica/main.tf @@ -103,7 +103,7 @@ module "rds-pg" { publicly_accessible = false skip_final_snapshot = true backup_window = "03:00-06:00" - maintenance_window = "Mon:00:00-Mon:03:00 + maintenance_window = "Mon:00:00-Mon:03:00" final_snapshot_identifier_prefix = "final" major_engine_version = local.engine_version deletion_protection = true From 5a614ec476c20e6349c52964df3bcd854c5fb91a Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:07:07 +0530 Subject: [PATCH 30/42] added path module in the backup main.tf --- modules/db-backup-restore/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf index 60c0f71..ebf3fcd 100644 --- a/modules/db-backup-restore/main.tf +++ b/modules/db-backup-restore/main.tf @@ -14,7 +14,7 @@ resource "helm_release" "postgresdb_backup" { timeout = 600 namespace = var.namespace values = [ - templatefile("../../helm/values/backup/values.yaml", { + templatefile("${path.module}/../../helm/values/backup/values.yaml", { bucket_uri = var.postgresdb_backup_config.bucket_uri, postgres_database_name = var.postgresdb_backup_config.postgres_database_name, db_endpoint = var.postgresdb_backup_config.db_endpoint, @@ -37,7 +37,7 @@ resource "helm_release" "postgresdb_restore" { timeout = 600 namespace = var.namespace values = [ - templatefile("../../helm/values/restore/values.yaml", { + templatefile("${path.module}/../../helm/values/restore/values.yaml", { bucket_uri = var.postgresdb_restore_config.bucket_uri, db_endpoint = var.postgresdb_restore_config.db_endpoint, db_password = var.postgresdb_restore_config.db_password, @@ -46,4 +46,4 @@ resource "helm_release" "postgresdb_restore" { annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" }) ] -} +} From 914e03b7ba7baa91c258200cb160001eba16708a Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:07:53 +0530 Subject: [PATCH 31/42] Update outputs.tf --- outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/outputs.tf b/outputs.tf index eefb182..dd0df87 100644 --- a/outputs.tf +++ b/outputs.tf @@ -23,6 +23,11 @@ output "db_instance_username" { value = nonsensitive(module.db.db_instance_username) } +output "db_name" { + description = "The database name used in the RDS module" + value = var.db_name +} + output "db_instance_password" { description = "Password for accessing the database." value = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) From 3cb293c6038a1ab9df89e4dba26fe28f6e0aa8eb Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:08:25 +0530 Subject: [PATCH 32/42] Update output.tf --- examples/complete/output.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/examples/complete/output.tf b/examples/complete/output.tf index f7ef643..e6fd035 100644 --- a/examples/complete/output.tf +++ b/examples/complete/output.tf @@ -12,6 +12,11 @@ output "instance_name" { value = module.rds-pg.db_instance_name } +output "db_name" { + description = "Database name" + value = module.rds-pg.db_name +} + output "rds-mysql_replica_db_instance_name" { description = "The name of the database instance" value = module.rds-pg.replica_db_instance_name From 3ef167525a95bd4afea41247d3fd910f295e70f2 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:15:40 +0530 Subject: [PATCH 33/42] Update main.tf --- examples/complete/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 0e65a24..2cec762 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -10,6 +10,8 @@ locals { instance_class = "db.t4g.micro" storage_type = "gp3" cluster_name = "" + replica_count = 1 + replica_enable = false current_identity = data.aws_caller_identity.current.arn allowed_security_groups = ["sg-xxxxxxxxxxxxxx"] custom_user_password = "" From aa63d18628f2c8c372c664e20cc159637dc368b0 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Fri, 7 Feb 2025 17:02:49 +0530 Subject: [PATCH 34/42] fixed restore database --- examples/complete/main.tf | 29 ++++++++++--------- examples/complete/provider.tf | 4 +-- main.tf | 18 +++++------- .../backup/templates/cronjob.yaml | 2 +- modules/db-backup-restore/main.tf | 4 +-- .../restore/templates/job.yaml | 2 +- modules/db-backup-restore/roles.tf | 6 ++-- 7 files changed, 33 insertions(+), 32 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 2cec762..cc4c5cc 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -6,7 +6,7 @@ locals { environment = "prod" create_namespace = true namespace = "pg" - engine_version = "15.4" + engine_version = "15.7" instance_class = "db.t4g.micro" storage_type = "gp3" cluster_name = "" @@ -92,7 +92,7 @@ module "vpc" { name = local.name vpc_cidr = local.vpc_cidr environment = local.environment - availability_zones = ["us-east-1a", "us-east-1b"] + availability_zones = ["us-east-2a", "us-east-2b"] public_subnet_enabled = true auto_assign_public_ip = true intra_subnet_enabled = false @@ -104,14 +104,14 @@ module "vpc" { module "rds-pg" { source = "squareops/rds-postgresql/aws" version = "2.0.0" - name = local.name - db_name = "test" - multi_az = false - family = local.family + name = local.name + db_name = "test" + multi_az = false + family = local.family vpc_id = module.vpc.vpc_id - allowed_security_groups = local.allowed_security_groups + allowed_security_groups = local.allowed_security_groups subnet_ids = module.vpc.database_subnets - environment = local.environment + environment = local.environment kms_key_arn = module.kms.key_arn storage_type = local.storage_type engine_version = local.engine_version @@ -141,13 +141,14 @@ module "rds-pg" { create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { - postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases - cron_for_full_backup = "*/2 * * * *" # set cronjob for backup - bucket_uri = "s3://postgres-backups-atmosly" # s3 bucket uri + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + cron_for_full_backup = "*/2 * * * *" # set cronjob for backup + bucket_uri = "s3://my-backup-dumps-databases" # s3 bucket uri } - postgresdb_restore_enabled = false + postgresdb_restore_enabled = true postgresdb_restore_config = { - bucket_uri = "s3://postgres-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file. - backup_file_name = "db5_20241114111607.sql" #Give .sql or .zip file for restore + bucket_uri = "s3://my-backup-dumps-databases" #S3 bucket URI (without a trailing slash /) containing the backup dump file. + backup_file_name = "atmosly_db1.sql" #Give .sql or .zip file for restore } } + diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index af8c494..4b221da 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -5,11 +5,11 @@ provider "aws" { } } data "aws_eks_cluster" "cluster" { - name = "" + name = local.cluster_name } data "aws_eks_cluster_auth" "cluster" { - name = "" + name = local.cluster_name } provider "kubernetes" { diff --git a/main.tf b/main.tf index 9aa3795..a85d905 100644 --- a/main.tf +++ b/main.tf @@ -323,6 +323,7 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" { module "backup_restore" { depends_on = [module.db] source = "./modules/db-backup-restore" + name = var.name cluster_name = var.cluster_name namespace = var.namespace create_namespace = var.create_namespace @@ -331,20 +332,17 @@ module "backup_restore" { db_username = var.master_username db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) postgres_database_name = var.postgresdb_backup_config.postgres_database_name - # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region - cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup - bucket_uri = var.postgresdb_backup_config.bucket_uri - db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") + cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup + bucket_uri = var.postgresdb_backup_config.bucket_uri + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") } postgresdb_restore_enabled = var.postgresdb_restore_enabled postgresdb_restore_config = { - db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") - db_username = var.master_username - db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) - bucket_uri = var.postgresdb_restore_config.bucket_uri - # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region - # DB_NAME = var.postgresdb_restore_config.DB_NAME, + db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "") + db_username = var.master_username + db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result) + bucket_uri = var.postgresdb_restore_config.bucket_uri backup_file_name = var.postgresdb_restore_config.backup_file_name, } } diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml index 01a70fc..357b72e 100644 --- a/modules/db-backup-restore/backup/templates/cronjob.yaml +++ b/modules/db-backup-restore/backup/templates/cronjob.