/**
* # LabMysql
*
* This will not deploy on LocalStack. Both free and community editions
* have rds disabled. License upgrade is needed to use rds.
*/

module "rds" {
  source  = "terraform-aws-modules/rds/aws"
  version = "7.1.0"

  db_name                = "LabMysql001"
  identifier             = "labmysql001"
  username               = "mysqldba"
  instance_class         = "db.t4g.xlarge"
  engine                 = "mysql"
  engine_version         = "8.4.9"
  family                 = "mysql8.4"
  major_engine_version   = "8.4"
  skip_final_snapshot    = true
  deletion_protection    = false
  storage_type           = "gp3"
  storage_encrypted      = true
  kms_key_id             = module.KmsKeys.cmks.database.arn
  allocated_storage      = 15
  max_allocated_storage  = 30
  multi_az               = true
  create_db_subnet_group = true
  subnet_ids             = data.terraform_remote_state.vpc.outputs.private_subnets
  vpc_security_group_ids = [module.DatabaseSg.id]
}

module "KmsKeys" {
  source = "../../../modules/security_identity_compliance/CustomerManagedKmsKeys"

  create-allpurpose-key   = false
  create-backup-key       = false
  create-database-key     = true
  create-eksebs-key       = false
  create-log-key          = false
  create-notify-key       = false
  create-secret-key       = false
  create-storage-key      = false
  deletion_window_in_days = 7
}

module "DatabaseSg" {
  source      = "../../../modules/compute/security_group"
  name        = "example-sg"
  description = "SG of RDS instance"
  vpc-id      = data.terraform_remote_state.vpc.outputs.vpc_id
  ingress = {
    r1 = "tcp,3306,3306,${data.terraform_remote_state.vpc.outputs.vpc_cidr_block},AllowMyVpc"
  }
  egress = {
    r1 = "-1,-1,-1,0.0.0.0/0,Allow egress ipv4"
    r2 = "-1,-1,-1,::/0,Allow egress ipv6"
  }
}