11resource "aws_rds_cluster" "db-cluster" {
2- cluster_identifier = " ${ var . environment } -ehr-db-cluster"
3- engine = " aurora-postgresql"
4- database_name = " ehrdb"
5- master_username = data. aws_ssm_parameter . db-username . value
6- master_password = data. aws_ssm_parameter . db-password . value
7- backup_retention_period = 7
8- preferred_backup_window = " 07:00-09 :00"
2+ cluster_identifier = " ${ var . environment } -ehr-db-cluster"
3+ engine = " aurora-postgresql"
4+ database_name = " ehrdb"
5+ master_username = data. aws_ssm_parameter . db-username . value
6+ master_password = data. aws_ssm_parameter . db-password . value
7+ backup_retention_period = 35
8+ preferred_backup_window = " 06:30-08 :00"
99 allow_major_version_upgrade = true
10- engine_version = " 13.8"
11- vpc_security_group_ids = [
10+ engine_version = " 13.8"
11+ vpc_security_group_ids = [
1212 aws_security_group . ehr_repo_to_db_sg . id ,
1313 aws_security_group . gocd_to_db_sg . id ,
1414 aws_security_group . vpn_to_db_sg . id
1515 ]
16- apply_immediately = true
17- db_subnet_group_name = aws_db_subnet_group. db-cluster-subnet-group . name
18- skip_final_snapshot = true
19- storage_encrypted = true
20- kms_key_id = aws_kms_key. ehr-repo-key . arn
21- iam_database_authentication_enabled = true
22- deletion_protection = var. enable_rds_cluster_deletion_protection
23- db_cluster_parameter_group_name = data. aws_ssm_parameter . repo_databases_parameter_group_name . value
16+ apply_immediately = true
17+ db_subnet_group_name = aws_db_subnet_group. db-cluster-subnet-group . name
18+ skip_final_snapshot = true
19+ storage_encrypted = true
20+ kms_key_id = aws_kms_key. ehr-repo-key . arn
21+ iam_database_authentication_enabled = true
22+ deletion_protection = var. enable_rds_cluster_deletion_protection
23+ db_cluster_parameter_group_name = data. aws_ssm_parameter . repo_databases_parameter_group_name . value
2424
2525 tags = {
2626 CreatedBy = var.repo_name
@@ -29,10 +29,10 @@ resource "aws_rds_cluster" "db-cluster" {
2929}
3030
3131resource "aws_kms_key" "ehr-repo-key" {
32- description = " EHR repository KMS key in ${ var . environment } environment"
32+ description = " EHR repository KMS key in ${ var . environment } environment"
3333 enable_key_rotation = true
3434 tags = {
35- Name = " ${ var . environment } -ehr-repo-db"
35+ Name = " ${ var . environment } -ehr-repo-db"
3636 CreatedBy = var.repo_name
3737 Environment = var.environment
3838 }
@@ -44,8 +44,8 @@ resource "aws_kms_alias" "ehr_repo_encryption" {
4444}
4545
4646resource "aws_ssm_parameter" "db_host" {
47- name = " /repo/${ var . environment } /output/${ var . repo_name } /db-host"
48- type = " String"
47+ name = " /repo/${ var . environment } /output/${ var . repo_name } /db-host"
48+ type = " String"
4949 value = aws_rds_cluster. db-cluster . endpoint
5050 tags = {
5151 CreatedBy = var.repo_name
@@ -54,7 +54,7 @@ resource "aws_ssm_parameter" "db_host" {
5454}
5555
5656resource "aws_ssm_parameter" "db_resource_cluster_id" {
57- name = " /repo/${ var . environment } /output/${ var . repo_name } /db-resource-cluster-id"
57+ name = " /repo/${ var . environment } /output/${ var . repo_name } /db-resource-cluster-id"
5858 type = " String"
5959 value = aws_rds_cluster. db-cluster . cluster_resource_id
6060
@@ -65,7 +65,7 @@ resource "aws_ssm_parameter" "db_resource_cluster_id" {
6565}
6666
6767resource "aws_ssm_parameter" "db_name" {
68- name = " /repo/${ var . environment } /output/${ var . repo_name } /db-name"
68+ name = " /repo/${ var . environment } /output/${ var . repo_name } /db-name"
6969 type = " String"
7070 value = aws_rds_cluster. db-cluster . database_name
7171}
@@ -79,19 +79,19 @@ resource "aws_db_subnet_group" "db-cluster-subnet-group" {
