Database Setup

[joshgarde]

This PR contains the Terraform configurations which setup RDS in the SIT environment. It also contains code for automatically bootstrapping the database's schema and app auth credentials as part of the resource creation process.

[joshgarde]

Just trying to understand the lifecycle. So db_bootstrap will only get created if aws_db_instance.database does not already exist (because of the depends_on)?

Correct - db_bootstrap only exists after the creation of aws_db_instance.database.

If a change is made to the database resource (size increases or something that doesn't require a delete/create) would that trigger db_bootstrap again?

No, the creation of db_bootstrap only triggers on the creation of aws_db_instance.database and won't trigger on modification (just verified locally with quick Terraform test).

[joshgarde]

I just noticed that when the NGAP approved AMI is changed, the db_boostrap instance will be recreated so I think I'll build in a contingency into the bootstrap script in that case.

[joshgarde]

Right - I think I addressed all of the concerns. Let me know if there's anything I'm missing

[joshgarde]

Yes, that's the gist of what's going on.

I don't understand the purpose of prevent_destroy?

So when the bootstrap instance is created, the SSM parameter is created as well. It doesn't wait for the bootstrap process to complete. If Terraform is invoked a second time before the instance is finished bootstrapping, Terraform without the prevent_destroy would try to destroy the bootstrap instance before its complete because count is 0 due to the SSM parameter.