Adding quasar s3 role and policy

blisteringherb commented 3 years ago

What's this PR do?

This PR creates the IAM role and policy for the RDS Quasar snapshots to be stored in S3, and a new bucket to store the archived snapshots.

How should this be reviewed?

...

Any background context you want to provide?

...

Relevant tickets

References Pivotal #174829369.

Checklist

[x] This PR has been added to the relevant Pivotal card.

blisteringherb commented 3 years ago

@DFurnes I'm getting this error:

Error: Reference to undeclared output value

  on main.tf line 138, in module "rds_export_role":
 138:   arn = module.quasar_archive.role_arn

An output value with the name "role_arn" has not been declared in
module.quasar_archive.

Here's the declaration in quasar/main.tf for creating the s3 bucket. The output in the s3_bucket seems to indicate that there's a role_arn variable available, but it looks like I'm referencing it incorrectly. Do you have any insight?

module "quasar_archive" {
  source = "../components/s3_bucket"

  application = "dosomething-quasar"
  name        = "dosomething-quasar-archive"
  environment = "production"
  stack       = "data"

  versioning = true
  archived   = true
  private    = true
}

module "rds_export_role" {
  source = "../components/quasar_s3_export_role"

  arn = module.quasar_archive.role_arn
}

DFurnes commented 3 years ago

You're exporting role_arn from the rds_export_role module (defined here), so you can't use that as an export on the s3_bucket module (which defines it's own exports here). Each module has its own specific "inputs" and "outputs".

To provide the S3 bucket's ARN to this role module, you could do this:

module "rds_export_role" {
  source = "../components/quasar_s3_export_role"

  arn = module.quasar_archive.bucket.arn
}

DoSomething / infrastructure