-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproducts_db.tf
57 lines (54 loc) · 1.89 KB
/
products_db.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# vars
variable "products_db_name" {
description = "products_db Nome do banco de dados"
type = string
sensitive = true
}
variable "products_db_username" {
description = "products_db Nome de usuário do banco de dados"
type = string
sensitive = true
}
variable "products_db_password" {
description = "products_db Senha do banco de dados"
type = string
sensitive = true
}
# rds
resource "aws_db_instance" "products_db" {
identifier = "products-db"
allocated_storage = 20
engine = "postgres"
engine_version = "13.14"
instance_class = "db.t3.micro"
db_name = var.products_db_name
username = var.products_db_username
password = var.products_db_password
parameter_group_name = "default.postgres13"
skip_final_snapshot = true
vpc_security_group_ids = [aws_security_group.rds_sg.id]
db_subnet_group_name = aws_db_subnet_group.rds_subnet_group.name
}
# secrets manager
resource "aws_secretsmanager_secret" "products_db_credentials" {
name = "rds-products-db-credentials"
}
resource "aws_secretsmanager_secret_version" "products_db_credentials" {
depends_on = [aws_db_instance.products_db]
secret_id = aws_secretsmanager_secret.products_db_credentials.id
secret_string = jsonencode({
products_db_name = var.products_db_name
products_db_username = var.products_db_username
products_db_password = var.products_db_password
products_db_endpoint = aws_db_instance.products_db.endpoint
})
}
# out
output "products_db_endpoint" {
description = "Endpoint do banco de dados RDS products_db"
value = aws_db_instance.products_db.endpoint
}
output "products_db_credentials_secret_arn" {
description = "ARN do segredo das credenciais do banco de dados products_db"
value = aws_secretsmanager_secret.products_db_credentials.arn
}