orange-musician-98025
06/09/2021, 8:58 PMbored-table-20691
06/09/2021, 9:00 PMrdsSg, err := ec2.NewSecurityGroup(ctx, "ssa-rds-private-access-sg", &ec2.SecurityGroupArgs{
VpcId: networkConfig.VPC.ID(),
NamePrefix: pulumi.String("ssa-rds-private-access-"),
Description: pulumi.String("Allow access inside the subnet to RDS"),
Ingress: ec2.SecurityGroupIngressArray{
ec2.SecurityGroupIngressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(5432), ToPort: <http://pulumi.Int|pulumi.Int>(5432), CidrBlocks: pulumi.ToStringArray(networkConfig.Subnets.PrivateCIDRs)},
ec2.SecurityGroupIngressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(5432), ToPort: <http://pulumi.Int|pulumi.Int>(5432), CidrBlocks: pulumi.ToStringArray([]string{okeraCfg.Require("peer-vpc-cidr")})},
},
Egress: ec2.SecurityGroupEgressArray{
ec2.SecurityGroupEgressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(0), ToPort: <http://pulumi.Int|pulumi.Int>(0), CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")}},
},
})
if err != nil {
return nil, err
}
dbPassword, err := random.NewRandomPassword(ctx, "aurora-postgres-ssa-tenants-password", &random.RandomPasswordArgs{
Length: <http://pulumi.Int|pulumi.Int>(10),
Special: pulumi.Bool(false),
})
if err != nil {
return nil, err
}
rdsSubnetGroup, err := rds.NewSubnetGroup(ctx, "aurora-postgres-ssa-tenants-subnet-group", &rds.SubnetGroupArgs{
SubnetIds: pulumi.ToStringArrayOutput(networkConfig.Subnets.PrivateSubnetIDs),
})
if err != nil {
return nil, err
}
rdsAzs := networkConfig.AvailabilityZones
if len(rdsAzs) > 3 {
rdsAzs = rdsAzs[:3]
}
rdsCluster, err := rds.NewCluster(ctx, "aurora-postgres-ssa-tenants", &rds.ClusterArgs{
// RDS only supports up to three AZs, so we use the first three
AvailabilityZones: pulumi.ToStringArray(rdsAzs),
BackupRetentionPeriod: <http://pulumi.Int|pulumi.Int>(5),
ClusterIdentifier: pulumi.String("aurora-postgres-ssa-tenants"),
DatabaseName: pulumi.String("okeradb"),
Engine: pulumi.String("aurora-postgresql"),
EngineVersion: pulumi.String("12.4"),
MasterPassword: dbPassword.Result,
MasterUsername: pulumi.String("okera"),
PreferredBackupWindow: pulumi.String("07:00-09:00"),
ApplyImmediately: pulumi.Bool(true),
EnabledCloudwatchLogsExports: pulumi.ToStringArray([]string{
"postgresql",
}),
VpcSecurityGroupIds: pulumi.StringArray{rdsSg.ID()},
DbSubnetGroupName: rdsSubnetGroup.Name,
})
if err != nil {
return nil, err
}
var clusterInstances []*rds.ClusterInstance
rdsInstance, err := rds.NewClusterInstance(ctx, fmt.Sprintf("aurora-postgres-ssa-tenants-instance-%v", 0), &rds.ClusterInstanceArgs{
Identifier: pulumi.String(fmt.Sprintf("aurora-postgres-ssa-tenants-instance-%v", 0)),
ClusterIdentifier: rdsCluster.ID(),
InstanceClass: pulumi.String("db.r6g.large"),
Engine: rdsCluster.Engine,
EngineVersion: rdsCluster.EngineVersion,
DbSubnetGroupName: rdsSubnetGroup.Name,
})
if err != nil {
return nil, err
}
clusterInstances = append(clusterInstances, rdsInstance)
orange-musician-98025
06/09/2021, 9:03 PMbored-table-20691
06/09/2021, 9:03 PMorange-musician-98025
06/09/2021, 9:04 PMbored-table-20691
06/09/2021, 9:05 PMbrave-planet-10645
06/10/2021, 1:11 PM