From 59e034799953437afcc80d82cb95186d5d99d7d6 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 28 Jul 2023 11:18:55 -0500 Subject: [PATCH 1/3] chore: Add support for out of band Performance Insight's being added --- main.tf | 1 + modules/database/main.tf | 2 +- variables.tf | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index d0bad966..350c95df 100644 --- a/main.tf +++ b/main.tf @@ -75,6 +75,7 @@ module "database" { namespace = var.namespace kms_key_arn = local.kms_key_arn + performance_insights_kms_key_arn = var.database_performance_insights_kms_key_arn_kms_key_arn database_name = var.database_name master_username = var.database_master_username diff --git a/modules/database/main.tf b/modules/database/main.tf index dbff10db..bdb97f2c 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -130,7 +130,7 @@ module "aurora" { // incurs a per-vcpu cost. so we can keep them for 7 days and they're free //////////////////////////////////////////////////////////////////////////////////////// performance_insights_enabled = true - performance_insights_kms_key_id = var.kms_key_arn + performance_insights_kms_key_id = var.performance_insights_kms_key_arn == "" ? var.kms_key_arn : var.database_performance_insights_kms_key_arn performance_insights_retention_period = 7 preferred_backup_window = var.preferred_backup_window preferred_maintenance_window = var.preferred_maintenance_window diff --git a/variables.tf b/variables.tf index f4610380..55eead20 100644 --- a/variables.tf +++ b/variables.tf @@ -68,6 +68,11 @@ variable "database_innodb_lru_scan_depth" { default = 128 } +variable "database_performance_insights_kms_key_arn" { + description = "Specifies an existing KMS key ARN to encrypt the performance insights data if performance_insights_enabled is was enabled out of band" + type = string +} + ########################################## # DNS # ########################################## From 9f630240359adf8937064556f4b103f25a3146b4 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 28 Jul 2023 11:20:03 -0500 Subject: [PATCH 2/3] docs: Update Readme --- main.tf | 4 +-- modules/app_eks/iam-roles.tf | 2 +- modules/database/main.tf | 54 ++++++++++++++++++------------------ 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/main.tf b/main.tf index 350c95df..9e8c634c 100644 --- a/main.tf +++ b/main.tf @@ -73,8 +73,8 @@ locals { module "database" { source = "./modules/database" - namespace = var.namespace - kms_key_arn = local.kms_key_arn + namespace = var.namespace + kms_key_arn = local.kms_key_arn performance_insights_kms_key_arn = var.database_performance_insights_kms_key_arn_kms_key_arn database_name = var.database_name diff --git a/modules/app_eks/iam-roles.tf b/modules/app_eks/iam-roles.tf index 1083e1c7..a060e093 100644 --- a/modules/app_eks/iam-roles.tf +++ b/modules/app_eks/iam-roles.tf @@ -1,7 +1,7 @@ resource "aws_iam_role" "node" { name = "${var.namespace}-node" assume_role_policy = data.aws_iam_policy_document.node_assume.json - + // todo: refactor --> v1.16.3 inline_policy {} } diff --git a/modules/database/main.tf b/modules/database/main.tf index bdb97f2c..2f29fd46 100644 --- a/modules/database/main.tf +++ b/modules/database/main.tf @@ -98,32 +98,32 @@ module "aurora" { source = "terraform-aws-modules/rds-aurora/aws" version = "6.2.0" - allow_major_version_upgrade = true - allowed_cidr_blocks = var.allowed_cidr_blocks - apply_immediately = true - autoscaling_enabled = false - backup_retention_period = var.backup_retention_period - create_db_subnet_group = var.create_db_subnet_group - create_random_password = false - create_security_group = true - database_name = var.database_name - db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.default.id - db_parameter_group_name = aws_db_parameter_group.default.id - db_subnet_group_name = var.db_subnet_group_name - deletion_protection = var.deletion_protection - enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"] - engine = "aurora-mysql" - engine_version = var.engine_version - iam_database_authentication_enabled = false - iam_role_force_detach_policies = true - iam_role_name = "${var.namespace}-aurora-monitoring" - instance_class = var.instance_class - instances = { 1 = {} } - kms_key_id = var.kms_key_arn - master_password = local.master_password - master_username = var.master_username - monitoring_interval = 15 - name = var.namespace + allow_major_version_upgrade = true + allowed_cidr_blocks = var.allowed_cidr_blocks + apply_immediately = true + autoscaling_enabled = false + backup_retention_period = var.backup_retention_period + create_db_subnet_group = var.create_db_subnet_group + create_random_password = false + create_security_group = true + database_name = var.database_name + db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.default.id + db_parameter_group_name = aws_db_parameter_group.default.id + db_subnet_group_name = var.db_subnet_group_name + deletion_protection = var.deletion_protection + enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"] + engine = "aurora-mysql" + engine_version = var.engine_version + iam_database_authentication_enabled = false + iam_role_force_detach_policies = true + iam_role_name = "${var.namespace}-aurora-monitoring" + instance_class = var.instance_class + instances = { 1 = {} } + kms_key_id = var.kms_key_arn + master_password = local.master_password + master_username = var.master_username + monitoring_interval = 15 + name = var.namespace //////////////////////////////////////////////////////////////////////////////////////// // !!! note on performance insights !!! // AWS offers 7 days of performance insights free. keeping them after this period @@ -141,5 +141,5 @@ module "aurora" { subnets = var.subnets vpc_id = var.vpc_id - + } From 1d7ce8fc43533224890c0b83081e284d1c19a351 Mon Sep 17 00:00:00 2001 From: Zachary Blasczyk Date: Fri, 28 Jul 2023 11:26:06 -0500 Subject: [PATCH 3/3] docs: Update Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d926e324..fd632617 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ You will not be able to upgrade directly from `1.21` to `1.24`. | [database\_instance\_class](#input\_database\_instance\_class) | Instance type to use by database master instance. | `string` | `"db.r5.large"` | no | | [database\_master\_username](#input\_database\_master\_username) | Specifies the master\_username value to set for the database | `string` | `"wandb"` | no | | [database\_name](#input\_database\_name) | Specifies the name of the database | `string` | `"wandb_local"` | no | +| [database\_performance\_insights\_kms\_key\_arn](#input\_database\_performance\_insights\_kms\_key\_arn) | Specifies an existing KMS key ARN to encrypt the performance insights data if performance\_insights\_enabled is was enabled out of band | `string` | n/a | yes | | [database\_snapshot\_identifier](#input\_database\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | `string` | `null` | no | | [database\_sort\_buffer\_size](#input\_database\_sort\_buffer\_size) | Specifies the sort\_buffer\_size value to set for the database | `number` | `67108864` | no | | [deletion\_protection](#input\_deletion\_protection) | If the instance should have deletion protection enabled. The database / S3 can't be deleted when this value is set to `true`. | `bool` | `true` | no |