7979 subnet_ids = split (" ," , data. aws_ssm_parameter . database_subnets . value )
8080
8181 tags = {
82- Name = " ${ var . environment } -ehr-db-subnet-group"
82+ Name = " ${ var . environment } -ehr-db-subnet-group"
8383 CreatedBy = var.repo_name
8484 Environment = var.environment
8585 }
8686}
8787
8888resource "aws_rds_cluster_instance" "ehr-db-instances" {
89- count = var. db_instance_number
90- identifier = " ${ var . environment } -ehr-db-instance-${ count . index } "
91- cluster_identifier = aws_rds_cluster. db-cluster . id
92- instance_class = " db.t3.medium"
93- engine = " aurora-postgresql"
94- db_subnet_group_name = aws_db_subnet_group. db-cluster-subnet-group . name
89+ count = var. db_instance_number
90+ identifier = " ${ var . environment } -ehr-db-instance-${ count . index } "
91+ cluster_identifier = aws_rds_cluster. db-cluster . id
92+ instance_class = " db.t3.medium"
93+ engine = " aurora-postgresql"
94+ db_subnet_group_name = aws_db_subnet_group. db-cluster-subnet-group . name
9595
9696 tags = {
9797 CreatedBy = var.repo_name
@@ -100,8 +100,8 @@ resource "aws_rds_cluster_instance" "ehr-db-instances" {
100100}
101101
102102resource "aws_security_group" "ehr_repo_to_db_sg" {
103- name = " ${ var . environment } -ehr-repo-ecs-to-ehr-repo-db-sg"
104- vpc_id = data. aws_ssm_parameter . deductions_core_vpc_id . value
103+ name = " ${ var . environment } -ehr-repo-ecs-to-ehr-repo-db-sg"
104+ vpc_id = data. aws_ssm_parameter . deductions_core_vpc_id . value
105105
106106 ingress {
107107 description = " Allow traffic from ehr-repo to the db"
@@ -112,14 +112,14 @@ resource "aws_security_group" "ehr_repo_to_db_sg" {
112112 }
113113
114114 tags = {
115- Name = " ${ var . environment } -ehr-repo-ecs-to-ehr-repo-db-sg"
115+ Name = " ${ var . environment } -ehr-repo-ecs-to-ehr-repo-db-sg"
116116 CreatedBy = var.repo_name
117117 Environment = var.environment
118118 }
119119}
120120
121121resource "aws_security_group" "gocd_to_db_sg" {
122- name = " ${ var . environment } -gocd-to-ehr-repo-db-sg"
122+ name = " ${ var . environment } -gocd-to-ehr-repo-db-sg"
123123 vpc_id = data. aws_ssm_parameter . deductions_core_vpc_id . value
124124
125125 ingress {
@@ -131,32 +131,32 @@ resource "aws_security_group" "gocd_to_db_sg" {
131131 }
132132
133133 tags = {
134- Name = " ${ var . environment } -gocd-to-ehr-repo-db-sg"
134+ Name = " ${ var . environment } -gocd-to-ehr-repo-db-sg"
135135 CreatedBy = var.repo_name
136136 Environment = var.environment
137137 }
138138}
139139
140140resource "aws_security_group" "vpn_to_db_sg" {
141- name = " ${ var . environment } -vpn-to-ehr-repo-db-sg"
141+ name = " ${ var . environment } -vpn-to-ehr-repo-db-sg"
142142 vpc_id = data. aws_ssm_parameter . deductions_core_vpc_id . value
143143
144144 tags = {
145- Name = " ${ var . environment } -vpn-to-ehr-repo-db-sg"
145+ Name = " ${ var . environment } -vpn-to-ehr-repo-db-sg"
146146 CreatedBy = var.repo_name
147147 Environment = var.environment
148148 }
149149}
150150
151151resource "aws_security_group_rule" "vpn_to_db_sg" {
152- count = var. grant_access_through_vpn ? 1 : 0
153- type = " ingress"
154- description = " Allow traffic from VPN to the db"
155- protocol = " tcp"
156- from_port = 5432
157- to_port = 5432
152+ count = var. grant_access_through_vpn ? 1 : 0
153+ type = " ingress"
154+ description = " Allow traffic from VPN to the db"
155+ protocol = " tcp"
156+ from_port = 5432
157+ to_port = 5432
158158 source_security_group_id = data. aws_ssm_parameter . vpn_sg_id . value
159- security_group_id = aws_security_group. vpn_to_db_sg . id
159+ security_group_id = aws_security_group. vpn_to_db_sg . id
160160}
161161
162162data "aws_ssm_parameter" "repo_databases_parameter_group_name" {
0 commit comments