terraform { required_version = ">= 0.13" required_providers { aws = { source = "hashicorp/aws" version = ">= 3.49.0" } } } provider "aws" { region = var.region access_key = var.aws_provider_access_key secret_key = var.aws_provider_access_secret alias = "myaws" } locals { provid5 = substr(var.provision_id, 0, 5) aurora = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false vpc_id = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap subnet_ids = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap port = (var.engine == "oracle-se2") ? "1521" : (var.engine == "postgres") ? "5432" : (var.engine == "aurora-postgresql") ? "5432" : (var.engine == "sqlserver-ex") ? "1433" : "3306" name = (var.engine == "sqlserver-ex") ? null : (var.engine == "oracle-se2") ? "ora${local.provid5}" : "qmi${var.provision_id}" license = (local.aurora == true) ? "general-public-license" : (var.engine == "mariadb") ? "general-public-license" : (var.engine == "postgres") ? "postgresql-license" : (var.engine == "mysql") ? "general-public-license" : "license-included" engine_version = (var.engine == "oracle-se2") ? "19.0.0.0.ru-2021-04.rur-2021-04.r1" : (var.engine == "postgres") ? "13.3" : (var.engine == "mysql") ? "8.0.25" : (var.engine == "aurora-postgresql") ? "12.6" : (var.engine == "aurora-mysql") ? "5.7.mysql_aurora.2.10.0" : (var.engine == "sqlserver-ex") ? "15.00.4073.23.v1" : "10.5" #mariaDB major_engine_version = (var.engine == "oracle-se2") ? "19" : (var.engine == "postgres") ? "13" : (var.engine == "mysql") ? "8.0" : (var.engine == "aurora-postgresql") ? "12" : (var.engine == "aurora-mysql") ? "5.7" : (var.engine == "sqlserver-ex") ? "15.00" : "10.5" #mariaDB family = (var.engine == "oracle-se2") ? "oracle-se2-19" : (var.engine == "postgres") ? "postgres13" : (var.engine == "mysql") ? "mysql8.0" : (var.engine == "aurora-postgresql") ? "aurora-postgresql12" : (var.engine == "aurora-mysql") ? "aurora-mysql5.7" : (var.engine == "sqlserver-ex") ? "sqlserver-ex-15.0" : "mariadb10.5" #mariaDB tags = { QMI_user = var.user_id ProvID = var.provision_id } } module "security_group" { # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now. source = "terraform-aws-modules/security-group/aws" version = "~> 4.3" providers = { aws = aws.myaws } name = "${var.provision_id}-SG" description = "${var.provision_id}-SG" vpc_id = local.vpc_id # ingress ingress_cidr_blocks = [ "52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32", "18.138.163.172/32", "18.142.157.182/32", "54.179.13.251/32" ] ingress_with_cidr_blocks = [ { from_port = local.port to_port = local.port protocol = "tcp" description = "RDS" }, ] # egress egress_cidr_blocks = [ "52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32", "18.138.163.172/32", "18.142.157.182/32", "54.179.13.251/32" ] egress_with_cidr_blocks = [ { from_port = local.port to_port = local.port protocol = "tcp" description = "RDS" }, ] tags = local.tags } module "common_rds_instance" { source = "terraform-aws-modules/rds/aws" version = "~> 3.3" count = local.aurora ? 0 : 1 providers = { aws = aws.myaws } identifier = "${var.engine}${var.provision_id}" engine = var.engine engine_version = local.engine_version family = local.family # DB parameter group major_engine_version = local.major_engine_version # DB option group instance_class = var.instance_size allocated_storage = var.storage license_model = local.license name = local.name username = "qmirdsuser" create_random_password = true random_password_length = 12 port = local.port multi_az = false subnet_ids = local.subnet_ids vpc_security_group_ids = [module.security_group.security_group_id] publicly_accessible = true maintenance_window = "Mon:00:00-Mon:03:00" backup_window = "03:00-06:00" backup_retention_period = 0 skip_final_snapshot = true deletion_protection = false tags = local.tags } module "aurora_rds_instance" { source = "terraform-aws-modules/rds-aurora/aws" version = "~> 5.2" count = local.aurora ? 1 : 0 providers = { aws = aws.myaws } name = local.name engine = var.engine engine_version = local.engine_version instance_type = var.instance_size vpc_id = local.vpc_id subnets = local.subnet_ids create_security_group = false vpc_security_group_ids = [module.security_group.security_group_id] port = local.port publicly_accessible = true username = "qmirdsuser" create_random_password = true backup_retention_period = 0 skip_final_snapshot = true deletion_protection = false tags = local.tags }