squareops · ns-squareops · Mar 4, 2025 · Feb 7, 2025 · Feb 7, 2025 · Feb 7, 2025
diff --git a/README.md b/README.md
@@ -196,6 +196,7 @@ The required IAM permissions to create resources from this module can be found [
 | <a name="output_db_instance_name"></a> [db\_instance\_name](#output\_db\_instance\_name) | Name of the database instance |
 | <a name="output_db_instance_password"></a> [db\_instance\_password](#output\_db\_instance\_password) | Password for accessing the database. |
 | <a name="output_db_instance_username"></a> [db\_instance\_username](#output\_db\_instance\_username) | Master username for accessing the database. |
+| <a name="output_db_name"></a> [db\_name](#output\_db\_name) | The database name used in the RDS module |
 | <a name="output_db_parameter_group_id"></a> [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | ID of the parameter group associated with the RDS instance. |
 | <a name="output_db_subnet_group_id"></a> [db\_subnet\_group\_id](#output\_db\_subnet\_group\_id) | ID of the subnet group associated with the RDS instance. |
 | <a name="output_master_credential_secret_arn"></a> [master\_credential\_secret\_arn](#output\_master\_credential\_secret\_arn) | The ARN of the master user secret (Only available when manage\_master\_user\_password is set to true) |

diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -27,7 +27,7 @@ This example will be very useful for users who are new to a module and want to q
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_kms"></a> [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 1.0 |
-| <a name="module_rds-pg"></a> [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | n/a |
+| <a name="module_rds-pg"></a> [rds-pg](#module\_rds-pg) | squareops/rds-postgresql/aws | 2.0.0 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
 
 ## Resources
@@ -47,6 +47,7 @@ No inputs.
 
 | Name | Description |
 |------|-------------|
+| <a name="output_db_name"></a> [db\_name](#output\_db\_name) | Database name |
 | <a name="output_instance_endpoint"></a> [instance\_endpoint](#output\_instance\_endpoint) | Connection endpoint of the RDS instance. |
 | <a name="output_instance_name"></a> [instance\_name](#output\_instance\_name) | Name of the database instance. |
 | <a name="output_instance_password"></a> [instance\_password](#output\_instance\_password) | Password for accessing the database (Note: Terraform does not track this password after initial creation). |

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -6,7 +6,7 @@ locals {
   environment             = "prod"
   create_namespace        = true
   namespace               = "pg"
-  engine_version          = "15.4"
+  engine_version          = "15.7"
   instance_class          = "db.t4g.micro"
   storage_type            = "gp3"
   cluster_name            = ""
@@ -92,7 +92,7 @@ module "vpc" {
   name                    = local.name
   vpc_cidr                = local.vpc_cidr
   environment             = local.environment
-  availability_zones      = ["us-east-1a", "us-east-1b"]
+  availability_zones      = ["us-east-2a", "us-east-2b"]
   public_subnet_enabled   = true
   auto_assign_public_ip   = true
   intra_subnet_enabled    = false
@@ -141,13 +141,13 @@ module "rds-pg" {
   create_namespace          = local.create_namespace
   postgresdb_backup_enabled = false
   postgresdb_backup_config = {
-    postgres_database_name = ""                              # Specify the database name or Leave empty if you wish to backup all databases
-    cron_for_full_backup   = "*/2 * * * *"                   # set cronjob for backup
-    bucket_uri             = "s3://postgres-backups-atmosly" # s3 bucket uri
+    postgres_database_name = ""                               # Specify the database name or Leave empty if you wish to backup all databases
+    cron_for_full_backup   = "*/2 * * * *"                    # set cronjob for backup
+    bucket_uri             = "s3://my-backup-dumps-databases" # s3 bucket uri
   }
-  postgresdb_restore_enabled = false
+  postgresdb_restore_enabled = true
   postgresdb_restore_config = {
-    bucket_uri       = "s3://postgres-backups-atmosly" #S3 bucket URI (without a trailing slash /) containing the backup dump file.
-    backup_file_name = "db5_20241114111607.sql"        #Give .sql or .zip file for restore
+    bucket_uri       = "s3://my-backup-dumps-databases" #S3 bucket URI (without a trailing slash /) containing the backup dump file.
+    backup_file_name = "atmosly_db1.sql"                #Give .sql or .zip file for restore
   }
 }
diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf
@@ -5,11 +5,11 @@ provider "aws" {
   }
 }
 data "aws_eks_cluster" "cluster" {
-  name = ""
+  name = local.cluster_name
 
 }
 data "aws_eks_cluster_auth" "cluster" {
-  name = ""
+  name = local.cluster_name
 }
 
 provider "kubernetes" {

diff --git a/main.tf b/main.tf
@@ -323,6 +323,7 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" {
 module "backup_restore" {
   depends_on                = [module.db]
   source                    = "./modules/db-backup-restore"
+  name                      = var.name
   cluster_name              = var.cluster_name
   namespace                 = var.namespace
   create_namespace          = var.create_namespace
@@ -331,20 +332,17 @@ module "backup_restore" {
     db_username            = var.master_username
     db_password            = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
     postgres_database_name = var.postgresdb_backup_config.postgres_database_name
-    # s3_bucket_region     = var.postgresdb_backup_config.s3_bucket_region
-    cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup
-    bucket_uri           = var.postgresdb_backup_config.bucket_uri
-    db_endpoint          = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
+    cron_for_full_backup   = var.postgresdb_backup_config.cron_for_full_backup
+    bucket_uri             = var.postgresdb_backup_config.bucket_uri
+    db_endpoint            = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
   }
 
