Merge pull request #2 from jaynathani-tamr/DEV-13447-sg-module-rds

jaynathani-tamr · web-flow · commit 30437f782f52 · 2020-04-07T11:40:26.000-04:00
DEV-13447 sg module rds
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,6 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# IDE files
+**/.idea/*
diff --git a/README.md b/README.md
@@ -1,34 +1,39 @@
 # Tamr AWS RDS Terraform Module
-This terraform module creates an AWS RDS postgres instance.
+This terraform module creates an AWS RDS postgres instance that will be used by TAMR.
 This repo follows the [terraform standard module structure](https://www.terraform.io/docs/modules/index.html#standard-module-structure).
 
 # Examples
 ## Basic
 Inline example implementation of the module.  This is the most basic example of what it would look like to use this module.
 ```
 module "rds_postgres" {
-    source = "git::https://github.com/Datatamer/terraform-rds-postgres?ref=0.1.0"
-    postgres_name = "tamr_rds_db"
-    parameter_group_name = "tamr-rds-postgres-pg"
-    identifier_prefix = "tamr-rds-"
+    source = "git::https://github.com/Datatamer/terraform-rds-postgres.git?ref=0.1.0"
+    postgres_name = "example_rds_postgres"
+    parameter_group_name = "example-rds-postgres-pg"
+    identifier_prefix = "example-rds-"
 
-    username = "tamr"
-    password = "8characterpassword"
+    username = "exampleUsername"
+    password = "examplePassword"
 
-    subnet_name = "rds_private"
-    vpc_security_group_ids = []
+    subnet_name = "example_subnet"
+    spark_cluster_sg_ids = ["sg-examplesecuritygroup1", "sg-examplesecuritygroup2"]
+    tamr_vm_sg_id = "sg-exampletamrsecuritygroup"
+    vpc_id = "vpc-examplevpcnetworkid"
 }
 ```
 
 # Resources Created
 This terraform module will create:
 * an AWS RDS Postgres instance
 * database parameter group
+* A security group for the rds instance
 
 # Variables
 ## Inputs
-* `vpc_security_group_ids` (required): List of VPC security groups to associate
 * `password` (required): The postgres password
+* `tamr_vm_sg_id` (required): Security group id attached to the tamr vm
+* `spark_cluster_sg_id` (required): Security group is attached to the ec2 instances of EMR Spark
+* `vpc_id` (required): VPC ID for the rds security group
 * `username` (optional): The postgres username
 * `postgres_name` (optional): The name of the postgres instance
 * `parameter_group_name` (optional): The name of the rds parameter group
@@ -45,20 +50,22 @@ This terraform module will create:
 * `apply_immediately` (optional): Apply immediately, do not set this to true for production
 * `copy_tags_to_snapshot` (optional): Copy tags to snapshots
 * `additional_tags` (optional): Tags to set on the RDS instance
+* `security_group_name` (optional): Name for the security group for the rds instance
+* `additional_cidrs` (optional): Additional CIDR to connect to RDS Postgres instance
 
 ## Outputs
 * `rds_postgres_pg_id`: ID of the RDS postgres parameter group
 * `rds_postgres_id`: ID of the of the RDS instance
+* `rds_sg_id`: ID of the security group attached to the RDS instance
 
 # References
 * AWS RDS: https://aws.amazon.com/rds/features/
 * Terraform module structure: https://www.terraform.io/docs/modules/index.html#standard-module-structure
 
 # Development
 ## Releasing new versions
-* Update version contained in `VERSION`
-* Document changes in `CHANGELOG.md`
-* Create a tag in github for the commit associated with the version
+* Updated version contained in `VERSION`
+* Documented changes in `CHANGELOG.md`
 
