Skip to content

chore: update example projects #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Mar 8, 2021
Merged

chore: update example projects #298

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ca69b53
chore: update example projects
bryantbiggs Mar 1, 2021
17e0083
Merge branch 'master' of github.com:bryantbiggs/terraform-aws-rds int…
bryantbiggs Mar 3, 2021
9c08f1e
chore: fix mssql example
bryantbiggs Mar 3, 2021
f42c4c1
chore: update replica examples and validate
bryantbiggs Mar 7, 2021
835799e
Merge branch 'master' into chore/update-examples
bryantbiggs Mar 7, 2021
7fb0a2c
chore: disable NAT gateway and update version constraints
bryantbiggs Mar 8, 2021
d46a2f9
Merge branch 'chore/update-examples' of github.com:bryantbiggs/terraf…
bryantbiggs Mar 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions examples/complete-mssql/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3.18 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2.77 |

## Resources

Expand All @@ -44,9 +46,6 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |

## Inputs

Expand Down
131 changes: 80 additions & 51 deletions examples/complete-mssql/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,64 @@
provider "aws" {
region = "us-east-1"
region = local.region
}

locals {
name = "complete-mssql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}

##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
}
################################################################################
# Supporting Resources
################################################################################

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2.77"

name = local.name
cidr = "10.99.0.0/18"

azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]

data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
create_database_subnet_group = true
enable_nat_gateway = true
single_nat_gateway = true

tags = local.tags
}

data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3.18"

name = local.name
description = "Complete SqlServer example security group"
vpc_id = module.vpc.vpc_id

# ingress
ingress_with_cidr_blocks = [
{
from_port = 1433
to_port = 1433
protocol = "tcp"
description = "SqlServer access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]

tags = local.tags
}

#####################################
################################################################################
# IAM Role for Windows Authentication
#####################################
################################################################################

data "aws_iam_policy_document" "rds_assume_role" {
statement {
Expand Down Expand Up @@ -58,9 +89,9 @@ resource "aws_iam_role_policy_attachment" "rds_directory_services" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}

##########################################
################################################################################
# AWS Directory Service (Acitve Directory)
##########################################
################################################################################

resource "aws_directory_service_directory" "demo" {
name = "corp.demo.com"
Expand All @@ -69,63 +100,61 @@ resource "aws_directory_service_directory" "demo" {
type = "MicrosoftAD"

vpc_settings {
vpc_id = data.aws_vpc.default.id
vpc_id = module.vpc.vpc_id
# Only 2 subnets, must be in different AZs
subnet_ids = slice(tolist(data.aws_subnet_ids.all.ids), 0, 2)
subnet_ids = slice(tolist(module.vpc.database_subnets), 0, 2)
}

tags = local.tags
}

#####
# DB
#####
################################################################################
# RDS Module
################################################################################

module "db" {
source = "../../"

identifier = "demodb"
identifier = local.name

engine = "sqlserver-ex"
engine_version = "14.00.1000.169.v1"
instance_class = "db.t2.medium"
allocated_storage = 20
storage_encrypted = false
engine = "sqlserver-ex"
engine_version = "15.00.4073.23.v1"
family = "sqlserver-ex-15.0" # DB parameter group
major_engine_version = "15.00" # DB option group
instance_class = "db.t3.large"

name = null # "demodb"
username = "demouser"
allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false

name = null
username = "complete_mssql"
password = "YourPwdShouldBeLongAndSecure!"
port = "1433"
port = 1433

domain = aws_directory_service_directory.demo.id
domain_iam_role_name = aws_iam_role.rds_ad_auth.name

vpc_security_group_ids = [data.aws_security_group.default.id]

maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]

# disable backups to create DB faster
backup_retention_period = 0

tags = local.tags
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["error"]

# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false

# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true

options = []
create_db_parameter_group = false
license_model = "license-included"
timezone = "GMT Standard Time"

timezone = "Central Standard Time"

# Database Deletion Protection
deletion_protection = false

# DB options
major_engine_version = "14.00"

options = []
tags = local.tags
}
12 changes: 4 additions & 8 deletions examples/complete-mysql/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,23 +26,19 @@ Note that this example may create resources which cost money. Run `terraform des

## Providers

| Name | Version |
|------|---------|
| aws | >= 2.49 |
No provider.

