init

Author: simplyalam

.github/workflows/ryvn-aws-rds-postgres-release.yaml

@@ -0,0 +1,104 @@
+name: Build & Release aws-rds-postgres
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "**"
+  pull_request:
+    branches:
+      - "main"
+    paths:
+      - "**"
+
+env:
+  SERVICE_NAME: aws-rds-postgres
+
+jobs:
+  generate-tag:
+    name: Generate Release Tag
+    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    outputs:
+      version: ${{ steps.generate-tag.outputs.version }}
+      new_tag: ${{ steps.generate-tag.outputs.new_tag }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Ryvn CLI
+        uses: ryvn-technologies/install-ryvn-cli@v1.0.0
+
+      - name: Generate Release Tag
+        id: generate-tag
+        env:
+          RYVN_CLIENT_ID: ${{ secrets.RYVN_CLIENT_ID }}
+          RYVN_CLIENT_SECRET: ${{ secrets.RYVN_CLIENT_SECRET }}
+        run: |
+          # Generate new tag using ryvn CLI
+          tag_info=$(ryvn generate-release-tag ${{ env.SERVICE_NAME }} --prefix=aws-rds-postgres@ -o json --default-bump-minor)
+          
+          # Extract version and tag from JSON output
+          version=$(echo "$tag_info" | jq -r '.version')
+          new_tag=$(echo "$tag_info" | jq -r '.tag')
+          
+          echo "version=$version" >> $GITHUB_OUTPUT
+          echo "new_tag=$new_tag" >> $GITHUB_OUTPUT
+
+
+  release:
+    name: Create Release
+  
+    needs: [generate-tag]
+  
+    if: |
+      github.ref == format('refs/heads/{0}', github.event.repository.default_branch) &&
+      !contains(github.event.head_commit.message, '[skip-release]') &&
+      !contains(github.event.pull_request.title, '[skip-release]')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Ryvn CLI
+        uses: ryvn-technologies/install-ryvn-cli@v1.0.0
+
+      - name: Create Ryvn Release
+        env:
+          RYVN_CLIENT_ID: ${{ secrets.RYVN_CLIENT_ID }}
+          RYVN_CLIENT_SECRET: ${{ secrets.RYVN_CLIENT_SECRET }}
+        run: |
+          version="${{ needs.generate-tag.outputs.new_tag }}"
+          version=${version#aws-rds-postgres@}
+          version=${version#@}
+          ryvn create release ${{ env.SERVICE_NAME }} $version
+
+      - name: Create GitHub Tag
+        run: |
+          new_tag="${{ needs.generate-tag.outputs.new_tag }}"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+          git tag $new_tag
+          git push origin $new_tag
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ needs.generate-tag.outputs.new_tag }}
+          name: ${{ needs.generate-tag.outputs.new_tag }}
+          generate_release_notes: true
+          draft: false
+          prerelease: false

