Added aurora module

Author: ulises-jeremias

live/core/README.md

@@ -17,16 +17,6 @@
 
 ✔️ [Terraform](https://www.terraform.io/downloads.html)
 
-## Module Documentation
-
-The module documentation is generated with [terraform-docs](https://github.com/terraform-docs/terraform-docs) by running the following command from the module directory:
-
-```sh
-terraform-docs md . > ./docs/MODULE.md
-```
-
-You can also view the latest version of the module documentation [here](./docs/MODULE.md).
-
 ## Setup
 
 1. Initialize the Terraform working directory:
@@ -178,3 +168,13 @@ You can now execute SQL commands to test the database setup. For example:
 ```
 
 These steps will help you verify the successful setup of the database and ensure that the necessary connections and configurations are in place.
+
+## Module Documentation
+
+The module documentation is generated with [terraform-docs](https://github.com/terraform-docs/terraform-docs) by running the following command from the module directory:
+
+```sh
+terraform-docs md . > ./docs/MODULE.md
+```
+
+You can also view the latest version of the module documentation [here](./docs/MODULE.md).

modules/rds-aurora/.terraform.lock.hcl

@@ -0,0 +1,32 @@
+# RDS Aurora Module
+
+Terraform module to bootstrap a RDS Aurora instances and other database resources.
+
+## Usage
+
+```hcl
+module "db" {
+  source = "../../modules/rds-aurora"
+
+  name = "examples-rds-aurora"
+
+  vpc_id          = "vpc-1234567890"
+  db_subnet_group = "db-subnet-group-1234567890"
+
+  db_name            = "db_name"
+  db_master_username = "db_master_username"
+  db_port            = 5432
+
+  db_instance_class       = "db.serverless"
+  instances = {
+    one = {}
+    two = {}
+  }
+}
+```
+
+## Module Documentation
+
+The module documentation is generated with [terraform-docs](https://github.com/terraform-docs/terraform-docs) by running `terraform-docs md . > ./docs/MODULE.md` from the module directory.
+
+You can also view the latest version of the module documentation [here](./docs/MODULE.md).

modules/rds-aurora/README.md

@@ -0,0 +1,84 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_db"></a> [db](#module\_db) | terraform-aws-modules/rds/aws | 6.0.0 |
+| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 4.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_secretsmanager_secret.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [random_password.rds_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_db_allocated_storage"></a> [db\_allocated\_storage](#input\_db\_allocated\_storage) | Storage size in GB. | `number` | `20` | no |
+| <a name="input_db_backup_retention_period"></a> [db\_backup\_retention\_period](#input\_db\_backup\_retention\_period) | Backup retention period in days. | `string` | `"1"` | no |
+| <a name="input_db_backup_window"></a> [db\_backup\_window](#input\_db\_backup\_window) | Preferred backup window. | `string` | `"03:00-06:00"` | no |
+| <a name="input_db_engine"></a> [db\_engine](#input\_db\_engine) | The name of the database engine to be used for RDS. | `string` | `"postgres"` | no |
+| <a name="input_db_engine_version"></a> [db\_engine\_version](#input\_db\_engine\_version) | The database engine version. | `string` | `"14"` | no |
+| <a name="input_db_family"></a> [db\_family](#input\_db\_family) | The family of the database engine to be used for RDS. | `string` | `"postgres14"` | no |
+| <a name="input_db_instance"></a> [db\_instance](#input\_db\_instance) | The instance class to use for RDS. | `string` | `"db.t4g.large"` | no |
+| <a name="input_db_maintenance_window"></a> [db\_maintenance\_window](#input\_db\_maintenance\_window) | Preferred maintenance window. | `string` | `"Mon:00:00-Mon:03:00"` | no |
+| <a name="input_db_major_engine_version"></a> [db\_major\_engine\_version](#input\_db\_major\_engine\_version) | The major engine version. | `string` | `"14"` | no |
+| <a name="input_db_master_password"></a> [db\_master\_password](#input\_db\_master\_password) | Database password | `string` | `""` | no |
+| <a name="input_db_master_username"></a> [db\_master\_username](#input\_db\_master\_username) | Database username | `string` | `"name"` | no |
+| <a name="input_db_max_allocated_storage"></a> [db\_max\_allocated\_storage](#input\_db\_max\_allocated\_storage) | Maximum storage size in GB. | `number` | `100` | no |
+| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | Database name | `string` | `"name"` | no |
+| <a name="input_db_port"></a> [db\_port](#input\_db\_port) | Database port | `number` | `5432` | no |
+| <a name="input_db_storage_type"></a> [db\_storage\_type](#input\_db\_storage\_type) | Storage Type for RDS. | `string` | `"gp2"` | no |
+| <a name="input_db_subnet_group"></a> [db\_subnet\_group](#input\_db\_subnet\_group) | Database subnet group to use. Leave blank to create a new one. | `string` | `""` | no |
+| <a name="input_enable_multi_az"></a> [enable\_multi\_az](#input\_enable\_multi\_az) | Create RDS instance in multiple availability zones. | `bool` | `false` | no |