   postgresdb_restore_enabled = var.postgresdb_restore_enabled
   postgresdb_restore_config = {
-    db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
-    db_username = var.master_username
-    db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
-    bucket_uri  = var.postgresdb_restore_config.bucket_uri
-    # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region
-    # DB_NAME          = var.postgresdb_restore_config.DB_NAME,
+    db_endpoint      = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
+    db_username      = var.master_username
+    db_password      = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
+    bucket_uri       = var.postgresdb_restore_config.bucket_uri
     backup_file_name = var.postgresdb_restore_config.backup_file_name,
   }
 }
diff --git a/modules/db-backup-restore/README.md b/modules/db-backup-restore/README.md
@@ -0,0 +1,57 @@
+# db-backup-restore
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.postgres_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.postgres_restore_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [helm_release.postgresdb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.postgresdb_restore](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [kubernetes_namespace.postgresdb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_azure_container_name"></a> [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no |
+| <a name="input_azure_storage_account_key"></a> [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no |
+| <a name="input_azure_storage_account_name"></a> [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
+| <a name="input_bucket_provider_type"></a> [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"s3"` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the MySQL application on. | `string` | `""` | no |
+| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `false` | no |
+| <a name="input_iam_role_arn_backup"></a> [iam\_role\_arn\_backup](#input\_iam\_role\_arn\_backup) | IAM role ARN for backup (AWS) | `string` | `""` | no |
+| <a name="input_iam_role_arn_restore"></a> [iam\_role\_arn\_restore](#input\_iam\_role\_arn\_restore) | IAM role ARN for restore (AWS) | `string` | `""` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Name of the Kubernetes namespace where the MYSQL deployment will be deployed. | `string` | `"postgresdb"` | no |
+| <a name="input_postgresdb_backup_config"></a> [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | <pre>{<br/>  "bucket_uri": "",<br/>  "cron_for_full_backup": "",<br/>  "postgres_database_name": "",<br/>  "s3_bucket_region": ""<br/>}</pre> | no |
+| <a name="input_postgresdb_backup_enabled"></a> [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no |
+| <a name="input_postgresdb_permission"></a> [postgresdb\_permission](#input\_postgresdb\_permission) | access | `bool` | `false` | no |
+| <a name="input_postgresdb_restore_config"></a> [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | <pre>{<br/>  "DB_NAME": "",<br/>  "backup_file_name": "",<br/>  "bucket_uri": "",<br/>  "file_name": ""<br/>}</pre> | no |
+| <a name="input_postgresdb_restore_enabled"></a> [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no |
+| <a name="input_service_account_backup"></a> [service\_account\_backup](#input\_service\_account\_backup) | Service account for backup (GCP) | `string` | `""` | no |
+| <a name="input_service_account_restore"></a> [service\_account\_restore](#input\_service\_account\_restore) | Service account for restore (GCP) | `string` | `""` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml
@@ -18,7 +18,7 @@ spec:
           serviceAccountName: sa-postgres-backup
           containers:
           - name: backup-postgresdb
-            image: squareops01/rds-postgresql-backup:v1
+            image: squareops01/rds-postgresql-backup:v2
             imagePullPolicy: Always
             command: ["/backup/backup_script.sh"]
             env:

diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf
@@ -22,7 +22,7 @@ resource "helm_release" "postgresdb_backup" {
       db_username            = var.postgresdb_backup_config.db_username,
       # s3_bucket_region           = var.postgresdb_backup_config.s3_bucket_region ,
       cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup,
-      annotations          = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
+      annotations          = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role[count.index].arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
     })
   ]
 }
@@ -43,7 +43,7 @@ resource "helm_release" "postgresdb_restore" {
       db_password      = var.postgresdb_restore_config.db_password,
       db_username      = var.postgresdb_restore_config.db_username,
       backup_file_name = var.postgresdb_restore_config.backup_file_name,
-      annotations      = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
+      annotations      = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role[count.index].arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
     })
   ]
 }
diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml
@@ -9,7 +9,7 @@ spec:
       serviceAccountName: sa-postgres-restore
       containers:
         - name: restore-postgresdb
-          image: squareops01/rds-postgresql-restore:v1
+          image: squareops01/rds-postgresql-restore:v2
           imagePullPolicy: Always
           command: ["/restore/restore_script.sh"]
           env:

diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf
@@ -13,7 +13,8 @@ data "aws_eks_cluster" "kubernetes_cluster" {
 }
 
 resource "aws_iam_role" "postgres_backup_role" {
-  name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-backup-rds")
+  count = var.postgresdb_backup_enabled ? 1 : 0
+  name  = format("%s-%s-%s", var.cluster_name, var.name, "postgres-backup-rds")
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -56,7 +57,8 @@ resource "aws_iam_role" "postgres_backup_role" {
 
 
 resource "aws_iam_role" "postgres_restore_role" {
-  name = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore")
+  count = var.postgresdb_restore_enabled ? 1 : 0
+  name  = format("%s-%s-%s", var.cluster_name, var.name, "postgres-restore")
   assume_role_policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -95,4 +97,4 @@ resource "aws_iam_role" "postgres_restore_role" {
       ]
     })
   }
-}
+}