Database

.github/workflows/aws-rds.yml

@@ -0,0 +1,42 @@
+name: deploy database
+run-name: deploying database
+on: [push]
+
+jobs:
+  DeployDb:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Add profile credentials to ~/.aws/credentials
+        run: |
+          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile default
+          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile default
+
+      - name: Add profile config to ~/.aws/config
+        run: |
+          aws configure set aws_default_region ap-south-1 --profile default
+          aws configure set aws_default_output json --profile default
+
+      - name: Deploy DB to AWS RDS
+        uses: hashicorp/setup-terraform@v1
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Validate
+        run: terraform validate
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        run: terraform apply -auto-approve
+        env:
+          TF_VAR_db_password: ${{ secrets.DB_PASSWORD }}

main.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.5.0"
+    }
+  }
+  required_version = ">= 0.14.9"
+}
+
+provider "aws" {
+  region  = "ap-south-1"
+  profile = "default"
+} 
+
+module "rds" {
+  source      = "./rds"
+  db_password = "env.db_password"
+} 

rds/rds.tf

@@ -0,0 +1,135 @@
+
+locals {
+  port_http  = 80
+  port_https = 443
+  port_mysql = 3306
+  port_postgres = 5432
+  port_ssh   = 22
+}
+
+
+data "aws_vpc" "default_vpc_data" {
+  default = true
+}
+
+resource "aws_security_group" "instance_security_group" {
+  name   = "allow_ec2_instance_mysql"
+  vpc_id = data.aws_vpc.default_vpc_data.id
+
+  ingress {
+    from_port        = local.port_mysql
+    to_port          = local.port_mysql
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    from_port        = local.port_ssh
+    to_port          = local.port_ssh
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    from_port        = local.port_https
+    to_port          = local.port_https
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+  ingress {
+    from_port        = local.port_http
+    to_port          = local.port_http
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+  ingress {
+    from_port        = local.port_postgres
+    to_port          = local.port_postgres
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
+
+resource "aws_db_instance" "learningplanner_production_db" {
+  identifier             = "learningplanner-production-db"
+  db_name                = "learningplanner_production"
+  engine                 = "postgres"
+  engine_version         = "14"
+  instance_class         = "db.t3.micro"
+  allocated_storage      = 20
+  username               = "postgres"
+  password               = "var.db_password"
+  skip_final_snapshot    = true
+  port                   = 3306
+  publicly_accessible    = false
+  availability_zone      = "ap-south-1a"
+  vpc_security_group_ids = [aws_security_group.database_security_group_rds_production.id]
+}
+
+
+resource "aws_security_group" "database_security_group_rds_production" {
+  name = "rds-ec2-sg-production"
+
+  ingress {
+    from_port       = 3306
+    protocol        = "tcp"
+    to_port         = 3306
+    security_groups = [aws_security_group.instance_security_group.id]
+  }
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
+
+
+resource "aws_db_instance" "learningplanner_development_db" {
+  identifier             = "learningplanner-development-db"
+  db_name                = "learningplanner_development"
+  engine                 = "postgres"
+  engine_version         = "14"
+  instance_class         = "db.t3.micro"
+  allocated_storage      = 20
+  username               = "postgres"
+  password               = "var.db_password"
+  skip_final_snapshot    = true
+  port                   = 5432
+  publicly_accessible    = false
+  availability_zone      = "ap-south-1a"
+  vpc_security_group_ids = [aws_security_group.database_security_group_rds_development.id]
+}
+
+
+resource "aws_security_group" "database_security_group_rds_development" {
+  name = "rds-ec2-sg-development"
+
+  ingress {
+    from_port       = 5432
+    protocol        = "tcp"
+    to_port         = 5432
+    security_groups = [aws_security_group.instance_security_group.id]
+  }
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}

rds/variable.tf

@@ -0,0 +1,4 @@
+variable "db_password" {
+    description = "Database Password"
+}
+