diff --git a/LocalStack/Database/LabMysql/README.md b/LocalStack/Database/LabMysql/README.md new file mode 100644 index 0000000..50c5355 --- /dev/null +++ b/LocalStack/Database/LabMysql/README.md @@ -0,0 +1,49 @@ + +# LabMysql + +This will not deploy on LocalStack. Both free and community editions +have rds disabled. License upgrade is needed to use rds. + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 1.11.0 | +| aws | ~> 6.0 | + +## Providers + +| Name | Version | +|------|---------| +| terraform | n/a | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| DatabaseSg | ../../../modules/compute/security_group | n/a | +| KmsKeys | ../../../modules/security_identity_compliance/CustomerManagedKmsKeys | n/a | +| rds | terraform-aws-modules/rds/aws | 7.1.0 | + +## Resources + +| Name | Type | +|------|------| +| [terraform_remote_state.vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| application | n/a | `any` | n/a | yes | +| aws-region | n/a | `any` | n/a | yes | +| environment | n/a | `any` | n/a | yes | +| project | n/a | `any` | n/a | yes | + +## Outputs + +No outputs. + +--- +## Authorship +This module was developed by xpk. \ No newline at end of file diff --git a/LocalStack/Database/LabMysql/main.tf b/LocalStack/Database/LabMysql/main.tf new file mode 100644 index 0000000..14852de --- /dev/null +++ b/LocalStack/Database/LabMysql/main.tf @@ -0,0 +1,59 @@ +/** +* # LabMysql +* +* This will not deploy on LocalStack. Both free and community editions +* have rds disabled. License upgrade is needed to use rds. +*/ + +module "rds" { + source = "terraform-aws-modules/rds/aws" + version = "7.1.0" + + db_name = "LabMysql001" + identifier = "labmysql001" + username = "mysqldba" + instance_class = "db.t4g.xlarge" + engine = "mysql" + engine_version = "8.4.9" + family = "mysql8.4" + major_engine_version = "8.4" + skip_final_snapshot = true + deletion_protection = false + storage_type = "gp3" + storage_encrypted = true + kms_key_id = module.KmsKeys.cmks.database.arn + allocated_storage = 15 + max_allocated_storage = 30 + multi_az = true + create_db_subnet_group = true + subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets + vpc_security_group_ids = [module.DatabaseSg.id] +} + +module "KmsKeys" { + source = "../../../modules/security_identity_compliance/CustomerManagedKmsKeys" + + create-allpurpose-key = false + create-backup-key = false + create-database-key = true + create-eksebs-key = false + create-log-key = false + create-notify-key = false + create-secret-key = false + create-storage-key = false + deletion_window_in_days = 7 +} + +module "DatabaseSg" { + source = "../../../modules/compute/security_group" + name = "example-sg" + description = "SG of RDS instance" + vpc-id = data.terraform_remote_state.vpc.outputs.vpc_id + ingress = { + r1 = "tcp,3306,3306,${data.terraform_remote_state.vpc.outputs.vpc_cidr_block},AllowMyVpc" + } + egress = { + r1 = "-1,-1,-1,0.0.0.0/0,Allow egress ipv4" + r2 = "-1,-1,-1,::/0,Allow egress ipv6" + } +} \ No newline at end of file diff --git a/LocalStack/Database/LabMysql/outputs.tf b/LocalStack/Database/LabMysql/outputs.tf new file mode 100644 index 0000000..473a0f4 diff --git a/LocalStack/Database/LabMysql/provider.tf b/LocalStack/Database/LabMysql/provider.tf new file mode 100644 index 0000000..8eb02d0 --- /dev/null +++ b/LocalStack/Database/LabMysql/provider.tf @@ -0,0 +1,59 @@ +provider "aws" { + region = var.aws-region + + # localstack config + access_key = "test" + secret_key = "test" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_requesting_account_id = true + + # localstack endpoints https://docs.localstack.cloud/aws/integrations/infrastructure-as-code/terraform/#:~:text=tflocal%20is%20a%20small%20wrapper,unmodified%20Terraform%20scripts%20against%20LocalStack. + endpoints { + apigateway = "http://192.168.86.96:4566" + apigatewayv2 = "http://192.168.86.96:4566" + cloudformation = "http://192.168.86.96:4566" + cloudwatch = "http://192.168.86.96:4566" + dynamodb = "http://192.168.86.96:4566" + ec2 = "http://192.168.86.96:4566" + es = "http://192.168.86.96:4566" + elasticache = "http://192.168.86.96:4566" + firehose = "http://192.168.86.96:4566" + iam = "http://192.168.86.96:4566" + kinesis = "http://192.168.86.96:4566" + lambda = "http://192.168.86.96:4566" + rds = "http://192.168.86.96:4566" + redshift = "http://192.168.86.96:4566" + route53 = "http://192.168.86.96:4566" + s3 = "http://192.168.86.96:4566" + secretsmanager = "http://192.168.86.96:4566" + ses = "http://192.168.86.96:4566" + sns = "http://192.168.86.96:4566" + sqs = "http://192.168.86.96:4566" + ssm = "http://192.168.86.96:4566" + stepfunctions = "http://192.168.86.96:4566" + sts = "http://192.168.86.96:4566" + } + + default_tags { + tags = { + Environment = var.environment + Project = var.project + Application = var.application + LocalStack = true + TerraformDir = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2))) + } + } +} + +terraform { + required_version = ">= 1.11.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} + +# data aws_caller_identity current {} \ No newline at end of file diff --git a/LocalStack/Database/LabMysql/remote_states.tf b/LocalStack/Database/LabMysql/remote_states.tf new file mode 100644 index 0000000..2d38e0a --- /dev/null +++ b/LocalStack/Database/LabMysql/remote_states.tf @@ -0,0 +1,6 @@ +data "terraform_remote_state" "vpc" { + backend = "local" + config = { + path = "${path.module}/../../Network/LabVpc/terraform.tfstate" + } +} \ No newline at end of file diff --git a/LocalStack/Database/LabMysql/terraform.tfvars b/LocalStack/Database/LabMysql/terraform.tfvars new file mode 100644 index 0000000..1446415 --- /dev/null +++ b/LocalStack/Database/LabMysql/terraform.tfvars @@ -0,0 +1,4 @@ +application = "localstack" +environment = "locallab" +project = "iac" +aws-region = "us-east-1" \ No newline at end of file diff --git a/LocalStack/Database/LabMysql/variables.tf b/LocalStack/Database/LabMysql/variables.tf new file mode 100644 index 0000000..ddf3dac --- /dev/null +++ b/LocalStack/Database/LabMysql/variables.tf @@ -0,0 +1,4 @@ +variable "aws-region" {} +variable "environment" {} +variable "project" {} +variable "application" {} \ No newline at end of file diff --git a/LocalStack/README.md b/LocalStack/README.md index a9d14ae..f38d337 100644 --- a/LocalStack/README.md +++ b/LocalStack/README.md @@ -7,6 +7,17 @@ docker run -e LOCALSTACK_AUTH_TOKEN=ls-xxx-yyy-zzz-aaa-bbb -it \ --name localstack --network macvlan localstack/localstack-pro localstack ``` +or use community edition while it is still available +```bash +docker run \ +-e AWS_ACCESS_KEY_ID=test \ +-e AWS_SECRET_ACCESS_KEY=test \ +-e SERVICES="s3,iam,lambda,dynamodb,cloudwatch,rds,ec2,secretsmanager" \ +-e DEBUG=1 \ +-v /run/containerd/containerd.sock:/var/run/docker.sock \ +-d --rm --name localstack --network macvlan localstack/localstack localstack +``` + In terraform, configure aws endpoints to go to localstack and add localstack required configurations: ```hcl provider "aws" { @@ -66,5 +77,5 @@ Also, ec2 instance's associate_public_ip_address attribute is always set to true it is set to false in my code. This caused the instance to be redeployed everytime terraform apply is ran. -The free edition of LocalStack does not support rds, among other services described in +Both the free and community editions of LocalStack do not support rds, among other services described in https://docs.localstack.cloud/aws/licensing/ \ No newline at end of file