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: sa-postgres-backup containers: - name: backup-postgresdb - image: squareops01/rds-postgresql-backup:v1 + image: squareops01/rds-postgresql-backup:v2 imagePullPolicy: Always command: ["/backup/backup_script.sh"] env: diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf index ebf3fcd..472c2bc 100644 --- a/modules/db-backup-restore/main.tf +++ b/modules/db-backup-restore/main.tf @@ -22,7 +22,7 @@ resource "helm_release" "postgresdb_backup" { db_username = var.postgresdb_backup_config.db_username, # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region , cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role[count.index].arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}" }) ] } @@ -43,7 +43,7 @@ resource "helm_release" "postgresdb_restore" { db_password = var.postgresdb_restore_config.db_password, db_username = var.postgresdb_restore_config.db_username, backup_file_name = var.postgresdb_restore_config.backup_file_name, - annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" + annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role[count.index].arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}" }) ] } diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml index 473b3ee..9b3cdb6 100644 --- a/modules/db-backup-restore/restore/templates/job.yaml +++ b/modules/db-backup-restore/restore/templates/job.yaml @@ -9,7 +9,7 @@ spec: serviceAccountName: sa-postgres-restore containers: - name: restore-postgresdb - image: squareops01/rds-postgresql-restore:v1 + image: squareops01/rds-postgresql-restore:v2 imagePullPolicy: Always command: ["/restore/restore_script.sh"] env: diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf index 0abc253..8302030 100644 --- a/modules/db-backup-restore/roles.tf +++ b/modules/db-backup-restore/roles.tf @@ -13,7 +13,8 @@ data "aws_eks_cluster" "kubernetes_cluster" { } resource "aws_iam_role" "postgres_backup_role" { - name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-backup-rds") + count = var.postgresdb_backup_enabled ? 1 : 0 + name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-backup-rds") assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ @@ -56,6 +57,7 @@ resource "aws_iam_role" "postgres_backup_role" { resource "aws_iam_role" "postgres_restore_role" { + count = var.postgresdb_restore_enabled ? 1 : 0 name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore") assume_role_policy = jsonencode({ Version = "2012-10-17", @@ -95,4 +97,4 @@ resource "aws_iam_role" "postgres_restore_role" { ] }) } -} +} From a8b75b383f133188ceac83832e79c9077cd04766 Mon Sep 17 00:00:00 2001 From: amanravi-squareops Date: Fri, 7 Feb 2025 17:13:01 +0530 Subject: [PATCH 35/42] run lint command --- README.md | 1 + examples/complete/README.md | 3 +- examples/complete/main.tf | 15 ++++---- modules/db-backup-restore/README.md | 57 +++++++++++++++++++++++++++++ modules/db-backup-restore/roles.tf | 2 +- 5 files changed, 68 insertions(+), 10 deletions(-) create mode 100644 modules/db-backup-restore/README.md diff --git a/README.md b/README.md index ce0993a..9038012 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ The required IAM permissions to create resources from this module can be found [ | [db\_instance\_name](#output\_db\_instance\_name) | Name of the database instance | | [db\_instance\_password](#output\_db\_instance\_password) | Password for accessing the database. | | [db\_instance\_username](#output\_db\_instance\_username) | Master username for accessing the database. | +| [db\_name](#output\_db\_name) | The database name used in the RDS module | | [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. | | [db\_subnet\_group\_id](#output\_db\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. | | [master\_credential\_secret\_arn](#output\_master\_credential\_secret\_arn) | The ARN of the master user secret (Only available when manage\_master\_user\_password is set to true) | diff --git a/examples/complete/README.md b/examples/complete/README.md index b738988..9b26e16 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -27,7 +27,7 @@ This example will be very useful for users who are new to a module and want to q | Name | Source | Version | |------|--------|---------| | [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 | -| [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a | +| [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | 2.0.0 | | [vpc](#module\_vpc) | squareops/vpc/aws | n/a | ## Resources @@ -47,6 +47,7 @@ No inputs. | Name | Description | |------|-------------| +| [db\_name](#output\_db\_name) | Database name | | [instance\_endpoint](#output\_instance\_endpoint) | Connection endpoint of the RDS instance. | | [instance\_name](#output\_instance\_name) | Name of the database instance. | | [instance\_password](#output\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index cc4c5cc..6a5c226 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -104,14 +104,14 @@ module "vpc" { module "rds-pg" { source = "squareops/rds-postgresql/aws" version = "2.0.0" - name = local.name - db_name = "test" - multi_az = false - family = local.family + name = local.name + db_name = "test" + multi_az = false + family = local.family vpc_id = module.vpc.vpc_id - allowed_security_groups = local.allowed_security_groups + allowed_security_groups = local.allowed_security_groups subnet_ids = module.vpc.database_subnets - environment = local.environment + environment = local.environment kms_key_arn = module.kms.key_arn storage_type = local.storage_type engine_version = local.engine_version @@ -141,7 +141,7 @@ module "rds-pg" { create_namespace = local.create_namespace postgresdb_backup_enabled = false postgresdb_backup_config = { - postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases + postgres_database_name = "" # Specify the database name or Leave empty if you wish to backup all databases cron_for_full_backup = "*/2 * * * *" # set cronjob for backup bucket_uri = "s3://my-backup-dumps-databases" # s3 bucket uri } @@ -151,4 +151,3 @@ module "rds-pg" { backup_file_name = "atmosly_db1.sql" #Give .sql or .zip file for restore } } - diff --git a/modules/db-backup-restore/README.md b/modules/db-backup-restore/README.md new file mode 100644 index 0000000..8283070 --- /dev/null +++ b/modules/db-backup-restore/README.md @@ -0,0 +1,57 @@ +# db-backup-restore + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | +| [helm](#provider\_helm) | n/a | +| [kubernetes](#provider\_kubernetes) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.postgres_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.postgres_restore_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [helm_release.postgresdb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.postgresdb_restore](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_namespace.postgresdb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no | +| [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no | +| [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no | +| [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"s3"` | no | +| [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no | +| [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `false` | no | +| [iam\_role\_arn\_backup](#input\_iam\_role\_arn\_backup) | IAM role ARN for backup (AWS) | `string` | `""` | no | +| [iam\_role\_arn\_restore](#input\_iam\_role\_arn\_restore) | IAM role ARN for restore (AWS) | `string` | `""` | no | +| [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no | +| [namespace](#input\_namespace) | Name of the Kubernetes namespace where the MYSQL deployment will be deployed. | `string` | `"postgresdb"` | no | +| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | 
{
  "bucket_uri": "",
  "cron_for_full_backup": "",
  "postgres_database_name": "",
  "s3_bucket_region": ""
}
| no | +| [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no | +| [postgresdb\_permission](#input\_postgresdb\_permission) | access | `bool` | `false` | no | +| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | 
{
  "DB_NAME": "",
  "backup_file_name": "",
  "bucket_uri": "",
  "file_name": ""
}
| no | +| [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no | +| [service\_account\_backup](#input\_service\_account\_backup) | Service account for backup (GCP) | `string` | `""` | no | +| [service\_account\_restore](#input\_service\_account\_restore) | Service account for restore (GCP) | `string` | `""` | no | + +## Outputs + +No outputs. + diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf index 8302030..8a8b17a 100644 --- a/modules/db-backup-restore/roles.tf +++ b/modules/db-backup-restore/roles.tf @@ -58,7 +58,7 @@ resource "aws_iam_role" "postgres_backup_role" { resource "aws_iam_role" "postgres_restore_role" { count = var.postgresdb_restore_enabled ? 1 : 0 - name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore") + name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore") assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ From ad853a5582a88b8b6985f9beee2912fb25249a5d Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:18:40 +0530 Subject: [PATCH 36/42] added path module in the backup & restore module --- modules/db-backup-restore/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf index 472c2bc..a937d83 100644 --- a/modules/db-backup-restore/main.tf +++ b/modules/db-backup-restore/main.tf @@ -10,7 +10,7 @@ resource "helm_release" "postgresdb_backup" { count = var.postgresdb_backup_enabled ? 1 : 0 depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-backup" - chart = "../../modules/db-backup-restore/backup" + chart = "${path.module}/../../modules/db-backup-restore/backup" timeout = 600 namespace = var.namespace values = [ @@ -33,7 +33,7 @@ resource "helm_release" "postgresdb_restore" { count = var.postgresdb_restore_enabled ? 