README.md

@@ -0,0 +1,104 @@
+# AWS RDS PostgreSQL Terraform Module
+
+This Terraform module provisions a PostgreSQL database instance on Amazon RDS with configurable settings and security groups.
+
+## Features
+
+- Creates a PostgreSQL RDS instance with customizable configuration
+- Sets up a dedicated VPC security group with configurable access rules
+- Configures subnet groups for the RDS instance
+- Supports encryption, backups, and maintenance windows
+- Generates random pet names for resource identification
+
+## Usage
+
+```hcl
+module "postgres" {
+  source = "github.com/ryvn-technologies/aws-rds-postgres"
+
+  # Required variables
+  vpc_id        = "vpc-xxxxxxxx"
+  subnet_ids    = ["subnet-xxxxxxxx", "subnet-yyyyyyyy"]
+  database_name = "myapp"
+  username      = "dbadmin"
+  password      = "your-secure-password"
+
+  # Optional variables
+  instance_class    = "db.t3.micro"
+  allocated_storage = 20
+  
+  # Configure access rules
+  ingress_cidr_blocks = ["10.0.0.0/8"]  # Restrict access to internal network
+  
+  tags = {
+    Environment = "production"
+    Project     = "myapp"
+  }
+}
+```
+
+## Requirements
+
+- Terraform >= 1.0.0
+- AWS Provider >= 4.0.0
+- Random Provider >= 3.0.0
+
+## Providers
+
+| Name   | Version |
+|--------|---------|
+| aws    | >= 4.0.0 |
+| random | >= 3.0.0 |
+
+## Inputs
+
+### Required Variables
+
+| Name | Description | Type | Default |
+|------|-------------|------|---------|
+| vpc_id | VPC ID where RDS will be deployed | `string` | - |
+| subnet_ids | A list of VPC subnet IDs | `list(string)` | - |
+| database_name | The name of the database to create | `string` | - |
+| username | Username for the master DB user | `string` | - |
+| password | Password for the master DB user | `string` | - |
+
+### Optional Variables
+
+| Name | Description | Type | Default |
+|------|-------------|------|---------|
+| region | AWS region for the provider configuration | `string` | - |
+| engine_version | PostgreSQL engine version | `string` | `"17.4"` |
+| instance_class | The instance type of the RDS instance | `string` | `"db.t3.micro"` |
+| allocated_storage | The allocated storage in gigabytes | `number` | `20` |
+| storage_type | Storage type (standard, gp2, or io1) | `string` | `"gp2"` |
+| storage_encrypted | Specifies whether the DB instance is encrypted | `bool` | `true` |
+| multi_az | Specifies if the RDS instance is multi-AZ | `bool` | `false` |
+| backup_retention_period | The days to retain backups for | `number` | `7` |
+| backup_window | The daily time range for automated backups | `string` | `"03:00-04:00"` |
+| maintenance_window | The window to perform maintenance in | `string` | `"Mon:04:00-Mon:05:00"` |
+| skip_final_snapshot | Skip final snapshot before deletion | `bool` | `false` |
+| ingress_cidr_blocks | List of CIDR blocks to allow access to the database | `list(string)` | `["0.0.0.0/0"]` |
+| egress_cidr_blocks | List of CIDR blocks to allow egress traffic from the database | `list(string)` | `["0.0.0.0/0"]` |
+| tags | A mapping of tags to assign to all resources | `map(string)` | `{}` |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| db_instance_id | The RDS instance ID |
+| db_instance_address | The address of the RDS instance |
+| db_instance_endpoint | The connection endpoint |
+| db_instance_port | The database port |
+| db_subnet_group_id | The db subnet group name |
+| db_security_group_id | The security group ID |
+
+## Security Considerations
+
+- By default, the security group allows inbound access on port 5432 from all IP addresses (0.0.0.0/0). It's strongly recommended to restrict this using the `ingress_cidr_blocks` variable in production environments.
+- Database encryption is enabled by default using AWS KMS.
+- Final snapshots are created by default when destroying the database (skip_final_snapshot = false).
+- The module uses Kubernetes backend configuration. Ensure your Terraform environment is properly configured for this.
+
+## License
+
+This module is maintained by Ryvn Technologies.

main.tf

@@ -0,0 +1,72 @@
+resource "random_pet" "this" {
+  length    = 2
+  separator = "-"
+  prefix    = "postgres"
+}
+
+
+resource "aws_db_subnet_group" "this" {
+  name       = random_pet.this.id
+  subnet_ids = var.subnet_ids
+
+  tags = var.tags
+}
+
+resource "aws_security_group" "this" {
+  name        = "${random_pet.this.id}-rds-sg"
+  description = "Security group for ${random_pet.this.id} RDS instance"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = var.ingress_cidr_blocks
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = var.egress_cidr_blocks
+  }
+
+  tags = var.tags
+}
+
+data "aws_rds_orderable_db_instance" "postgres" {
+  engine         = "postgres"
+  license_model  = "postgresql-license"
+  engine_version = var.engine_version
+
+  preferred_instance_classes = [var.instance_class]
+}
+
+resource "aws_db_instance" "this" {
+  identifier = random_pet.this.id
+
+  engine         = "postgres"
+  engine_version = var.engine_version
+  instance_class = var.instance_class
+
+  allocated_storage = var.allocated_storage
+  storage_type      = var.storage_type
+  storage_encrypted = var.storage_encrypted
+
+  db_name  = var.database_name
+  username = var.username
+  password = var.password
+  port     = 5432
+
+  multi_az               = var.multi_az
+  db_subnet_group_name   = aws_db_subnet_group.this.name
+  vpc_security_group_ids = [aws_security_group.this.id]
+
+  backup_retention_period = var.backup_retention_period
+  backup_window           = var.backup_window
+  maintenance_window      = var.maintenance_window
+
+  skip_final_snapshot = var.skip_final_snapshot
+
+  tags = var.tags
+}

outputs.tf

@@ -0,0 +1,29 @@
+output "db_instance_id" {
+  description = "The RDS instance ID"
+  value       = aws_db_instance.this.id
+}
+
+output "db_instance_address" {
+  description = "The address of the RDS instance"
+  value       = aws_db_instance.this.address
+}
+
+output "db_instance_endpoint" {
+  description = "The connection endpoint"
+  value       = aws_db_instance.this.endpoint
+}
+
+output "db_instance_port" {
+  description = "The database port"
+  value       = aws_db_instance.this.port
+}
+
+output "db_subnet_group_id" {
+  description = "The db subnet group name"
+  value       = aws_db_subnet_group.this.id
+}
+
+output "db_security_group_id" {
+  description = "The security group ID"
+  value       = aws_security_group.this.id
+}

providers.tf

@@ -0,0 +1,6 @@
+provider "aws" {
+  region = var.region
+  # Use AWS credentials from environment variables or shared credentials file
+  # AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables
+  # or ~/.aws/credentials file will be used automatically
+}