+| <a name="input_enable_public_access"></a> [enable\_public\_access](#input\_enable\_public\_access) | Enable public access for RDS. | `bool` | `true` | no |
+| <a name="input_enable_skip_final_snapshot"></a> [enable\_skip\_final\_snapshot](#input\_enable\_skip\_final\_snapshot) | When DB is deleted and If this variable is false, no final snapshot will be made. | `bool` | `true` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name to be used on all the resources as identifier | `string` | `""` | no |
+| <a name="input_storage_encrypted"></a> [storage\_encrypted](#input\_storage\_encrypted) | Enable storage encryption. | `bool` | `true` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Any extra tags to assign to objects | `map(any)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC id in which the RDS instance is to be created. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_connection_secret_arn"></a> [connection\_secret\_arn](#output\_connection\_secret\_arn) | The ARN of the AWS Secrets Manager secret created |
+| <a name="output_connection_secret_name"></a> [connection\_secret\_name](#output\_connection\_secret\_name) | The name of the AWS Secrets Manager secret created |
+| <a name="output_db_instance_address"></a> [db\_instance\_address](#output\_db\_instance\_address) | The address of the RDS instance |
+| <a name="output_db_instance_arn"></a> [db\_instance\_arn](#output\_db\_instance\_arn) | The ARN of the RDS instance |
+| <a name="output_db_instance_availability_zone"></a> [db\_instance\_availability\_zone](#output\_db\_instance\_availability\_zone) | The availability zone of the RDS instance |
+| <a name="output_db_instance_cloudwatch_log_groups"></a> [db\_instance\_cloudwatch\_log\_groups](#output\_db\_instance\_cloudwatch\_log\_groups) | Map of CloudWatch log groups created and their attributes |
+| <a name="output_db_instance_endpoint"></a> [db\_instance\_endpoint](#output\_db\_instance\_endpoint) | The connection endpoint |
+| <a name="output_db_instance_engine"></a> [db\_instance\_engine](#output\_db\_instance\_engine) | The database engine |
+| <a name="output_db_instance_engine_version_actual"></a> [db\_instance\_engine\_version\_actual](#output\_db\_instance\_engine\_version\_actual) | The running version of the database |
+| <a name="output_db_instance_hosted_zone_id"></a> [db\_instance\_hosted\_zone\_id](#output\_db\_instance\_hosted\_zone\_id) | The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record) |
+| <a name="output_db_instance_identifier"></a> [db\_instance\_identifier](#output\_db\_instance\_identifier) | The RDS instance ID |
+| <a name="output_db_instance_name"></a> [db\_instance\_name](#output\_db\_instance\_name) | The database name |
+| <a name="output_db_instance_port"></a> [db\_instance\_port](#output\_db\_instance\_port) | The database port |
+| <a name="output_db_instance_resource_id"></a> [db\_instance\_resource\_id](#output\_db\_instance\_resource\_id) | The RDS Resource ID of this instance |
+| <a name="output_db_instance_status"></a> [db\_instance\_status](#output\_db\_instance\_status) | The RDS instance status |
+| <a name="output_db_instance_username"></a> [db\_instance\_username](#output\_db\_instance\_username) | The master username for the database |
+| <a name="output_db_parameter_group_arn"></a> [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the db parameter group |
+| <a name="output_db_parameter_group_id"></a> [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | The db parameter group id |
+| <a name="output_db_subnet_group_arn"></a> [db\_subnet\_group\_arn](#output\_db\_subnet\_group\_arn) | The ARN of the db subnet group |
+| <a name="output_db_subnet_group_id"></a> [db\_subnet\_group\_id](#output\_db\_subnet\_group\_id) | The db subnet group name |
+| <a name="output_enhanced_monitoring_iam_role_arn"></a> [enhanced\_monitoring\_iam\_role\_arn](#output\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the monitoring role |
+<!-- END_TF_DOCS -->

modules/rds-aurora/docs/MODULE.md

@@ -0,0 +1,85 @@
+output "cluster_arn" {
+  description = "The ARN of the RDS instance"
+  value       = module.db.cluster_arn
+}
+
+output "cluster_endpoint" {
+  description = "The connection endpoint"
+  value       = module.db.cluster_endpoint
+}
+
+output "cluster_reader_endpoint" {
+  description = "The address of the RDS instance"
+  value       = module.db.cluster_reader_endpoint
+}
+
+output "cluster_members" {
+  description = "List of RDS Instances that are a part of this cluster"
+  value       = try(module.db.cluster_members, null)
+}
+
+output "cluster_engine_version_actual" {
+  description = "The running version of the database"
+  value       = module.db.cluster_engine_version_actual
+}
+
+output "cluster_database_name" {
+  description = "The database name"
+  value       = module.db.cluster_database_name
+}
+
+output "cluster_resource_id" {
+  description = "The RDS Resource ID of this instance"
