55 lines
1.3 KiB
HCL
55 lines
1.3 KiB
HCL
resource "random_password" "db" {
|
|
length = 24
|
|
special = false
|
|
}
|
|
|
|
resource "aws_ssm_parameter" "db_password" {
|
|
name = "/${var.project_name}/${var.environment}/db-password"
|
|
type = "SecureString"
|
|
value = random_password.db.result
|
|
}
|
|
|
|
resource "aws_db_subnet_group" "main" {
|
|
name = "${local.name_prefix}-db-subnet"
|
|
subnet_ids = aws_subnet.private[*].id
|
|
|
|
tags = {
|
|
Name = "${local.name_prefix}-db-subnet"
|
|
}
|
|
}
|
|
|
|
resource "aws_db_instance" "main" {
|
|
identifier = "${local.name_prefix}-db"
|
|
|
|
engine = "postgres"
|
|
engine_version = var.db_engine_version
|
|
instance_class = var.db_instance_class
|
|
|
|
allocated_storage = var.db_allocated_storage
|
|
storage_type = "gp2"
|
|
storage_encrypted = true
|
|
|
|
db_name = var.db_name
|
|
username = var.db_username
|
|
password = random_password.db.result
|
|
|
|
db_subnet_group_name = aws_db_subnet_group.main.name
|
|
vpc_security_group_ids = [aws_security_group.rds.id]
|
|
|
|
multi_az = false
|
|
publicly_accessible = false
|
|
|
|
backup_retention_period = 7
|
|
backup_window = "03:00-04:00"
|
|
maintenance_window = "mon:04:00-mon:05:00"
|
|
|
|
skip_final_snapshot = true
|
|
final_snapshot_identifier = "${local.name_prefix}-db-final"
|
|
|
|
deletion_protection = false
|
|
|
|
tags = {
|
|
Name = "${local.name_prefix}-db"
|
|
}
|
|
}
|