PLT-562 Create database shared terraform service in the platform repo (…

…#112) Co-authored-by: klin <[email protected]>
CMSgov · Sep 3, 2024 · fd91d12 · fd91d12
1 parent be4ce69
commit fd91d12
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 0 deletions.
diff --git a/.github/workflows/api-rds-plan.yml b/.github/workflows/api-rds-plan.yml
@@ -0,0 +1,35 @@
+name: api-rds plan terraform
+
+on:
+  pull_request:
+    paths:
+      - terraform/services/api-rds/**
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  terraform-plan:
+    needs: check-terraform-fmt
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./terraform/services/api-rds
+    strategy:
+      fail-fast: false
+      matrix:
+        app: [ab2d, bcda, dpc]
+        env: [dev, test, sbx, prod]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./actions/setup-tfenv-terraform
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ matrix.app == 'ab2d' && secrets[format('{0}_{1}_ACCOUNT', matrix.app, matrix.env)] || secrets.BCDA_ACCOUNT }}:role/delegatedadmin/developer/${{ matrix.app }}-${{ matrix.env }}-github-actions
+          aws-region: ${{ vars.AWS_REGION }}
+      - run: terraform init -backend-config=../../backends/${{ matrix.app }}-${{ matrix.env }}.s3.tfbackend
+      - run: terraform plan
+        env:
+          TF_VAR_app: ${{ matrix.app }}
+          TF_VAR_env: ${{ matrix.env }}
diff --git a/terraform/services/api-rds/README.md b/terraform/services/api-rds/README.md
@@ -0,0 +1,12 @@
+# Terraform for the AWS RDS configuration for APIs in target accounts
+
+This terraform code sets up the RDS for the APIs.
+
+## Instructions
+
+Pass in a backend file when running terraform init. Example:
+
+```bash
+terraform init -reconfigure -backend-config=../../backends/ab2d-dev.s3.tfbackend
+terraform plan
+```
diff --git a/terraform/services/api-rds/main.tf b/terraform/services/api-rds/main.tf
@@ -0,0 +1,10 @@
+resource "aws_db_instance" "api" {
+  identifier            = "${var.env}-${var.app}"
+  allocated_storage     = 10
+  max_allocated_storage = 100
+  storage_type          = "gp2"
+  engine                = "postgres"
+  engine_version        = "11"
+  instance_class        = "db.m6i.large"
+  skip_final_snapshot   = false
+}
diff --git a/terraform/services/api-rds/terraform.tf b/terraform/services/api-rds/terraform.tf
@@ -0,0 +1,18 @@
+provider "aws" {
+  default_tags {
+    tags = {
+      application = var.app
+      business    = "oeda"
+      code        = "https://github.com/CMSgov/ab2d-bcda-dpc-platform/tree/main/terraform/services/api-rds"
+      component   = "api-rds"
+      environment = var.env
+      terraform   = true
+    }
+  }
+}
+
+terraform {
+  backend "s3" {
+    key = "api-rds/terraform.tfstate"
+  }
+}
diff --git a/terraform/services/api-rds/variables.tf b/terraform/services/api-rds/variables.tf
@@ -0,0 +1,17 @@
+variable "app" {
+  description = "The application name (ab2d, bcda, dpc)"
+  type        = string
+  validation {
+    condition     = contains(["ab2d", "bcda", "dpc"], var.app)
+    error_message = "Valid value for app is ab2d, bcda, or dpc."
+  }
+}
+
+variable "env" {
+  description = "The application environment (dev, test, sbx, prod)"
+  type        = string
+  validation {
+    condition     = contains(["dev", "test", "sbx", "prod"], var.env)
+    error_message = "Valid value for env is dev, test, sbx, or prod."
+  }
+}