Release 2.2.0 (#10)

* added custom password functionality and print database name * added custom password functionality and print database name * fixed security group inbound & outbound rule * Update main.tf --------- Co-authored-by: amanravi-squareops <aman.ravi@squareops.comm> Co-authored-by: Aman <146931382+amanravi-squareops@users.noreply.github.com>
squareops · Nov 15, 2024 · d5fc71a · d5fc71a
1 parent 7b8d168
commit d5fc71a
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 14 deletions.
diff --git a/examples/aurora/main.tf b/examples/aurora/main.tf
@@ -12,13 +12,13 @@ locals {
   environment        = "production"
   db_engine_version  = "15.2" #/5.7"
   db_instance_class  = "db.r5.large"
+  master_password   = ""  # Leave this field empty to have a password automatically generated.
   additional_aws_tags = {
     Owner      = "Organization_Name"
     Expires    = "Never"
     Department = "Engineering"
   }
   current_identity        = data.aws_caller_identity.current.arn
-  allowed_security_groups = ["sg-0ef14212995d67a2d"]
   allowed_cidr_blocks     = ["10.10.0.0/16"]
 }
 
@@ -104,8 +104,8 @@ module "aurora" {
   publicly_accessible              = false
   master_username                  = "devuser"
   database_name                    = "devdb"
+  master_password                  = local.master_password
   apply_immediately                = true
-  create_random_password           = true
   skip_final_snapshot              = true #  Keeping final snapshot results in retention of DB options group and hence creates problems during destroy. So use this option wisely.
   snapshot_identifier              = null
   preferred_backup_window          = "03:00-06:00"

diff --git a/examples/aurora/outputs.tf b/examples/aurora/outputs.tf
@@ -8,6 +8,11 @@ output "aurora_cluster_reader_endpoint" {
   value       = module.aurora.rds_cluster_reader_endpoint
 }
 
+output "aurora_cluster_database_name" {
+  description = "The reader endpoint URL of the Aurora cluster"
+  value       = module.aurora.rds_cluster_database_name
+}
+
 output "aurora_cluster_master_password" {
   description = "The master password for the Aurora cluster"
   value       = module.aurora.rds_cluster_master_password

diff --git a/main.tf b/main.tf
@@ -62,17 +62,26 @@ module "aurora" {
   # cidr_blocks     = var.allowed_cidr_blocks
   # security_groups = var.allowed_security_groups
   security_group_rules = {
-    vpc_ingress = {
-      cidr_blocks = "${var.allowed_cidr_blocks}"
-      # source_security_group_id = "${var.allowed_security_groups}"
-    }
-    egress_example = {
-      cidr_blocks = ["0.0.0.0/0"]
-      description = "Egress to Open World"
-    }
+  ingress_postgresql = {
+    description = "Allow inbound PostgreSQL traffic from trusted CIDR blocks"
+    type        = "ingress" 
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = var.allowed_cidr_blocks
+  }
+  egress_allow_all = {
+    description = "Allow all outbound traffic"
+    type        = "egress"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
   }
+}
   subnets         = var.subnets
-  master_password = var.manage_master_user_password ? null : random_password.master[0].result
+  master_password = var.master_password != "" ? var.master_password : (length(random_password.master) > 0 ? random_password.master[0].result : null)
+
 
   deletion_protection         = var.deletion_protection
   allow_major_version_upgrade = var.allow_major_version_upgrade
@@ -160,18 +169,17 @@ resource "aws_secretsmanager_secret" "secret_master_db" {
 }
 
 resource "random_password" "master" {
-  count   = var.manage_master_user_password ? 0 : 1
+  count   = var.master_password == "" ? 1 : 0
   length  = var.random_password_length
   special = false
 }
 
 resource "aws_secretsmanager_secret_version" "rds_credentials" {
-  count         = var.manage_master_user_password ? 0 : 1
   secret_id     = aws_secretsmanager_secret.secret_master_db.id
   secret_string = <<EOF
 {
   "username": "${module.aurora.cluster_master_username}",
-  "password": "${random_password.master[0].result}",
+  "password": "${var.master_password != "" ? var.master_password : (length(random_password.master) > 0 ? random_password.master[0].result : null)}",
   "engine": "${var.engine}",
   "host": "${module.aurora.cluster_endpoint}"
 }

diff --git a/outputs.tf b/outputs.tf
@@ -18,6 +18,10 @@ output "secondary_rds_cluster_reader_endpoint" {
   value       = var.global_cluster_enable ? module.aurora_secondary[0].cluster_reader_endpoint : null
 }
 
+output "rds_cluster_database_name"{
+  description = "Name for an automatically created database on cluster creation"
+  value       = module.aurora.cluster_database_name
+}
 
 output "rds_cluster_master_password" {
   description = "The master password for the Aurora cluster"

diff --git a/variables.tf b/variables.tf
@@ -118,6 +118,12 @@ variable "master_username" {
   default     = "root"
 }
 
+variable "master_password" {
+  description = "The password for the primary cluster"
+  type        = string
+  default     = null
+}
+
 variable "port" {
   description = "The port for the database"
   type        = number