Got the database creation working

2026-06-08 11:17:27 +00:00 · 2023-07-05 18:09:44 +01:00 · 2023-07-05 18:09:44 +01:00 · 380b7771db
commit 380b7771db
parent 2274e644f9
4 changed files with 42 additions and 33 deletions
--- a/infrastructure/terraform/README.md
+++ b/infrastructure/terraform/README.md
@ -24,7 +24,13 @@ The deployment process can be broken down into the following steps:
 terraform init
 ```

-2. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state.
+2. Workspace setup: Before you deploy, create a workspace for the environment. For example, if you're setting up the development environment:
+
+```bash
+terraform workspace new dev
+```
+
+3. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state.

 ```bash
 terraform plan -var-file=dev.tfvars
@ -32,7 +38,7 @@ terraform plan -var-file=dev.tfvars

 Note: replace dev.tfvars with your appropriate variables file. For a production deployment, this would be the prod.tfvars file.

-3. Apply: This step applies the desired changes to reach the desired infrastructure state.
+4. Apply: This step applies the desired changes to reach the desired infrastructure state.

 ```bash
 terraform apply -var-file=dev.tfvars
@ -51,3 +57,13 @@ aws_secret_access_key = YOUR_SECRET_KEY
 ```

 In the given example, DevAdmin is the profile for the development environment. Replace YOUR_ACCESS_KEY and YOUR_SECRET_KEY with your actual AWS credentials.
+
+## Switching Environments
+
+If you need to switch environments (e.g., from development to production), use the following command:
+
+```bash
+terraform workspace select prod
+```
+
+Remember to update your variables file accordingly when planning and applying changes (`-var-file=prod.tfvars` for production, for example).
--- a/infrastructure/terraform/dev.tfvars
+++ b/infrastructure/terraform/dev.tfvars
@ -1,6 +1,8 @@
+stage = "dev"
 profile = "DevAdmin"
+region = "eu-west-2"

 # Database
 allocated_storage = 20
-instance_class = "db.t2.micro"
+instance_class = "db.t3.micro"
 database_name = "DevAssessmentModelDB"
--- a/infrastructure/terraform/main.tf
+++ b/infrastructure/terraform/main.tf
@ -5,6 +5,12 @@ terraform {
      version = "~> 4.16"
    }
  }
+  backend "s3" {
+    bucket = "assessment-model-terraform-state"
+    region = "eu-west-2"
+    profile="DevAdmin"
+    key    = "terraform.tfstate"
+  }

  required_version = ">= 1.2.0"
 }
@ -14,43 +20,23 @@ provider "aws" {
  region  = var.region
 }

-resource "random_password" "password" {
-  length  = 16
-  special = true
+# Assuming the secret is already created and the name is "<stage>/assessment_model/db_credentials"
+data "aws_secretsmanager_secret" "db_credentials" {
+  name = "${var.stage}/assessment_model/db_credentials"
 }

-# Check if a secret already exists with this name
-data "aws_secretsmanager_secret" "existing_secret" {
-  name = "db_credentials"
-  count = "${can(data.aws_secretsmanager_secret.existing_secret.name) ? 1 : 0}"
-}
-
-# Only create a new secret if one does not already exist
-resource "aws_secretsmanager_secret" "db_credentials" {
-  name = "db_credentials"
-  count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}"
-}
-
-# Only create a new secret version if one does not already exist
-# We can update this approach at a later stage if we wish to rotate the password on a regular basis but because of potental
-# side affects, we make it so that we only create a new secret version if one does not already exist
-resource "aws_secretsmanager_secret_version" "db_credentials" {
-  secret_id     = aws_secretsmanager_secret.db_credentials[count.index].id
-  secret_string = jsonencode({
-    username = "your_db_username"
-    password = random_password.password.result
-  })
-  count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}"
+data "aws_secretsmanager_secret_version" "db_credentials" {
+  secret_id = data.aws_secretsmanager_secret.db_credentials.id
 }

 resource "aws_db_instance" "default" {
  allocated_storage    = var.allocated_storage
  engine               = "postgres"
-  engine_version       = "13.3"
+  engine_version       = "14.7"
  instance_class       = var.instance_class
-  name                 = var.database_name
-  username             = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["username"]
-  password             = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["password"]
-  parameter_group_name = "default.postgres13"
+  db_name              = var.database_name
+  username             = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)["db_assessment_model_username"]
+  password             = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)["db_assessment_model_password"]
+  parameter_group_name = "default.postgres14"
  skip_final_snapshot  = true
 }
--- a/infrastructure/terraform/variables.tf
+++ b/infrastructure/terraform/variables.tf
@ -1,3 +1,8 @@
+variable stage {
+  description = "The stage of the environment"
+  type        = string
+}
+
 variable "profile" {
  description = "AWS profile to use"
  type        = string