mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
a23ce1b0a2
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
125 lines
4.6 KiB
HCL
125 lines
4.6 KiB
HCL
module "byo-db" {
|
|
source = "./byo-db"
|
|
vpc_id = var.vpc_config.vpc_id
|
|
fleet_config = merge(var.fleet_config, {
|
|
database = {
|
|
address = module.rds.cluster_endpoint
|
|
database = "fleet"
|
|
user = "fleet"
|
|
password_secret_arn = module.secrets-manager-1.secret_arns["${var.rds_config.name}-database-password"]
|
|
}
|
|
redis = {
|
|
address = "${module.redis.endpoint}:${module.redis.port}"
|
|
}
|
|
networking = {
|
|
subnets = var.vpc_config.networking.subnets
|
|
}
|
|
})
|
|
ecs_cluster = var.ecs_cluster
|
|
migration_config = var.migration_config
|
|
alb_config = var.alb_config
|
|
}
|
|
|
|
resource "random_password" "rds" {
|
|
length = 16
|
|
special = true
|
|
override_special = "!#$%&*()-_=+[]{}<>:?"
|
|
}
|
|
|
|
module "rds" {
|
|
source = "terraform-aws-modules/rds-aurora/aws"
|
|
version = "7.6.0"
|
|
|
|
name = var.rds_config.name
|
|
engine = "aurora-mysql"
|
|
engine_version = var.rds_config.engine_version
|
|
instance_class = var.rds_config.instance_class
|
|
|
|
instances = {
|
|
one = {}
|
|
two = {}
|
|
}
|
|
|
|
vpc_id = var.vpc_config.vpc_id
|
|
subnets = var.rds_config.subnets
|
|
|
|
allowed_security_groups = concat(tolist(module.byo-db.byo-ecs.non_circular.security_groups), var.rds_config.allowed_security_groups)
|
|
allowed_cidr_blocks = var.rds_config.allowed_cidr_blocks
|
|
|
|
storage_encrypted = true
|
|
apply_immediately = var.rds_config.apply_immediately
|
|
monitoring_interval = var.rds_config.monitoring_interval
|
|
|
|
db_parameter_group_name = var.rds_config.db_parameter_group_name == null ? aws_db_parameter_group.main[0].id : var.rds_config.db_parameter_group_name
|
|
db_cluster_parameter_group_name = var.rds_config.db_cluster_parameter_group_name == null ? aws_rds_cluster_parameter_group.main[0].id : var.rds_config.db_cluster_parameter_group_name
|
|
|
|
enabled_cloudwatch_logs_exports = var.rds_config.enabled_cloudwatch_logs_exports
|
|
master_username = var.rds_config.master_username
|
|
master_password = random_password.rds.result
|
|
database_name = "fleet"
|
|
skip_final_snapshot = true
|
|
snapshot_identifier = var.rds_config.snapshot_identifier
|
|
}
|
|
|
|
data "aws_subnet" "redis" {
|
|
for_each = toset(var.redis_config.subnets)
|
|
id = each.value
|
|
}
|
|
|
|
module "redis" {
|
|
source = "cloudposse/elasticache-redis/aws"
|
|
version = "0.48.0"
|
|
|
|
name = var.redis_config.name
|
|
replication_group_id = var.redis_config.replication_group_id == null ? var.redis_config.name : var.redis_config.replication_group_id
|
|
elasticache_subnet_group_name = var.redis_config.elasticache_subnet_group_name == null ? var.redis_config.name : var.redis_config.elasticache_subnet_group_name
|
|
availability_zones = var.redis_config.availability_zones
|
|
vpc_id = var.vpc_config.vpc_id
|
|
description = "Fleet Redis"
|
|
#allowed_security_group_ids = concat(var.redis_config.allowed_security_group_ids, module.byo-db.ecs.security_group)
|
|
subnets = var.redis_config.subnets
|
|
cluster_size = var.redis_config.cluster_size
|
|
instance_type = var.redis_config.instance_type
|
|
apply_immediately = var.redis_config.apply_immediately
|
|
automatic_failover_enabled = var.redis_config.automatic_failover_enabled
|
|
engine_version = var.redis_config.engine_version
|
|
family = var.redis_config.family
|
|
at_rest_encryption_enabled = var.redis_config.at_rest_encryption_enabled
|
|
transit_encryption_enabled = var.redis_config.transit_encryption_enabled
|
|
parameter = var.redis_config.parameter
|
|
additional_security_group_rules = [{
|
|
type = "ingress"
|
|
from_port = 0
|
|
to_port = 65535
|
|
protocol = "tcp"
|
|
cidr_blocks = ["10.0.0.0/8"]
|
|
}]
|
|
}
|
|
|
|
module "secrets-manager-1" {
|
|
source = "lgallard/secrets-manager/aws"
|
|
version = "0.6.1"
|
|
|
|
secrets = {
|
|
"${var.rds_config.name}-database-password" = {
|
|
description = "fleet-database-password"
|
|
recovery_window_in_days = 0
|
|
secret_string = module.rds.cluster_master_password
|
|
},
|
|
}
|
|
}
|
|
|
|
resource "aws_db_parameter_group" "main" {
|
|
count = var.rds_config.db_parameter_group_name == null ? 1 : 0
|
|
name = var.rds_config.name
|
|
family = "aurora-mysql8.0"
|
|
description = "fleet"
|
|
}
|
|
|
|
resource "aws_rds_cluster_parameter_group" "main" {
|
|
count = var.rds_config.db_cluster_parameter_group_name == null ? 1 : 0
|
|
name = var.rds_config.name
|
|
family = "aurora-mysql8.0"
|
|
description = "fleet"
|
|
}
|