Update rds instance

chapter-gtm · Nov 10, 2024 · 9351176 · 9351176
1 parent a564b80
commit 9351176
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 12 deletions.
diff --git a/deploy/aws/tf/main.tf b/deploy/aws/tf/main.tf
@@ -85,6 +85,10 @@ module "jumpbox" {
   public_subnet_id   = module.vpc.public_subnets[0]
   security_group_ids = [module.vpc.ec2_jumpbox_security_group_id]
   ec2_key_pair_name  = var.ec2_key_pair_name
+  db_address = module.rds.rds_address
+  db_username = jsondecode(module.rds.rds_secret_string).username
+  db_password = jsondecode(module.rds.rds_secret_string).password
+  db_name = jsondecode(module.rds.rds_secret_string).dbname
 }
 
 module "s3" {

diff --git a/deploy/aws/tf/modules/jumpbox/main.tf b/deploy/aws/tf/modules/jumpbox/main.tf
@@ -6,7 +6,7 @@ data "aws_ami" "aws_linux" {
 
   filter {
     name   = "name"
-    values = ["al2023-ami-2023.5.20240805.0-kernel-6.1-x86_64"]
+    values = ["al2023-ami-2023.6.20241031.0-kernel-6.1-x86_64"]
   }
 }
 
@@ -23,7 +23,26 @@ resource "aws_instance" "ec2_jumpbox" {
     Environment = var.environment
   }
 
-  depends_on = [var.vpc_id, var.public_subnet_id]
+  user_data = <<-EOF
+    #!/bin/bash
+    sudo yum update -y
+    sudo dnf install postgresql16 -y
+  EOF
+
+  provisioner "remote-exec" {
+    inline = [
+      "PGPASSWORD=${var.db_password} psql -h ${var.db_address} -U ${var.db_username} -c 'CREATE DATABASE ${var.db_name};'"
+    ]
+
+    connection {
+      type        = "ssh"
+      user        = "ec2-user"  # Or "ubuntu" depending on your AMI
+      private_key = file("~/.ssh/nectar-shri.pem")
+      host        = self.public_ip
+    }
+  }
+
+  depends_on = [var.vpc_id, var.public_subnet_id, var.db_username, var.db_password, var.db_name, var.db_address]
 }
 
 # Allocate an Elastic IP

diff --git a/deploy/aws/tf/modules/jumpbox/variables.tf b/deploy/aws/tf/modules/jumpbox/variables.tf
@@ -29,3 +29,23 @@ variable "ec2_key_pair_name" {
   description = "SSH key name for the EC2 instance"
   type        = string
 }
+
+variable "db_address" {
+  description = "Database Address"
+  type        = string
+}
+
+variable "db_username" {
+  description = "Database Username"
+  type        = string
+}
+
+variable "db_password" {
+  description = "Database Password"
+  type        = string
+}
+
+variable "db_name" {
+  description = "Database name"
+  type        = string
+}
diff --git a/deploy/aws/tf/modules/rds/main.tf b/deploy/aws/tf/modules/rds/main.tf
@@ -38,19 +38,46 @@ data "aws_secretsmanager_secret_version" "app_db_password_version_data" {
   depends_on = [aws_secretsmanager_secret.app_db_password, aws_secretsmanager_secret_version.app_db_password_version]
 }
 
+resource "aws_db_parameter_group" "custom_pg_parameters" {
+  name        = "custom-postgres-parameters"
+  family      = "postgres16"
+  description = "Custom parameter group with slow query logging enabled"
+
+  # Set parameters for slow query logging
+  parameter {
+      name  = "log_min_duration_statement"
+      value = "1000" # Log queries longer than 1000 ms (1 second)
+  }
+
+  parameter  {
+    name  = "log_statement"
+    value = "none" # You can set this to "all" to log every statement
+  }
+
+  parameter {
+    name  = "work_mem"
+    value = "8192"  # Set your desired value for work_mem (e.g., 8MB, 16MB, etc.)
+  }
+}
+
 resource "aws_db_instance" "app_db" {
   identifier              = "${var.app_name}-db-${var.environment}"
   engine                  = "postgres"
-  instance_class          = "db.t4g.micro"
+  instance_class          = "db.t3.medium"
   allocated_storage       = 20
   storage_type            = "gp2"
   username                = var.app_db_user
   password                = jsondecode(data.aws_secretsmanager_secret_version.app_db_password_version_data.secret_string).password
   db_subnet_group_name    = aws_db_subnet_group.app_db_subnet_group.name
   vpc_security_group_ids  = var.security_group_ids
+  parameter_group_name    = aws_db_parameter_group.custom_pg_parameters.name # Reference the custom parameter group
+  storage_encrypted       = true
 
   skip_final_snapshot     = true
 
+  # Apply immediately to ensure changes take effect without waiting for the maintenance window
+  apply_immediately = true
+
   backup_retention_period = 7  # Retain backups for 7 days
   backup_window            = "05:00-06:00"  # Define a backup window (optional)
   maintenance_window       = "Sun:07:00-Sun:13:00"  # Define a maintenance window (optional)
@@ -60,15 +87,6 @@ resource "aws_db_instance" "app_db" {
     Enviorment = var.environment
   }
 
-  provisioner "local-exec" {
-    command = <<EOT
-      PGPASSWORD="${jsondecode(data.aws_secretsmanager_secret_version.app_db_password_version_data.secret_string).password}" psql -h ${self.address} -U ${var.app_db_user} -c "CREATE DATABASE ${var.app_db_name};"
-    EOT
-    environment = {
-      PGPASSWORD = jsondecode(data.aws_secretsmanager_secret_version.app_db_password_version_data.secret_string).password
-    }
-  }
-
   depends_on = [var.vpc_id, aws_secretsmanager_secret.app_db_password]
 }
 

diff --git a/deploy/aws/tf/modules/rds/outputs.tf b/deploy/aws/tf/modules/rds/outputs.tf
@@ -10,7 +10,17 @@ output "rds_endpoint" {
   value       = aws_db_instance.app_db.endpoint
 }
 
+output "rds_address" {
+  description = "Address of the RDS instance"
+  value       = aws_db_instance.app_db.address
+}
+
 output "rds_db_secret_arn" {
   description = "RDS database secret arn"
   value       = aws_secretsmanager_secret.app_db_password.arn
 }
+
+output "rds_secret_string" {
+  description = "Secrets string for RDS app database from secrets manager "
+  value       = aws_secretsmanager_secret_version.app_db_password_version.secret_string
+}