feat: added rds layer and updated readme about community edition

2026-02-20 08:29:14 +08:00
parent 44c1f9ca48
commit c96abf07eb
8 changed files with 193 additions and 1 deletions
@@ -0,0 +1,49 @@
+<!-- This readme file is generated with terraform-docs -->
+# LabMysql
+
+This will not deploy on LocalStack. Both free and community editions
+have rds disabled. License upgrade is needed to use rds.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 1.11.0 |
+| aws | ~> 6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| terraform | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| DatabaseSg | ../../../modules/compute/security_group | n/a |
+| KmsKeys | ../../../modules/security_identity_compliance/CustomerManagedKmsKeys | n/a |
+| rds | terraform-aws-modules/rds/aws | 7.1.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [terraform_remote_state.vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| application | n/a | `any` | n/a | yes |
+| aws-region | n/a | `any` | n/a | yes |
+| environment | n/a | `any` | n/a | yes |
+| project | n/a | `any` | n/a | yes |
+
+## Outputs
+
+No outputs.
+ 
+---
+## Authorship
+This module was developed by xpk.
@@ -0,0 +1,59 @@
+/**
+* # LabMysql
+*
+* This will not deploy on LocalStack. Both free and community editions
+* have rds disabled. License upgrade is needed to use rds.
+*/
+
+module "rds" {
+  source  = "terraform-aws-modules/rds/aws"
+  version = "7.1.0"
+
+  db_name                = "LabMysql001"
+  identifier             = "labmysql001"
+  username               = "mysqldba"
+  instance_class         = "db.t4g.xlarge"
+  engine                 = "mysql"
+  engine_version         = "8.4.9"
+  family                 = "mysql8.4"
+  major_engine_version   = "8.4"
+  skip_final_snapshot    = true
+  deletion_protection    = false
+  storage_type           = "gp3"
+  storage_encrypted      = true
+  kms_key_id             = module.KmsKeys.cmks.database.arn
+  allocated_storage      = 15
+  max_allocated_storage  = 30
+  multi_az               = true
+  create_db_subnet_group = true
+  subnet_ids             = data.terraform_remote_state.vpc.outputs.private_subnets
+  vpc_security_group_ids = [module.DatabaseSg.id]
+}
+
+module "KmsKeys" {
+  source = "../../../modules/security_identity_compliance/CustomerManagedKmsKeys"
+
+  create-allpurpose-key   = false
+  create-backup-key       = false
+  create-database-key     = true
+  create-eksebs-key       = false
+  create-log-key          = false
+  create-notify-key       = false
+  create-secret-key       = false
+  create-storage-key      = false
+  deletion_window_in_days = 7
+}
+
+module "DatabaseSg" {
+  source      = "../../../modules/compute/security_group"
+  name        = "example-sg"
+  description = "SG of RDS instance"
+  vpc-id      = data.terraform_remote_state.vpc.outputs.vpc_id
+  ingress = {
+    r1 = "tcp,3306,3306,${data.terraform_remote_state.vpc.outputs.vpc_cidr_block},AllowMyVpc"
+  }
+  egress = {
+    r1 = "-1,-1,-1,0.0.0.0/0,Allow egress ipv4"
+    r2 = "-1,-1,-1,::/0,Allow egress ipv6"
+  }
+}
@@ -0,0 +1,59 @@
+provider "aws" {
+  region = var.aws-region
+
+  # localstack config
+  access_key                  = "test"
+  secret_key                  = "test"
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  # localstack endpoints https://docs.localstack.cloud/aws/integrations/infrastructure-as-code/terraform/#:~:text=tflocal%20is%20a%20small%20wrapper,unmodified%20Terraform%20scripts%20against%20LocalStack.
+  endpoints {
+    apigateway     = "http://192.168.86.96:4566"
+    apigatewayv2   = "http://192.168.86.96:4566"
+    cloudformation = "http://192.168.86.96:4566"
+    cloudwatch     = "http://192.168.86.96:4566"
+    dynamodb       = "http://192.168.86.96:4566"
+    ec2            = "http://192.168.86.96:4566"
+    es             = "http://192.168.86.96:4566"
+    elasticache    = "http://192.168.86.96:4566"
+    firehose       = "http://192.168.86.96:4566"
+    iam            = "http://192.168.86.96:4566"
+    kinesis        = "http://192.168.86.96:4566"
+    lambda         = "http://192.168.86.96:4566"
+    rds            = "http://192.168.86.96:4566"
+    redshift       = "http://192.168.86.96:4566"
+    route53        = "http://192.168.86.96:4566"
+    s3             = "http://192.168.86.96:4566"
+    secretsmanager = "http://192.168.86.96:4566"
+    ses            = "http://192.168.86.96:4566"
+    sns            = "http://192.168.86.96:4566"
+    sqs            = "http://192.168.86.96:4566"
+    ssm            = "http://192.168.86.96:4566"
+    stepfunctions  = "http://192.168.86.96:4566"
+    sts            = "http://192.168.86.96:4566"
+  }
+
+  default_tags {
+    tags = {
+      Environment     = var.environment
+      Project         = var.project
+      Application     = var.application
+      LocalStack      = true
+      TerraformDir    = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2)))
+    }
+  }
+}
+
+terraform {
+  required_version = ">= 1.11.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 6.0"
+    }
+  }
+}
+
+# data aws_caller_identity current {}
@@ -0,0 +1,6 @@
+data "terraform_remote_state" "vpc" {
+  backend = "local"
+  config = {
+    path = "${path.module}/../../Network/LabVpc/terraform.tfstate"
+  }
+}
@@ -0,0 +1,4 @@
+application = "localstack"
+environment = "locallab"
+project     = "iac"
+aws-region  = "us-east-1"
@@ -0,0 +1,4 @@
+variable "aws-region" {}
+variable "environment" {}
+variable "project" {}
+variable "application" {}