diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/self-host/aws_db.tf
@@ -0,0 +1,44 @@
+# MariaDB Security Group
+resource "aws_security_group" "keyserver_mariadb_security_group" {
+ name = "keyserver-mariadb-sg"
+ description = "Allow inbound traffic on port 3307 and all outbound traffic"
+ vpc_id = aws_vpc.default.id
+
+ # Inbound rules
+ ingress {
+ from_port = 3307
+ to_port = 3307
+ protocol = "tcp"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+
+ # Outbound rules
+ egress {
+ from_port = 0
+ to_port = 0
+ protocol = "-1"
+ cidr_blocks = ["0.0.0.0/0"]
+ }
+}
+
+
+# MariaDB RDS Instance
+resource "aws_db_instance" "mariadb" {
+ allocated_storage = 100
+ max_allocated_storage = 3000
+ storage_type = "gp3"
+ db_name = "mariadb"
+ identifier = "mariadb-instance"
+ engine = "mariadb"
+ engine_version = "10.11"
+ instance_class = "db.m6g.large"
+ db_subnet_group_name = aws_db_subnet_group.public_db_subnet_group.name
+ vpc_security_group_ids = [aws_security_group.keyserver_mariadb_security_group.id]
+ username = local.secrets["mariaDB"]["username"]
+ password = local.secrets["mariaDB"]["password"]
+ parameter_group_name = "default.mariadb10.11"
+ storage_encrypted = true
+ publicly_accessible = true
+ port = 3307
+ skip_final_snapshot = true
+}
diff --git a/services/terraform/self-host/aws_vpc.tf b/services/terraform/self-host/aws_vpc.tf
--- a/services/terraform/self-host/aws_vpc.tf
+++ b/services/terraform/self-host/aws_vpc.tf
@@ -44,3 +44,13 @@
subnet_id = aws_subnet.public_b.id
route_table_id = aws_route_table.public_igw_route_table.id
}
+
+# DB Subnet Group
+resource "aws_db_subnet_group" "public_db_subnet_group" {
+ name = "public-db-subnet-group"
+ subnet_ids = [aws_subnet.public_a.id, aws_subnet.public_b.id]
+
+ tags = {
+ Name = "DB subnet group associated with private vpc subnet"
+ }
+}