+  value       = module.db.cluster_resource_id
+}
+
+output "cluster_port" {
+  description = "The database port"
+  value       = module.db.cluster_port
+}
+
+output "cluster_master_username" {
+  description = "The master username for the database"
+  value       = module.db.cluster_master_username
+  sensitive   = true
+}
+
+output "cluster_instances" {
+  description = "The RDS Instances for this cluster"
+  value       = module.db.cluster_instances
+}
+
+output "enhanced_monitoring_iam_role_name" {
+  description = "The name of the IAM role used for enhanced monitoring"
+  value       = module.db.enhanced_monitoring_iam_role_name
+}
+
+output "enhanced_monitoring_iam_role_arn" {
+  description = "The ARN of the IAM role used for enhanced monitoring"
+  value       = module.db.enhanced_monitoring_iam_role_arn
+}
+
+output "enhanced_monitoring_iam_role_unique_id" {
+  description = "The unique ID of the IAM role used for enhanced monitoring"
+  value       = module.db.enhanced_monitoring_iam_role_unique_id
+}
+
+output "security_group_id" {
+  description = "The ID of the security group"
+  value       = module.db.security_group_id
+}
+
+output "db_cluster_cloudwatch_log_groups" {
+  description = "The CloudWatch log groups for the DB cluster"
+  value       = module.db.db_cluster_cloudwatch_log_groups
+}
+
+output "connection_secret_name" {
+  description = "The name of the AWS Secrets Manager secret created"
+  value       = aws_secretsmanager_secret.secret.name
+}
+
+output "connection_secret_arn" {
+  description = "The ARN of the AWS Secrets Manager secret created"
+  value       = aws_secretsmanager_secret.secret.arn
+}

modules/rds-aurora/outputs.tf

@@ -0,0 +1,47 @@
+module "db" {
+  source  = "terraform-aws-modules/rds-aurora/aws"
+  version = "8.3.1"
+
+  name = "${var.name}-rds-aurora"
+
+  # All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts
+  engine         = var.db_engine
+  engine_version = var.db_engine_version
+  instance_class = var.db_instance_class
+
+  storage_type      = var.db_storage_type
+  storage_encrypted = var.storage_encrypted
+  allocated_storage = var.db_allocated_storage
+
+  # NOTE: Do NOT use 'user' as the value for 'username' as it throws:
+  # "Error creating DB Instance: InvalidParameterValue: MasterUsername
+  # user cannot be used as it is a reserved word used by the engine"
+  database_name   = var.db_name
+  master_username = local.username
+  master_password = local.password
+  port            = var.db_port
+
+  db_subnet_group_name   = var.db_subnet_group
+  vpc_security_group_ids = [module.security_group.security_group_id]
+
+  preferred_maintenance_window    = var.db_maintenance_window
+  preferred_backup_window         = var.db_backup_window
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
+  create_cloudwatch_log_group     = true
+
+  backup_retention_period = var.db_backup_retention_period
+  skip_final_snapshot     = var.enable_skip_final_snapshot
+  deletion_protection     = false
+
+  publicly_accessible = var.enable_public_access
+
+  performance_insights_enabled          = true
+  performance_insights_retention_period = 7
+  create_monitoring_role                = true
+  monitoring_interval                   = 60
+
+  # We will create our own secret and store it in AWS Secrets Manager
+  manage_master_user_password = false
+
+  tags = var.tags
+}

modules/rds-aurora/rds.tf

@@ -0,0 +1,35 @@
+# Create a random initial password for the RDS DB Instance
+resource "random_password" "rds_password" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+}
+
+locals {
+  # if var.db_master_password is not set, use the random password
+  password = var.db_master_password != "" ? var.db_master_password : random_password.rds_password.result
+  username = var.db_master_username
+}
+
+resource "aws_secretsmanager_secret" "secret" {
+  description = "RDS DB Instance Connection Credentials"
+  name        = "${var.name}-connection-secret"
+}
+
+resource "aws_secretsmanager_secret_version" "secret" {
+  lifecycle {
+    ignore_changes = [
+      secret_string
+    ]
+  }
+  secret_id     = aws_secretsmanager_secret.secret.id
+  secret_string = <<EOF
+{
+  "username": "${local.username}",
+  "password": "${local.password}",
+  "host": "${module.db.cluster_endpoint}",
+  "port": ${module.db.cluster_port},
+  "dbname" : "${var.db_name}"
+}
+EOF
+}

modules/rds-aurora/secret.tf

@@ -0,0 +1,26 @@
+data "aws_vpc" "main" {
+  id = var.vpc_id
+}
+
+module "security_group" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.0"
+
+  name        = "${var.name}-security-group"
+  description = "Security group for ${var.name}"
+  vpc_id      = var.vpc_id
+
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = module.db.cluster_port
+      to_port     = module.db.cluster_port
+      protocol    = "tcp"
+      description = "RDS DB Instance access from within VPC"
+      cidr_blocks = data.aws_vpc.main.cidr_block
+    }
+  ]
+
+  egress_rules = ["all-all"]
+
+  tags = var.tags
+}