## Modules

| Name | Source | Version |
|------|--------|---------|
| db | ../../ | |
| security_group | terraform-aws-modules/security-group/aws | ~> 3.18 |
| vpc | terraform-aws-modules/vpc/aws | ~> 2.77 |

## Resources

| Name |
|------|
| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) |
| [aws_subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet_ids) |
| [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) |
No resources.

## Inputs

Expand Down
132 changes: 80 additions & 52 deletions examples/complete-mysql/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,75 +1,101 @@
provider "aws" {
region = "eu-west-1"
region = local.region
}

##############################################################
# Data sources to get VPC, subnets and security group details
##############################################################
data "aws_vpc" "default" {
default = true
locals {
name = "complete-mysql"
region = "eu-west-1"
tags = {
Owner = "user"
Environment = "dev"
}
}

data "aws_subnet_ids" "all" {
vpc_id = data.aws_vpc.default.id
}
################################################################################
# Supporting Resources
################################################################################

data "aws_security_group" "default" {
vpc_id = data.aws_vpc.default.id
name = "default"
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 2.77"

#####
# DB
#####
module "db" {
source = "../../"
name = local.name
cidr = "10.99.0.0/18"

identifier = "demodb"
azs = ["${local.region}a", "${local.region}b", "${local.region}c"]
public_subnets = ["10.99.0.0/24", "10.99.1.0/24", "10.99.2.0/24"]
private_subnets = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
database_subnets = ["10.99.7.0/24", "10.99.8.0/24", "10.99.9.0/24"]

# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "5.7.19"
instance_class = "db.t2.large"
allocated_storage = 5
storage_encrypted = false

# kms_key_id = "arm:aws:kms:<region>:<account id>:key/<kms key id>"
name = "demodb"
username = "user"
password = "YourPwdShouldBeLongAndSecure!"
port = "3306"
create_database_subnet_group = true
enable_nat_gateway = true
single_nat_gateway = true

tags = local.tags
}

vpc_security_group_ids = [data.aws_security_group.default.id]
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 3.18"

maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
name = local.name
description = "Complete MySQL example security group"
vpc_id = module.vpc.vpc_id

multi_az = true
# ingress
ingress_with_cidr_blocks = [
{
from_port = 3306
to_port = 3306
protocol = "tcp"
description = "MySQL access from within VPC"
cidr_blocks = module.vpc.vpc_cidr_block
},
]

# disable backups to create DB faster
backup_retention_period = 0
tags = local.tags
}

tags = {
Owner = "user"
Environment = "dev"
}
################################################################################
# RDS Module
################################################################################

enabled_cloudwatch_logs_exports = ["audit", "general"]
module "db" {
source = "../../"

# DB subnet group
subnet_ids = data.aws_subnet_ids.all.ids
identifier = local.name

# DB parameter group
family = "mysql5.7"
# All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
engine = "mysql"
engine_version = "8.0.20"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t3.large"

allocated_storage = 20
max_allocated_storage = 100
storage_encrypted = false

name = "completeMysql"
username = "complete_mysql"
password = "YourPwdShouldBeLongAndSecure!"
port = 3306

multi_az = true
subnet_ids = module.vpc.database_subnets
vpc_security_group_ids = [module.security_group.this_security_group_id]

# DB option group
major_engine_version = "5.7"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]

# Snapshot name upon DB deletion
final_snapshot_identifier = "demodb"
backup_retention_period = 0
final_snapshot_identifier = local.name
deletion_protection = false

# Database Deletion Protection
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true

parameters = [
{
Expand Down Expand Up @@ -98,4 +124,6 @@ module "db" {
]
},
]

tags = local.tags
}
Loading