resource "aws_security_group" "allow_tls" {
name = "hrdkorea-db-sg"
description = "Allow TLS inbound traffic and all outbound traffic"
vpc_id = aws_vpc.main.id
tags = {
Name = "hrdkorea-db-sg"
}
}
resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = aws_vpc.main.cidr_block
from_port = 3409
ip_protocol = "tcp"
to_port = 3409
}
resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
security_group_id = aws_security_group.allow_tls.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
}
resource "aws_db_subnet_group" "db" {
name = "hrdkorea-rds-sg"
subnet_ids = [
aws_subnet.protect_a.id,
aws_subnet.protect_b.id
]
tags = {
Name = "hrdkorea-sg"
}
}
resource "aws_rds_cluster_parameter_group" "db" {
name = "hrdkorea-rds-cpg"
description = "hrdkorea-rds-cpg"
family = "aurora-mysql8.0"
parameter {
name = "time_zone"
value = "Asia/Seoul"
}
tags = {
Name = "hrdkorea-rds-cpg"
}
}
resource "aws_db_parameter_group" "db" {
name = "hrdkorea-rds-pg"
description = "hrdkorea-rds-pg"
family = "aurora-mysql8.0"
tags = {
Name = "hrdkorea-rds-pg"
}
}
output "subnet_group" {
value = aws_db_subnet_group.db.id
}
output "security_group"{
value = aws_security_group.allow_tls.id
}
output "cluster_parameter_group"{
value = aws_rds_cluster_parameter_group.db.name
}
output "paramter_group"{
value = aws_db_parameter_group.db.name
}
resource "aws_rds_global_cluster" "example" {
global_cluster_identifier = "hrdkorea-rds"
engine = "aurora-mysql"
engine_version = "8.0.mysql_aurora.3.05.2"
database_name = "hrdkorea-global"
lifecycle {
ignore_changes = [
"global_cluster_identifier",
"engine",
"engine_version"
]
}
}
resource "aws_rds_cluster" "primary" {
provider = aws.seoul
engine = aws_rds_global_cluster.example.engine
engine_version = aws_rds_global_cluster.example.engine_version
cluster_identifier = "hrdkorea-rds-instance"
master_username = "hrdkorea_user"
master_password = "Skill53##"
db_cluster_parameter_group_name = module.seoul.cluster_parameter_group
port = 3409
database_name = "hrdkorea"
global_cluster_identifier = aws_rds_global_cluster.example.id
db_subnet_group_name = module.seoul.subnet_group
vpc_security_group_ids = [module.seoul.security_group]
skip_final_snapshot = true
lifecycle {
ignore_changes = [
"db_subnet_group_name",
"cluster_identifier",
"db_cluster_parameter_group_name"
]
}
}
resource "aws_rds_cluster_instance" "primary" {
provider = aws.seoul
engine = aws_rds_global_cluster.example.engine
engine_version = aws_rds_global_cluster.example.engine_version
db_parameter_group_name = module.seoul.paramter_group
identifier = "hrdkorea-rds-instance"
cluster_identifier = aws_rds_cluster.primary.id
instance_class = "db.r5.large"
db_subnet_group_name = module.seoul.subnet_group
lifecycle {
ignore_changes = [
"db_parameter_group_name",
"cluster_identifier",
"db_subnet_group_name"
]
}
}
resource "aws_rds_cluster" "secondary" {
provider = aws.usa
engine = aws_rds_global_cluster.example.engine
engine_version = aws_rds_global_cluster.example.engine_version
cluster_identifier = "hrdkorea-rds-instance-us"
global_cluster_identifier = aws_rds_global_cluster.example.id
db_cluster_parameter_group_name = module.seoul.cluster_parameter_group
port = 3409
db_subnet_group_name = module.usa.subnet_group
vpc_security_group_ids = [module.usa.security_group]
skip_final_snapshot = true
enable_global_write_forwarding = true
depends_on = [
aws_rds_cluster_instance.primary
]
lifecycle {
ignore_changes = [
"global_cluster_identifier",
"db_cluster_parameter_group_name",
"db_cluster_parameter_group_name"
]
}
}
resource "aws_rds_cluster_instance" "secondary" {
provider = aws.usa
engine = aws_rds_global_cluster.example.engine
engine_version = aws_rds_global_cluster.example.engine_version
db_parameter_group_name = module.usa.paramter_group
identifier = "hrdkorea-rds-instance-us"
cluster_identifier = aws_rds_cluster.secondary.id
instance_class = "db.r5.large"
db_subnet_group_name = module.usa.subnet_group
lifecycle {
ignore_changes = [
"db_parameter_group_name",
"cluster_identifier",
"db_subnet_group_name"
]
}
}
resource "aws_secretsmanager_secret" "seoul" {
provider = aws.seoul
name = "mysql/secret"
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret" "usa" {
provider = aws.usa
name = "mysql/secret"
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "seoul" {
provider = aws.seoul
secret_id = aws_secretsmanager_secret.seoul.id
secret_string = jsonencode({
"username" = aws_rds_cluster.primary.master_username
"password" = aws_rds_cluster.primary.master_password
"engine" = aws_rds_cluster.primary.engine
"host" = aws_rds_cluster.primary.endpoint
"port" = aws_rds_cluster.primary.port
"dbClusterIdentifier" = aws_rds_cluster.primary.cluster_identifier
"dbname" = aws_rds_cluster.primary.database_name
"aws_region" = "ap-northeast-2"
})
}
resource "aws_secretsmanager_secret_version" "usa" {
provider = aws.usa
secret_id = aws_secretsmanager_secret.usa.id
secret_string = jsonencode({
"username" = aws_rds_cluster.secondary.master_username
"password" = aws_rds_cluster.primary.master_password
"engine" = aws_rds_cluster.secondary.engine
"host" = aws_rds_cluster.secondary.endpoint
"port" = aws_rds_cluster.secondary.port
"dbClusterIdentifier" = aws_rds_cluster.secondary.cluster_identifier
"dbname" = aws_rds_cluster.secondary.database_name
"aws_region" = "us-east-1"
})
}
aws rds modify-db-parameter-group \\
--region us-east-1 \\
--db-parameter-group-name hrdkorea-rds-pg \\
--parameters "ParameterName=aurora_replica_read_consistency,ParameterValue=SESSION,ApplyMethod=immediate" > /dev/null
aws rds reboot-db-instance --region us-east-1 --db-instance-identifier hrdkorea-rds-instance-us > /dev/null
RDS_EP=$(aws rds describe-db-cluster-endpoints --query "DBClusterEndpoints[?EndpointType=='WRITER'].Endpoint" --output text)
mysql -h $RDS_EP -u hrdkorea_user -P 3409 -pSkill53##
create table hrdkorea.customer (
id varchar(255) not null,
name varchar(255) not null,
gender varchar(255) not null
);
create table hrdkorea.product (
id varchar(255) not null,
name varchar(255) not null,
category varchar(255) not null
);