 # License
 Apache 2 Licensed. See LICENSE for full details.
diff --git a/examples/local.tfvars b/examples/local.tfvars
@@ -0,0 +1 @@
+postgres_db_name = "example_postgres_db"
diff --git a/examples/main.tf b/examples/main.tf
@@ -0,0 +1,14 @@
+module "rds_postgres" {
+  source = "git::https://github.com/Datatamer/terraform-rds-postgres.git?ref=0.1.0"
+  postgres_name = "example_rds_postgres"
+  parameter_group_name = "example-rds-postgres-pg"
+  identifier_prefix = "example-rds-"
+
+  username = "exampleUsername"
+  password = "examplePassword"
+
+  subnet_name = "example_subnet"
+  spark_cluster_sg_ids = ["sg-examplesecuritygroup1", "sg-examplesecuritygroup2"]
+  tamr_vm_sg_id = "sg-exampletamrsecuritygroup"
+  vpc_id = "vpc-examplevpcnetworkid"
+}
diff --git a/examples/minimal/.gitignore b/examples/minimal/.gitignore
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
diff --git a/examples/minimal/outputs.tf b/examples/minimal/outputs.tf
diff --git a/examples/minimal/providers.tf b/examples/minimal/providers.tf
diff --git a/examples/variables.tf b/examples/variables.tf
@@ -0,0 +1,26 @@
+variable "postgres_db_name" {
+  type = string
+  description = "Name of the postgres db"
+}
+
+variable "parameter_group_name" {
+  type = string
+  description = "Name of the parameter group"
+}
+
+variable "identifier_prefix" {
+  type = string
+  description = "Identifier prefix for the resources"
+}
+
+variable "pg_username" {
+  type = string
+  description = "Username for postgres"
+}
+
+variable "pg_password" {
+  type = string
+  description = "Password for postgres"
+}
+
+
diff --git a/main.tf b/main.tf
@@ -1,7 +1,18 @@
 resource "aws_db_parameter_group" "rds_postgres_pg" {
     name        = var.parameter_group_name
     family      = "postgres9.6"
-    description = "RDS default parameter group"
+    description = "TAMR RDS parameter group"
+    tags = var.additional_tags
+}
+
+module "rds_sg" {
+    source = "./modules/rds-postgres-sg"
+    spark_cluster_sg_ids = var.spark_cluster_sg_ids
+    tamr_vm_sg_id = var.tamr_vm_sg_id
+    vpc_id = var.vpc_id
+    security_group_name = var.security_group_name
+    additional_cidrs = var.additional_cidrs
+    additional_tags = var.additional_tags
 }
 
 resource "aws_db_instance" "rds_postgres" {
@@ -23,7 +34,7 @@ resource "aws_db_instance" "rds_postgres" {
     db_subnet_group_name    = var.subnet_name
     multi_az                = true
     publicly_accessible     = false
-    vpc_security_group_ids  = var.vpc_security_group_ids
+    vpc_security_group_ids  = [module.rds_sg.rds_sg_id]
     parameter_group_name    = aws_db_parameter_group.rds_postgres_pg.name
 
     maintenance_window      = var.maintenance_window
@@ -34,10 +45,7 @@ resource "aws_db_instance" "rds_postgres" {
     apply_immediately       = var.apply_immediately
 
     copy_tags_to_snapshot   = var.copy_tags_to_snapshot
-    tags = merge(
-        {"Name": var.postgres_name},
-        var.additional_tags,
-    )
+    tags = var.additional_tags
 
