diff --git a/apps/backend/_infra/prod/storage/.terraform.lock.hcl b/apps/backend/_infra/prod/storage/.terraform.lock.hcl index 0a23c72..53af54c 100644 --- a/apps/backend/_infra/prod/storage/.terraform.lock.hcl +++ b/apps/backend/_infra/prod/storage/.terraform.lock.hcl @@ -1,6 +1,28 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/dopplerhq/doppler" { + version = "1.8.0" + constraints = "~> 1.8.0" + hashes = [ + "h1:Ljxv+eaV/2FRDGWLdLBaFq4vBWFf6ZQIhVpGneOiCSA=", + "zh:0174ee84d7699a1866d5922fb9435e38446f1d52575afc268c55f52b7f77e244", + "zh:1604257d98f94e3a206dcf2a5f709d608649296d56be5318e3b5b00f2defaad7", + "zh:29ac750bb0260e59e52e28ade8b2972fd3f8b1acc31c6d86a6b7f69dcd6db061", + "zh:3afbee2ce98e155f0a1932f5c330d4ef3e4fe71496b3c0dad1082da2d020baa6", + "zh:45ec78eed293e7645d09fb2ab6707a90de5a66b4ecb1b202ae2b39076606762d", + "zh:7155d2ce82441649a753892563b089035eac8e03b01273b41c62cacbdf2f9ec1", + "zh:80047811c40530646d72d0dd754ca791fa3b7d7032362c08119bda93ee590265", + "zh:95cf9f8746b7641b948ebf88ed74715e42e856f4a1b88987ca794bc9f7a0d648", + "zh:a4318d071eaf2717064b30894f8fc020a03e2bf21c013f14cc392c68eea1443d", + "zh:ccac8c138b95d12f90d7ea62624f8f4599c37ceb2004e08a5476573b7e0bb2dd", + "zh:e7b4a7067f6e04080fe045fc01f7cf63fc37ddf816542e7685868b6417885d6f", + "zh:ec016f1314ccce6ac80cc48f82d53b573c26e2b8215eb383caa9bea94bfa3919", + "zh:edf1e3f9d0141861efcb45e6a6d4dd1b2c3bac9435e641954eea1636a3286cd1", + "zh:fb36c53d425d9b72cf72b1d7ee84ed2cabddd25be97917ab87dd37be2532da5f", + ] +} + provider "registry.terraform.io/hashicorp/aws" { version = "5.59.0" constraints = "~> 5.59.0" diff --git a/apps/backend/_infra/prod/storage/database.tf b/apps/backend/_infra/prod/storage/database.tf new file mode 100644 index 0000000..f3e7447 --- /dev/null +++ b/apps/backend/_infra/prod/storage/database.tf @@ -0,0 +1,75 @@ +provider "doppler" {} + +provider "doppler" { + doppler_token = var.doppler_database_prod_token + alias = "database_prod" +} + +data "doppler_secrets" "prod" { + provider = doppler.database_prod +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "public" { + vpc_id = aws_vpc.main.id + cidr_block = "10.0.1.0/24" + availability_zone = "${var.aws_region}a" + map_public_ip_on_launch = true +} + +resource "aws_db_subnet_group" "default" { + name = "snipcode-prod-subnet-group" + subnet_ids = [aws_subnet.public.id] + + tags = { + Name = "Snipcode Prod subnet group" + } +} + +resource "aws_security_group" "rds_sg" { + vpc_id = aws_vpc.main.id + + ingress { + from_port = data.doppler_secrets.prod.map.PORT + to_port = data.doppler_secrets.prod.map.PORT + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] # This allows traffic from the internet (Use with caution) + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "Snipcode Prod Security Group" + } +} + +resource "aws_db_instance" "database" { + identifier = "${var.project_name}-backend-${var.environment}" + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0.39" + instance_class = "db.t3.micro" + db_name = data.doppler_secrets.prod.map.DATABASE_NAME + username = data.doppler_secrets.prod.map.ADMIN_USER + password = data.doppler_secrets.prod.map.ADMIN_PASSWORD + db_subnet_group_name = aws_db_subnet_group.default.name + vpc_security_group_ids = [aws_security_group.rds_sg.id] + publicly_accessible = true + performance_insights_enabled = true + performance_insights_retention_period = 7 ## 7 days to stay in the free tier + skip_final_snapshot = true + allow_major_version_upgrade = false + auto_minor_version_upgrade = true + + tags = { + Name = "Snipcode Prod RDS Instance" + } +} diff --git a/apps/backend/_infra/prod/storage/main.tf b/apps/backend/_infra/prod/storage/main.tf index b6a54f3..488e78d 100644 --- a/apps/backend/_infra/prod/storage/main.tf +++ b/apps/backend/_infra/prod/storage/main.tf @@ -2,9 +2,14 @@ provider "aws" { region = var.aws_region } +provider "aws" { + region = "us-east-1" + alias = "us_east_1" +} + # Create ECR Public Repository resource "aws_ecrpublic_repository" "app_container_repository" { - # provider = aws.us_east_1 + provider = aws.us_east_1 repository_name = "${var.project_name}-backend-${var.environment}" diff --git a/apps/backend/_infra/prod/storage/outputs.tf b/apps/backend/_infra/prod/storage/outputs.tf index 62a6840..a7e01da 100644 --- a/apps/backend/_infra/prod/storage/outputs.tf +++ b/apps/backend/_infra/prod/storage/outputs.tf @@ -6,4 +6,10 @@ output "container_repository_arn" { output "container_repository_url" { description = "The URL of the public ECR repository" value = aws_ecrpublic_repository.app_container_repository.repository_uri -} \ No newline at end of file +} + +output "rds_endpoint" { + description = "The endpoint of the RDS instance in the production environment" + value = aws_db_instance.database.endpoint + sensitive = true +} diff --git a/apps/backend/_infra/prod/storage/terraform.tf b/apps/backend/_infra/prod/storage/terraform.tf index 4e16154..a69496a 100644 --- a/apps/backend/_infra/prod/storage/terraform.tf +++ b/apps/backend/_infra/prod/storage/terraform.tf @@ -10,6 +10,11 @@ terraform { source = "hashicorp/aws" version = "~> 5.59.0" } + + doppler = { + source = "DopplerHQ/doppler" + version = "~> 1.8.0" + } } required_version = "~> 1.2" diff --git a/apps/backend/_infra/prod/storage/variables.tf b/apps/backend/_infra/prod/storage/variables.tf index 2525b0a..d57b36d 100644 --- a/apps/backend/_infra/prod/storage/variables.tf +++ b/apps/backend/_infra/prod/storage/variables.tf @@ -1,6 +1,6 @@ variable "aws_region" { description = "The region in which the resources will be created" - default = "us-east-1" + default = "eu-west-1" } variable "project_name" { @@ -13,4 +13,9 @@ variable "domain_name" { variable "environment" { default = "prod" -} \ No newline at end of file +} + +variable "doppler_database_prod_token" { + default = "" + sensitive = true +}