Open gclough opened 2 years ago
any news?
I was recently looking at this, and I'm not sure I found a good approach, but I used the following as a sort of work around.
You can go a little further and have a flag var.babelfish
to conditionally create the ingress rules and the parameter using a dynamic block, however for the sake of simplicity I've omitted that from the below example.
I use this with the "terraform-aws-modules/rds-aurora/aws"
module and pass in the vpc_security_group_ids
and the db_cluster_parameter_group_name
, but I think it should be easy enough to integrate with the vanilla resources.
Might be worth still having some support in the provider, but perhaps this example will help people in the meantime (and please if you have any feedback on simplifying the below, I'd welcome it)
locals {
babelfish_cidr_ingress_rules = length(var.private_subnets_cidr_blocks) > 0 ? [{
rule = "mssql-tcp"
cidr_blocks = join(",", var.cidr_blocks)
}] : []
postgres_cidr_ingress_rules = length(var.private_subnets_cidr_blocks) > 0 ? [{
rule = "postgresql-tcp"
cidr_blocks = join(",", var.cidr_blocks)
}] : []
cidr_ingress_rules = concat(local.postgres_cidr_ingress_rules, local.babelfish_cidr_ingress_rules)
babelfish_sg_ingress_rules = [for sg in var.allowed_security_groups : {
rule = "mssql-tcp"
source_security_group_id = sg
}]
postgres_sg_ingress_rules = [for sg in var.allowed_security_groups : {
rule = "postgresql-tcp"
source_security_group_id = sg
}]
sg_ingress_rules = concat(local.postgres_sg_ingress_rules, local.babelfish_sg_ingress_rules)
}
resource "aws_rds_cluster_parameter_group" "postgres14_cluster_parameter_group" {
name = "example-aurora-postgres14-cluster-parameter-group"
family = "aurora-postgresql14"
description = "example-aurora-postgres14-cluster-parameter-group"
parameter {
name = "rds.babelfish_status"
value = "on"
apply_method = "pending-reboot"
}
}
module "allow_db_access" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 4.13.0"
name = "example-access"
vpc_id = var.vpc_id
computed_ingress_with_cidr_blocks = local.cidr_ingress_rules
computed_ingress_with_source_security_group_id = local.sg_ingress_rules
number_of_computed_ingress_with_cidr_blocks = length(local.cidr_ingress_rules)
number_of_computed_ingress_with_source_security_group_id = length(local.sg_ingress_rules)
}
From what we've now seen, you just need to set a couple of cluster parameters:
"rds.babelfish_status" = ["on", "pending-reboot"]
"babelfishpg_tds.tds_ssl_encrypt" = ["1", "immediate"]
We can successfully turn this on/off/on by toggling these, so I don't believe this is actually required. I'll leave it open for another week, just in case someone finds a problem with that solution.
From what we've now seen, you just need to set a couple of cluster parameters:
"rds.babelfish_status" = ["on", "pending-reboot"] "babelfishpg_tds.tds_ssl_encrypt" = ["1", "immediate"]
We can successfully turn this on/off/on by toggling these, so I don't believe this is actually required. I'll leave it open for another week, just in case someone finds a problem with that solution.
This seems to have worked for us.
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
Community Note
Description
For Aurora PostgreSQL clusters, there is a new "Babelfish" option to allow them to emulate a SQL Server database. It would be nice if we could deploy them using Terraform
aws_rds_cluster
, as presently this can only be done via the console:New or Affected Resource(s)
aws_rds_cluster
Potential Terraform Configuration
References