Merge pull request #4366 from nulib:3844-aurora-serverless

Switch from owned postgres RDS instance to infrastructure Aurora Serverless DB

infrastructure/deploy/db.tf

@@ -0,0 +1,32 @@
+resource "random_string" "db_password" {
+  length  = "16"
+  special = "false"
+}
+
+provider "postgresql" {
+  host            = module.data_services.outputs.aurora.endpoint
+  port            = module.data_services.outputs.aurora.port
+  username        = module.data_services.outputs.aurora.admin_user
+  password        = module.data_services.outputs.aurora.admin_password
+  sslmode         = "require"
+  connect_timeout = 15
+  superuser       = false
+}
+
+resource "postgresql_role" "meadow" {
+  name        = "meadow"
+  password    = random_string.db_password.result
+  login       = true
+}
+
+resource "postgresql_database" "meadow" {
+  name        = "meadow"
+  owner       = postgresql_role.meadow.name
+  encoding    = "UTF8"
+  lc_collate  = "en_US.UTF-8"
+  template    = "template0"
+}
+
+resource "postgresql_extension" "uuid" {
+  name = "uuid-ossp"
+}

infrastructure/deploy/main.tf

@@ -7,6 +7,11 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 4.8"
     }
+
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = "~> 1.25"
+    }
   }
 }
 
@@ -33,46 +38,12 @@ module "core" {
   component = "core"
 }
 
-module "rds" {
-  source                           = "terraform-aws-modules/rds/aws"
-  version                          = "4.1.2"
-  allocated_storage                = var.db_size
-  backup_window                    = "04:00-05:00"
-  engine                           = "postgres"
-  engine_version                   = "11.22"
-  final_snapshot_identifier_prefix = "meadow-final"
-  identifier                       = "${var.stack_name}-db"
-  instance_class                   = "db.t3.medium"
-  maintenance_window               = "Sun:01:00-Sun:02:00"
-  password                         = random_string.db_password.result
-  port                             = "5432"
-  username                         = "postgres"
-  subnet_ids                       = data.aws_subnets.private_subnets.ids
-  family                           = "postgres11"
-  vpc_security_group_ids           = [aws_security_group.meadow_db.id]
-  deletion_protection              = true
-  storage_encrypted                = false
-  create_db_subnet_group           = true
-
-  performance_insights_enabled            = true
-  performance_insights_retention_period   = 7
-
-  parameters = [
-    {
-      name         = "client_encoding",
-      value        = "UTF8",
-      apply_method = "pending-reboot"
-    },
-    {
-      name         = "max_locks_per_transaction",
-      value        = 1024,
-      apply_method = "pending-reboot"
-    }
-  ]
-
-  tags = var.tags
+module "data_services" {
+  source    = "git::https://github.com/nulib/infrastructure.git//modules/remote_state"
+  component = "data_services"
 }
 
+
 locals {
   cors_urls = flatten([
     for hostname in concat([aws_route53_record.app_hostname.fqdn], var.additional_hostnames) : [
@@ -82,11 +53,6 @@ locals {
   ])
 }
 
-resource "random_string" "db_password" {
-  length  = "16"
-  special = "false"
-}
-
 resource "aws_s3_bucket" "meadow_ingest" {
   bucket = "${var.stack_name}-${var.environment}-ingest"
   tags   = var.tags

infrastructure/deploy/secrets.tf

@@ -13,11 +13,11 @@ locals {
     }
 
     db = {
-      host     = module.rds.db_instance_address
-      port     = module.rds.db_instance_port
-      user     = module.rds.db_instance_username
-      password = module.rds.db_instance_password
-      database = module.rds.db_instance_username
+      host     = module.data_services.outputs.aurora.endpoint
+      port     = module.data_services.outputs.aurora.port
+      user     = postgresql_role.meadow.name
+      password = postgresql_role.meadow.password
+      database = postgresql_database.meadow.name
     }
 
     dc = {