     lifecycle {
       ignore_changes = [password]
diff --git a/modules/rds-postgres-sg/README.md b/modules/rds-postgres-sg/README.md
@@ -0,0 +1,32 @@
+# Tamr AWS RDS Security Groups Terraform Module
+This terraform module creates the security group and the security group rules for the AWS RDS instance
+
+# Example
+```
+module "rds_sg" {
+    source = "./modules/rds-postgres-sg"
+    spark_cluster_sg_ids = ["sg-examplesparksecuritygroup1", "sg-examplesparksecuritygroup2"]
+    tamr_vm_sg_id = "sg-exampletamrvmsecuritygroup"
+    vpc_id = "vpc-examplevpcid"
+    security_group_name = "examplerdssecuritygroup"
+    additional_cidrs = ["1.2.3.4/32"]
+}
+``` 
+
+# Variables
+## Inputs:
+* `tamr_vm_sg_id` (required): Security group id attached to the tamr vm
+* `spark_cluster_sg_ids` (required): List of Security groups attached to the ec2 instances of EMR Spark
+* `vpc_id` (required): VPC ID for the rds security group
+* `security_group_name` (optional): Name for the security group for the rds instance
+* `additional_cidrs` (optional): List of additional CIDR to connect to RDS Postgres instance
+* `additional_tags` (optional): Tags to set on the RDS instance security group
+
+## Outputs:
+* `rds_sg_id`: ID of the security group attached to the RDS instance
+
+# AWS Resources created
+This terraform module creates 1 Security Group:
+* A security group for the RDS instance
+
+This terraform module also creates Security Group Rules. The number of Security Group rules vary depending on the additional CIDRs provided.
diff --git a/modules/rds-postgres-sg/main.tf b/modules/rds-postgres-sg/main.tf
@@ -0,0 +1,35 @@
+resource "aws_security_group" "rds_postgres_sg" {
+  name = var.security_group_name
+  description = "VPC Security group that will be attached to the RDS Postgres instance"
+  vpc_id = var.vpc_id
+  tags = var.additional_tags
+}
+
+resource "aws_security_group_rule" "tamr_vm" {
+  from_port = 5432
+  protocol = "tcp"
+  security_group_id = aws_security_group.rds_postgres_sg.id
+  to_port = 5432
+  type = "ingress"
+  source_security_group_id = var.tamr_vm_sg_id
+}
+
+resource "aws_security_group_rule" "spark_cluster" {
+  count = length(var.spark_cluster_sg_ids)
+  from_port = 5432
+  protocol = "tcp"
+  security_group_id = aws_security_group.rds_postgres_sg.id
+  to_port = 5432
+  type = "ingress"
+  source_security_group_id = var.spark_cluster_sg_ids[count.index]
+}
+
+resource "aws_security_group_rule" "additional_cidrs" {
+  count = length(var.additional_cidrs) == 0 ? 0 : 1
+  from_port = 5432
+  protocol = "tcp"
+  security_group_id = aws_security_group.rds_postgres_sg.id
+  to_port = 5432
+  type = "ingress"
+  cidr_blocks = var.additional_cidrs
+}
diff --git a/modules/rds-postgres-sg/outputs.tf b/modules/rds-postgres-sg/outputs.tf
@@ -0,0 +1,3 @@
+output "rds_sg_id" {
+  value = aws_security_group.rds_postgres_sg.id
+}
diff --git a/modules/rds-postgres-sg/variables.tf b/modules/rds-postgres-sg/variables.tf
@@ -0,0 +1,32 @@
+variable "security_group_name" {
+  description = "Name for the security group for the rds instance"
+  type = string
+  default = "tamr_rds_sg"
+}
+
+variable "tamr_vm_sg_id" {
+  description = "Security group id attached to the tamr vm"
+  type = string
+}
+
+variable "spark_cluster_sg_ids" {
+  description = "List of Security groups attached to the ec2 instances of EMR Spark"
+  type = list(string)
+}
+
+variable "vpc_id" {
+  description = "VPC ID for the rds security group"
+  type = string
+}
+
+variable "additional_cidrs" {
+  description = "Additional CIDR to connect to RDS Postgres instance"
+  type = list(string)
+  default = []
+}
+
+variable "additional_tags" {
+  description = "Additional tags to set on the RDS instance"
+  type = map
+  default = {}
+}
diff --git a/outputs.tf b/outputs.tf
@@ -7,3 +7,12 @@ output "rds_postgres_id" {
   value = aws_db_instance.rds_postgres.id
   description = "ID of the of the RDS instance"
 }
+
+output "rds_sg_id" {
+  value = module.rds_sg.rds_sg_id
+  description = "ID of the security group attached to the rds instance"
+}
+
+output "rds_hostname" {
+  value = aws_db_instance.rds_postgres.address
+}
diff --git a/variables.tf b/variables.tf
@@ -87,11 +87,6 @@ variable "subnet_name" {
     default = null
 }
 
-variable "vpc_security_group_ids" {
-    description = "List of VPC security groups to associate"
-    type = list
-}
-
 variable "copy_tags_to_snapshot" {
     description = "Copy tags to snapshots"
     type = bool
@@ -103,3 +98,30 @@ variable "additional_tags" {
     type = map
     default = {}
 }
+
+variable "security_group_name" {
+    description = "Name for the security group for the rds instance"
+    type = string
+    default = "tamr_rds_sg"
+}
+
+variable "tamr_vm_sg_id" {
+    description = "Security group id attached to the tamr vm"
+    type = string
+}
+
+variable "spark_cluster_sg_ids" {
+    description = "Security group is attached to the ec2 instances of EMR Spark"
+    type = list(string)
+}
+
+variable "vpc_id" {
+    description = "VPC ID for the rds security group"
+    type = string
+}
+
+variable "additional_cidrs" {
+    description = "Additional CIDR to connect to RDS Postgres instance"
+    type = list(string)
+    default = []
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+postgres_db_name = "example_postgres_db"`