diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf new file mode 100644 --- /dev/null +++ b/services/terraform/self-host/aws_db.tf @@ -0,0 +1,44 @@ +# MariaDB Security Group +resource "aws_security_group" "keyserver_mariadb_security_group" { + name = "keyserver-mariadb-sg" + description = "Allow inbound traffic on port 3307 and all outbound traffic" + vpc_id = aws_vpc.default.id + + # Inbound rules + ingress { + from_port = 3307 + to_port = 3307 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Outbound rules + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + + +# MariaDB RDS Instance +resource "aws_db_instance" "mariadb" { + allocated_storage = 100 + max_allocated_storage = 3000 + storage_type = "gp3" + db_name = "mariadb" + identifier = "mariadb-instance" + engine = "mariadb" + engine_version = "10.11" + instance_class = "db.m6g.large" + db_subnet_group_name = aws_db_subnet_group.public_db_subnet_group.name + vpc_security_group_ids = [aws_security_group.keyserver_mariadb_security_group.id] + username = local.secrets["mariaDB"]["username"] + password = local.secrets["mariaDB"]["password"] + parameter_group_name = "default.mariadb10.11" + storage_encrypted = true + publicly_accessible = true + port = 3307 + skip_final_snapshot = true +} diff --git a/services/terraform/self-host/aws_vpc.tf b/services/terraform/self-host/aws_vpc.tf --- a/services/terraform/self-host/aws_vpc.tf +++ b/services/terraform/self-host/aws_vpc.tf @@ -44,3 +44,13 @@ subnet_id = aws_subnet.public_b.id route_table_id = aws_route_table.public_igw_route_table.id } + +# DB Subnet Group +resource "aws_db_subnet_group" "public_db_subnet_group" { + name = "public-db-subnet-group" + subnet_ids = [aws_subnet.public_a.id, aws_subnet.public_b.id] + + tags = { + Name = "DB subnet group associated with private vpc subnet" + } +}