From c8deebb56fbf80d70528843ba57b49f7ae1f3d56 Mon Sep 17 00:00:00 2001
From: Eric Cabrel TIOGO <tericcabrel@yahoo.com>
Date: Sun, 1 Sep 2024 15:04:02 +0200
Subject: [PATCH] chore(backend): fix iac for the database

---
 apps/backend/_infra/prod/storage/database.tf | 78 +++++++++++++++-----
 1 file changed, 58 insertions(+), 20 deletions(-)

diff --git a/apps/backend/_infra/prod/storage/database.tf b/apps/backend/_infra/prod/storage/database.tf
index a52c6ed..a9b20f3 100644
--- a/apps/backend/_infra/prod/storage/database.tf
+++ b/apps/backend/_infra/prod/storage/database.tf
@@ -10,19 +10,51 @@ data "doppler_secrets" "prod" {
 }
 
 resource "aws_vpc" "main" {
-  cidr_block = "10.0.0.0/16"
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
 }
 
-resource "aws_subnet" "public" {
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+}
+
+resource "aws_route_table" "main" {
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+}
+
+resource "aws_subnet" "rds_subnet0" {
   vpc_id                  = aws_vpc.main.id
   cidr_block              = "10.0.1.0/24"
   availability_zone       = "${var.aws_region}a"
   map_public_ip_on_launch = true
 }
 
+resource "aws_subnet" "rds_subnet1" {
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone       = "${var.aws_region}b"
+  map_public_ip_on_launch = true
+}
+
+resource "aws_route_table_association" "subnet0_association" {
+  subnet_id      = aws_subnet.rds_subnet0.id
+  route_table_id = aws_route_table.main.id
+}
+
+resource "aws_route_table_association" "subnet1_association" {
+  subnet_id      = aws_subnet.rds_subnet1.id
+  route_table_id = aws_route_table.main.id
+}
+
 resource "aws_db_subnet_group" "default" {
   name       = "snipcode-prod-subnet-group"
-  subnet_ids = [aws_subnet.public.id]
+  subnet_ids = [aws_subnet.rds_subnet0.id, aws_subnet.rds_subnet1.id]
 
   tags = {
     Name = "Snipcode Prod subnet group"
@@ -52,25 +84,31 @@ resource "aws_security_group" "rds_sg" {
 }
 
 resource "aws_db_instance" "database" {
-  identifier                            = "${var.project_name}-backend-${var.environment}"
-  allocated_storage                     = 20
-  engine                                = "mysql"
-  engine_version                        = "8.0.39"
-  instance_class                        = "db.t3.micro"
-  db_name                               = data.doppler_secrets.prod.map.DATABASE_NAME
-  username                              = data.doppler_secrets.prod.map.ADMIN_USER
-  password                              = data.doppler_secrets.prod.map.ADMIN_PASSWORD
-  db_subnet_group_name                  = aws_db_subnet_group.default.name
-  vpc_security_group_ids                = [aws_security_group.rds_sg.id]
-  multi_az                              = false
-  publicly_accessible                   = true
-  performance_insights_enabled          = true
-  performance_insights_retention_period = 7 ## 7 days to stay in the free tier
-  skip_final_snapshot                   = true
-  allow_major_version_upgrade           = false
-  auto_minor_version_upgrade            = true
+  identifier                  = "${var.project_name}-backend-${var.environment}"
+  allocated_storage           = 20
+  engine                      = "mysql"
+  engine_version              = "8.0.39"
+  instance_class              = "db.t3.micro"
+  db_name                     = data.doppler_secrets.prod.map.DATABASE_NAME
+  username                    = data.doppler_secrets.prod.map.ADMIN_USER
+  password                    = data.doppler_secrets.prod.map.ADMIN_PASSWORD
+  port                        = data.doppler_secrets.prod.map.PORT
+  db_subnet_group_name        = aws_db_subnet_group.default.name
+  vpc_security_group_ids      = [aws_security_group.rds_sg.id]
+  multi_az                    = false
+  publicly_accessible         = true
+  skip_final_snapshot         = true
+  allow_major_version_upgrade = false
+  auto_minor_version_upgrade  = true
+  # performance_insights_enabled          = true
+  # performance_insights_retention_period = 7
+
+  lifecycle {
+    prevent_destroy = true
+  }
 
   tags = {
     Name = "Snipcode Prod RDS Instance"
   }
 }
+