diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/README.md b/automation/terraform/modules/google-cloud/cloud-postgres/README.md new file mode 100644 index 00000000000..7ac9d424959 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/README.md @@ -0,0 +1,26 @@ +# Google Cloud Postgres Deployment + +This terraform configuration is used to deploy an instance of Google Cloud Postgres. Although the default configuration works without creating a conflict, it is recommended to deploy the postgres instance as a module within a larger terraform deployment (which passes it unique var values). + +The default configuration uses Google Secret Manager to pull in a password for the default `postgres` user. After deployment, the assigned IP addresses, username, and password will be printed to the terminal as shown below: + +``` +Outputs: + +cloud_postgres_ip = tolist([ + { + "ip_address" = "35.35.35.35" <---- example IP + "time_to_retire" = "" + "type" = "PRIMARY" + }, + { + "ip_address" = "34.34.34.34" <---- example IP + "time_to_retire" = "" + "type" = "OUTGOING" + }, +]) +db_password = "PASSWORD_HERE" +db_user = "postgres" +``` + +The `PRIMARY` IP should be used when connecting to the new instance. By default, not database or schema is defined on the newly deployed db. diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/main.tf b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf new file mode 100644 index 00000000000..bcf21243df1 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/main.tf @@ -0,0 +1,36 @@ +# Configure the Google Cloud provider +provider "google" { + project = var.gcp_project + region = var.gcp_region +} + +resource "random_id" "instance_id" { + byte_length = 4 +} + +data "google_secret_manager_secret_version" "db_password" { + provider = google + secret = var.db_pass +} + +# Create a Google Cloud SQL PostgreSQL instance +resource "google_sql_database_instance" "postgres_instance" { + name = "${var.db_name}-${random_id.instance_id.hex}" + database_version = var.postgres_version + project = var.gcp_project + region = var.gcp_region + settings { + tier = var.db_spec + user_labels = { + service = var.service_label + } + } + deletion_protection = var.deletion_protection +} + +# Define the database user +resource "google_sql_user" "database_user" { + name = var.db_user + instance = google_sql_database_instance.postgres_instance.name + password = data.google_secret_manager_secret_version.db_password.secret_data +} diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/output.tf b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf new file mode 100644 index 00000000000..b6f2e78cd34 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/output.tf @@ -0,0 +1,13 @@ +output "cloud_postgres_ip" { + value = google_sql_database_instance.postgres_instance.ip_address +} + +output "db_user" { + value = google_sql_user.database_user.name +} + +output "db_password" { + value = data.google_secret_manager_secret_version.db_password.secret_data +} + + diff --git a/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf new file mode 100644 index 00000000000..fe6c59fbdd6 --- /dev/null +++ b/automation/terraform/modules/google-cloud/cloud-postgres/vars.tf @@ -0,0 +1,39 @@ +variable "gcp_project" { + default = "o1labs-192920" +} + +variable "gcp_region" { + default = "us-east4" +} + +variable "gcp_zone" { + default = "us-east4-b" +} + +variable "db_name" { + default = "o1db" +} + +variable "db_user" { + default = "postgres" +} + +variable "db_pass" { + default = "o1db-pass" +} + +variable "deletion_protection" { + default = false +} + +variable "postgres_version" { + default = "POSTGRES_14" +} + +variable "db_spec" { + default = "db-g1-small" +} + +variable "service_label" { + default = "none" +}