RDS

resource "aws_security_group" "db" {
  name        = "wsi-RDS-SG"
  description = "wsi-RDS-SG"
  vpc_id      = aws_vpc.main.id

  ingress {
    protocol   = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
    from_port  = 4000
    to_port    = 4000
  }

  egress {
    protocol   = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    from_port  = 0
    to_port    = 0
  }

  tags = {
    Name = "wsi-RDS-SG"
  }
}

resource "aws_vpc_security_group_egress_rule" "bastion" {
  security_group_id = aws_security_group.bastion.id

  ip_protocol = "tcp"
  cidr_ipv4   = "0.0.0.0/0"
  from_port   = 4000
  to_port     = 4000
}

resource "aws_db_subnet_group" "db" {
  name = "wsi-rds-sg"
  subnet_ids = [
    aws_subnet.data_a.id,
    aws_subnet.data_b.id
  ]

  tags = {
    Name = "wsi-rds-sg"
  }
}

resource "aws_rds_cluster_parameter_group" "db" {
  name        = "wsi-rds-cpg"
  description = "wsi-rds-cpg"
  family      = "aurora-mysql8.0"

  parameter {
    name  = "time_zone"
    value = "Asia/Seoul"
  }

  tags = {
    Name = "wsi-rds-cpg"
  }
}

resource "aws_db_parameter_group" "db" {
  name        = "wsi-rds-pg"
  description = "wsi-rds-pg"
  family      = "aurora-mysql8.0"

  tags = {
    Name = "wsi-rds-pg"
  }
}

resource "aws_kms_key" "rds" {
  key_usage               = "ENCRYPT_DECRYPT"
  deletion_window_in_days = 7

  tags = {
    Name = "rds-kms"
  }
}

resource "aws_kms_alias" "rds" {
  target_key_id = aws_kms_key.rds.key_id
  name          = "alias/rds-kms"
}

resource "aws_rds_cluster" "db" {
  cluster_identifier          = "wsi-aurora-mysql"
  database_name               = "dev"
  availability_zones          = ["ap-northeast-2a", "ap-northeast-2b"]
  db_subnet_group_name        = aws_db_subnet_group.db.name
  vpc_security_group_ids      = [aws_security_group.db.id]
  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.db.name
  db_instance_parameter_group_name = aws_db_parameter_group.db.name
  kms_key_id                  = aws_kms_key.rds.arn
  enabled_cloudwatch_logs_exports  = ["audit", "error"]
  engine                      = "aurora-mysql"
  master_username             = "admin"
  master_password             = "Skill53##"
  skip_final_snapshot         = true
  storage_encrypted           = true
  port                        = 4000

  tags = {
    Name = "wsi-aurora-mysql"
  }
}


resource "aws_rds_cluster_instance" "db" {
  count                   = 1
  cluster_identifier      = aws_rds_cluster.db.id
  db_subnet_group_name    = aws_db_subnet_group.db.name
  instance_class          = "db.t3.medium"
  identifier              = "wsi-aurora-mysql-${count.index}"
  engine                  = "aurora-mysql"

  tags = {
    Name = "wsi-aurora-mysql-${count.index}"
  }
}

resource "aws_secretsmanager_secret" "customer" {
  name = "customer"
  recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret" "product" {
  name = "product"
  recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret" "order" {
  name = "order"
  recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret_version" "customer" {
  secret_id     = aws_secretsmanager_secret.customer.id
  secret_string = jsonencode({
    "username"            = aws_rds_cluster.db.master_username
    "password"            = aws_rds_cluster.db.master_password
    "engine"              = aws_rds_cluster.db.engine
    "host"                = aws_rds_cluster.db.endpoint
    "port"                = aws_rds_cluster.db.port
    "dbClusterIdentifier" = aws_rds_cluster.db.cluster_identifier
    "dbname"              = aws_rds_cluster.db.database_name
  })
}

resource "aws_secretsmanager_secret_version" "product" {
  secret_id     = aws_secretsmanager_secret.product.id
  secret_string = jsonencode({
    "username"            = aws_rds_cluster.db.master_username
    "password"            = aws_rds_cluster.db.master_password
    "engine"              = aws_rds_cluster.db.engine
    "host"                = aws_rds_cluster.db.endpoint
    "port"                = aws_rds_cluster.db.port
    "dbClusterIdentifier" = aws_rds_cluster.db.cluster_identifier
    "dbname"              = aws_rds_cluster.db.database_name
  })
}

resource "aws_secretsmanager_secret_version" "order" {
  secret_id     = aws_secretsmanager_secret.order.id
  secret_string = jsonencode({
    "aws_region"            = "ap-northeast-2"
  })
}

output "security_group" {
  value = aws_security_group.db.id
}

output "subnet_group" {
  value = aws_db_subnet_group.db.id
}

output "cluster_parameter_group" {
  value = aws_rds_cluster_parameter_group.db.id
}

output "parameter_group" {
  value = aws_db_parameter_group.db.id
}

output "rds_kms" {
  value = aws_kms_key.rds.id
}

output "rds_cluster" {
  value = aws_rds_cluster.db.id
}

output "customer_rds_secret_manager" {
  value = aws_secretsmanager_secret.customer.id
}

output "product_rds_secret_manager" {
  value = aws_secretsmanager_secret.product.id
}

output "order_rds_secret_manager" {
  value = aws_secretsmanager_secret.order.id
}
JSON
복사