From 380b7771dbc74d58a8a49a24c94679e2bfdae267 Mon Sep 17 00:00:00 2001 From: Khalim Conn-Kowlessar Date: Wed, 5 Jul 2023 18:09:44 +0100 Subject: [PATCH] Got the database creation working --- infrastructure/terraform/README.md | 20 ++++++++++-- infrastructure/terraform/dev.tfvars | 4 ++- infrastructure/terraform/main.tf | 46 ++++++++++----------------- infrastructure/terraform/variables.tf | 5 +++ 4 files changed, 42 insertions(+), 33 deletions(-) diff --git a/infrastructure/terraform/README.md b/infrastructure/terraform/README.md index 75c7c2f5..84d0d5bc 100644 --- a/infrastructure/terraform/README.md +++ b/infrastructure/terraform/README.md @@ -24,7 +24,13 @@ The deployment process can be broken down into the following steps: terraform init ``` -2. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state. +2. Workspace setup: Before you deploy, create a workspace for the environment. For example, if you're setting up the development environment: + +```bash +terraform workspace new dev +``` + +3. Planning: This step creates an execution plan, showing what changes Terraform will make to reach the desired state. ```bash terraform plan -var-file=dev.tfvars @@ -32,7 +38,7 @@ terraform plan -var-file=dev.tfvars Note: replace dev.tfvars with your appropriate variables file. For a production deployment, this would be the prod.tfvars file. -3. Apply: This step applies the desired changes to reach the desired infrastructure state. +4. Apply: This step applies the desired changes to reach the desired infrastructure state. ```bash terraform apply -var-file=dev.tfvars @@ -51,3 +57,13 @@ aws_secret_access_key = YOUR_SECRET_KEY ``` In the given example, DevAdmin is the profile for the development environment. Replace YOUR_ACCESS_KEY and YOUR_SECRET_KEY with your actual AWS credentials. + +## Switching Environments + +If you need to switch environments (e.g., from development to production), use the following command: + +```bash +terraform workspace select prod +``` + +Remember to update your variables file accordingly when planning and applying changes (`-var-file=prod.tfvars` for production, for example). diff --git a/infrastructure/terraform/dev.tfvars b/infrastructure/terraform/dev.tfvars index 09af07c5..72c987d0 100644 --- a/infrastructure/terraform/dev.tfvars +++ b/infrastructure/terraform/dev.tfvars @@ -1,6 +1,8 @@ +stage = "dev" profile = "DevAdmin" +region = "eu-west-2" # Database allocated_storage = 20 -instance_class = "db.t2.micro" +instance_class = "db.t3.micro" database_name = "DevAssessmentModelDB" \ No newline at end of file diff --git a/infrastructure/terraform/main.tf b/infrastructure/terraform/main.tf index a645e291..23a405da 100644 --- a/infrastructure/terraform/main.tf +++ b/infrastructure/terraform/main.tf @@ -5,6 +5,12 @@ terraform { version = "~> 4.16" } } + backend "s3" { + bucket = "assessment-model-terraform-state" + region = "eu-west-2" + profile="DevAdmin" + key = "terraform.tfstate" + } required_version = ">= 1.2.0" } @@ -14,43 +20,23 @@ provider "aws" { region = var.region } -resource "random_password" "password" { - length = 16 - special = true +# Assuming the secret is already created and the name is "/assessment_model/db_credentials" +data "aws_secretsmanager_secret" "db_credentials" { + name = "${var.stage}/assessment_model/db_credentials" } -# Check if a secret already exists with this name -data "aws_secretsmanager_secret" "existing_secret" { - name = "db_credentials" - count = "${can(data.aws_secretsmanager_secret.existing_secret.name) ? 1 : 0}" -} - -# Only create a new secret if one does not already exist -resource "aws_secretsmanager_secret" "db_credentials" { - name = "db_credentials" - count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}" -} - -# Only create a new secret version if one does not already exist -# We can update this approach at a later stage if we wish to rotate the password on a regular basis but because of potental -# side affects, we make it so that we only create a new secret version if one does not already exist -resource "aws_secretsmanager_secret_version" "db_credentials" { - secret_id = aws_secretsmanager_secret.db_credentials[count.index].id - secret_string = jsonencode({ - username = "your_db_username" - password = random_password.password.result - }) - count = "${data.aws_secretsmanager_secret.existing_secret.name != "db_credentials" ? 1 : 0}" +data "aws_secretsmanager_secret_version" "db_credentials" { + secret_id = data.aws_secretsmanager_secret.db_credentials.id } resource "aws_db_instance" "default" { allocated_storage = var.allocated_storage engine = "postgres" - engine_version = "13.3" + engine_version = "14.7" instance_class = var.instance_class - name = var.database_name - username = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["username"] - password = jsondecode(aws_secretsmanager_secret_version.db_credentials.secret_string)["password"] - parameter_group_name = "default.postgres13" + db_name = var.database_name + username = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)["db_assessment_model_username"] + password = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)["db_assessment_model_password"] + parameter_group_name = "default.postgres14" skip_final_snapshot = true } diff --git a/infrastructure/terraform/variables.tf b/infrastructure/terraform/variables.tf index c62adb6e..bcdbc6be 100644 --- a/infrastructure/terraform/variables.tf +++ b/infrastructure/terraform/variables.tf @@ -1,3 +1,8 @@ +variable stage { + description = "The stage of the environment" + type = string +} + variable "profile" { description = "AWS profile to use" type = string