1 : 0 depends_on = [kubernetes_namespace.postgresdb] name = "postgresdb-restore" - chart = "../../modules/db-backup-restore/restore" + chart = "${path.module}/../../modules/db-backup-restore/restore" timeout = 600 namespace = var.namespace values = [ From e6777a14593e0677dcece3a1ef61741c5d505c3d Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Mon, 17 Mar 2025 14:32:52 +0530 Subject: [PATCH 37/42] changed the release version --- examples/complete/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 6a5c226..d0b3dba 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -103,7 +103,7 @@ module "vpc" { module "rds-pg" { source = "squareops/rds-postgresql/aws" - version = "2.0.0" + version = "2.0.1" name = local.name db_name = "test" multi_az = false From c12e6646b3ee4e951efa19e2760407d9d71c21a0 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 19 Mar 2025 12:37:57 +0530 Subject: [PATCH 38/42] Update variables.tf --- modules/db-backup-restore/variables.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf index 1a23f03..a5b5e83 100644 --- a/modules/db-backup-restore/variables.tf +++ b/modules/db-backup-restore/variables.tf @@ -94,10 +94,9 @@ variable "postgresdb_backup_config" { type = map(string) default = { bucket_uri = "" - s3_bucket_region = "" cron_for_full_backup = "" postgres_database_name = "" - # db_endpoint="" + } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." } @@ -106,9 +105,6 @@ variable "postgresdb_restore_config" { type = any default = { bucket_uri = "" - file_name = "" - # s3_bucket_region = "" - DB_NAME = "" backup_file_name = "" } description = "Configuration options for restoring dump to the MySQL database." From 61d27f6be46c83b0bab021eed6f9077f60b6a293 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 19 Mar 2025 12:38:29 +0530 Subject: [PATCH 39/42] Update variables.tf --- variables.tf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/variables.tf b/variables.tf index db9bf05..92ee426 100644 --- a/variables.tf +++ b/variables.tf @@ -347,10 +347,9 @@ variable "postgresdb_backup_config" { type = map(string) default = { bucket_uri = "" - # s3_bucket_region = "" cron_for_full_backup = "" postgres_database_name = "" - # db_endpoint="" + } description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." } @@ -360,7 +359,6 @@ variable "postgresdb_restore_config" { default = { bucket_uri = "" file_name = "" - # s3_bucket_region = "" } description = "Configuration options for restoring dump to the MySQL database." } From 70ef4119e1c0498789ac6f1f030500deddbfca65 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:08:47 +0530 Subject: [PATCH 40/42] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 92ee426..710bcf2 100644 --- a/variables.tf +++ b/variables.tf @@ -351,7 +351,7 @@ variable "postgresdb_backup_config" { postgres_database_name = "" } - description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." + description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket region, and the cron expression for full backups." } variable "postgresdb_restore_config" { From f0e949ab0ffbe1ae0899a4d321bebb9381230783 Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:09:19 +0530 Subject: [PATCH 41/42] Update variables.tf --- modules/db-backup-restore/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf index a5b5e83..e92b4ed 100644 --- a/modules/db-backup-restore/variables.tf +++ b/modules/db-backup-restore/variables.tf @@ -98,7 +98,7 @@ variable "postgresdb_backup_config" { postgres_database_name = "" } - description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups." + description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, and the cron expression for full backups." } variable "postgresdb_restore_config" { From 4add7f13ce4de36b0cc1d5a3b3076896126bc80b Mon Sep 17 00:00:00 2001 From: Aman <146931382+amanravi-squareops@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:09:39 +0530 Subject: [PATCH 42/42] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 710bcf2..490a105 100644 --- a/variables.tf +++ b/variables.tf @@ -351,7 +351,7 @@ variable "postgresdb_backup_config" { postgres_database_name = "" } - description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket region, and the cron expression for full backups." + description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, and the cron expression for full backups." } variable "postgresdb_restore_config" {