From 952a1297eb49e3d7911c50aad8b9b6280e86e871 Mon Sep 17 00:00:00 2001 From: "Michael B. Klein" Date: Thu, 30 Jan 2025 16:15:08 +0000 Subject: [PATCH] Switch from owned postgres RDS instance to infrastructure Aurora Serverless DB --- infrastructure/deploy/.terraform.lock.hcl | 22 ++++++++++ infrastructure/deploy/db.tf | 32 ++++++++++++++ infrastructure/deploy/main.tf | 52 ++++------------------- infrastructure/deploy/secrets.tf | 10 ++--- 4 files changed, 68 insertions(+), 48 deletions(-) create mode 100644 infrastructure/deploy/db.tf diff --git a/infrastructure/deploy/.terraform.lock.hcl b/infrastructure/deploy/.terraform.lock.hcl index 37ade4bd9..e65ecf348 100644 --- a/infrastructure/deploy/.terraform.lock.hcl +++ b/infrastructure/deploy/.terraform.lock.hcl @@ -1,6 +1,28 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/cyrilgdn/postgresql" { + version = "1.25.0" + constraints = "~> 1.25" + hashes = [ + "h1:4Hlupc8gYrPnFKisesXs9lypK6LXslU4L4tjBZOhmiE=", + "zh:0f9db6e1274603d642e96b58eaf6cc4223f7118f2d7ce909dc4812d332cc002a", + "zh:1819470f0304c6a60b2b51817cb43f6ff59a49e08cc9e50644b86b3a76c91601", + "zh:27bfb544983cac101a7c7c2e4cb9939a712dffcdd7ddcab83c2f8afc334e33c5", + "zh:46166f6f05771b0495df18459fdf3a63fae8b38e95a1b2754f03d006e17ea33d", + "zh:64d53afc52f26e8214990acc3e07f3b47bef628aa6b317595a8faec05b252209", + "zh:944d7ded418c022dd3ee513246677d601376fa38d76c9c4aecff2c2eefcaa35b", + "zh:9819551b61542a6d322d6a323bbb552ce02e769ce2222fd9bb1935473c7c4b3c", + "zh:c38bd73e208fe216efab48d099c85b8ad1e51ff102b3892443febc9778e7236e", + "zh:c73de133274dcc7a03e95f598550facc59315538f355e57e14b36e222b298826", + "zh:c7af02f5338bfe7f1976e01d3fcf82e05b3551893e732539a84c568d25571a84", + "zh:d1aa3d7432c7de883873f8f70e9a6207c7b536d874486d37aee0ca8c8853a890", + "zh:e17e9809fc7cc2d6f89078b8bfe6308930117b2270be8081820da40029b04828", + "zh:e1b21b7b7022e0d468d72f4534d226d57a7bfd8c96a4c7dc2c2fa0bb0b99298d", + "zh:f24b73645d8bc225f692bdf9c035411099ef57138569f45f3605ec79ac872e3b", + ] +} + provider "registry.terraform.io/hashicorp/archive" { version = "2.4.0" hashes = [ diff --git a/infrastructure/deploy/db.tf b/infrastructure/deploy/db.tf new file mode 100644 index 000000000..c263569d5 --- /dev/null +++ b/infrastructure/deploy/db.tf @@ -0,0 +1,32 @@ +resource "random_string" "db_password" { + length = "16" + special = "false" +} + +provider "postgresql" { + host = module.data_services.outputs.aurora.endpoint + port = module.data_services.outputs.aurora.port + username = module.data_services.outputs.aurora.admin_user + password = module.data_services.outputs.aurora.admin_password + sslmode = "require" + connect_timeout = 15 + superuser = false +} + +resource "postgresql_role" "meadow" { + name = "meadow" + password = random_string.db_password.result + login = true +} + +resource "postgresql_database" "meadow" { + name = "meadow" + owner = postgresql_role.meadow.name + encoding = "UTF8" + lc_collate = "en_US.UTF-8" + template = "template0" +} + +resource "postgresql_extension" "uuid" { + name = "uuid-ossp" +} \ No newline at end of file diff --git a/infrastructure/deploy/main.tf b/infrastructure/deploy/main.tf index 66d3b724a..d01d56c0a 100644 --- a/infrastructure/deploy/main.tf +++ b/infrastructure/deploy/main.tf @@ -7,6 +7,11 @@ terraform { source = "hashicorp/aws" version = "~> 4.8" } + + postgresql = { + source = "cyrilgdn/postgresql" + version = "~> 1.25" + } } } @@ -33,46 +38,12 @@ module "core" { component = "core" } -module "rds" { - source = "terraform-aws-modules/rds/aws" - version = "4.1.2" - allocated_storage = var.db_size - backup_window = "04:00-05:00" - engine = "postgres" - engine_version = "11.22" - final_snapshot_identifier_prefix = "meadow-final" - identifier = "${var.stack_name}-db" - instance_class = "db.t3.medium" - maintenance_window = "Sun:01:00-Sun:02:00" - password = random_string.db_password.result - port = "5432" - username = "postgres" - subnet_ids = data.aws_subnets.private_subnets.ids - family = "postgres11" - vpc_security_group_ids = [aws_security_group.meadow_db.id] - deletion_protection = true - storage_encrypted = false - create_db_subnet_group = true - - performance_insights_enabled = true - performance_insights_retention_period = 7 - - parameters = [ - { - name = "client_encoding", - value = "UTF8", - apply_method = "pending-reboot" - }, - { - name = "max_locks_per_transaction", - value = 1024, - apply_method = "pending-reboot" - } - ] - - tags = var.tags +module "data_services" { + source = "git::https://github.com/nulib/infrastructure.git//modules/remote_state" + component = "data_services" } + locals { cors_urls = flatten([ for hostname in concat([aws_route53_record.app_hostname.fqdn], var.additional_hostnames) : [ @@ -82,11 +53,6 @@ locals { ]) } -resource "random_string" "db_password" { - length = "16" - special = "false" -} - resource "aws_s3_bucket" "meadow_ingest" { bucket = "${var.stack_name}-${var.environment}-ingest" tags = var.tags diff --git a/infrastructure/deploy/secrets.tf b/infrastructure/deploy/secrets.tf index 893585d06..dc92c888b 100644 --- a/infrastructure/deploy/secrets.tf +++ b/infrastructure/deploy/secrets.tf @@ -13,11 +13,11 @@ locals { } db = { - host = module.rds.db_instance_address - port = module.rds.db_instance_port - user = module.rds.db_instance_username - password = module.rds.db_instance_password - database = module.rds.db_instance_username + host = module.data_services.outputs.aurora.endpoint + port = module.data_services.outputs.aurora.port + user = postgresql_role.meadow.name + password = postgresql_role.meadow.password + database = postgresql_database.meadow.name } dc = {