diff --git a/terraform-unity/.terraform.lock.hcl b/terraform-unity/.terraform.lock.hcl
index 143c796a..c2396c85 100644
--- a/terraform-unity/.terraform.lock.hcl
+++ b/terraform-unity/.terraform.lock.hcl
@@ -24,6 +24,25 @@ provider "registry.terraform.io/hashicorp/aws" {
]
}
+provider "registry.terraform.io/hashicorp/external" {
+ version = "2.3.4"
+ hashes = [
+ "h1:cCabxnWQ5fX1lS7ZqgUzsvWmKZw9FA7NRxAZ94vcTcc=",
+ "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb",
+ "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa",
+ "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0",
+ "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691",
+ "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb",
+ "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58",
+ "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f",
+ "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4",
+ "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202",
+ "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/helm" {
version = "2.15.0"
constraints = "2.15.0"
diff --git a/terraform-unity/README.md b/terraform-unity/README.md
index 08040a92..14611932 100644
--- a/terraform-unity/README.md
+++ b/terraform-unity/README.md
@@ -152,6 +152,7 @@ terraform apply -no-color 2>&1 | tee apply_output.txt
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.8.2 |
| [aws](#requirement\_aws) | 5.67.0 |
+| [external](#requirement\_external) | 2.3.4 |
| [helm](#requirement\_helm) | 2.15.0 |
| [kubernetes](#requirement\_kubernetes) | 2.32.0 |
| [null](#requirement\_null) | 3.2.3 |
diff --git a/terraform-unity/modules/terraform-unity-sps-database/.terraform.lock.hcl b/terraform-unity/modules/terraform-unity-sps-database/.terraform.lock.hcl
index 1aa83893..bf36bf1e 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/.terraform.lock.hcl
+++ b/terraform-unity/modules/terraform-unity-sps-database/.terraform.lock.hcl
@@ -2,7 +2,8 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "5.67.0"
+ version = "5.67.0"
+ constraints = "5.67.0"
hashes = [
"h1:8wkuQvQiqjjm2+gQepy6xFBfimGoesKz1BPcVKWvED8=",
"zh:1259c8106c0a3fc0ed3b3eb814ab88d6a672e678b533f47d1bbbe3107949f43e",
@@ -23,6 +24,25 @@ provider "registry.terraform.io/hashicorp/aws" {
]
}
+provider "registry.terraform.io/hashicorp/external" {
+ version = "2.3.4"
+ hashes = [
+ "h1:cCabxnWQ5fX1lS7ZqgUzsvWmKZw9FA7NRxAZ94vcTcc=",
+ "zh:037fd82cd86227359bc010672cd174235e2d337601d4686f526d0f53c87447cb",
+ "zh:0ea1db63d6173d01f2fa8eb8989f0809a55135a0d8d424b08ba5dabad73095fa",
+ "zh:17a4d0a306566f2e45778fbac48744b6fd9c958aaa359e79f144c6358cb93af0",
+ "zh:298e5408ab17fd2e90d2cd6d406c6d02344fe610de5b7dae943a58b958e76691",
+ "zh:38ecfd29ee0785fd93164812dcbe0664ebbe5417473f3b2658087ca5a0286ecb",
+ "zh:59f6a6f31acf66f4ea3667a555a70eba5d406c6e6d93c2c641b81d63261eeace",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:ad0279dfd09d713db0c18469f585e58d04748ca72d9ada83883492e0dd13bd58",
+ "zh:c69f66fd21f5e2c8ecf7ca68d9091c40f19ad913aef21e3ce23836e91b8cbb5f",
+ "zh:d4a56f8c48aa86fc8e0c233d56850f5783f322d6336f3bf1916e293246b6b5d4",
+ "zh:f2b394ebd4af33f343835517e80fc876f79361f4688220833bc3c77655dd2202",
+ "zh:f31982f29f12834e5d21e010856eddd19d59cd8f449adf470655bfd19354377e",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.32.0"
constraints = "2.32.0"
diff --git a/terraform-unity/modules/terraform-unity-sps-database/README.md b/terraform-unity/modules/terraform-unity-sps-database/README.md
index bf4ef3a2..286b091b 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/README.md
+++ b/terraform-unity/modules/terraform-unity-sps-database/README.md
@@ -5,6 +5,7 @@
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.8.2 |
| [aws](#requirement\_aws) | 5.67.0 |
+| [external](#requirement\_external) | 2.3.4 |
| [kubernetes](#requirement\_kubernetes) | 2.32.0 |
| [random](#requirement\_random) | 3.6.1 |
@@ -13,6 +14,7 @@
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 5.67.0 |
+| [external](#provider\_external) | 2.3.4 |
| [random](#provider\_random) | 3.6.1 |
## Modules
@@ -31,9 +33,12 @@ No modules.
| [aws_security_group_rule.eks_egress_to_rds](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.rds_ingress_from_eks](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/resources/security_group_rule) | resource |
| [random_password.db](https://registry.terraform.io/providers/hashicorp/random/3.6.1/docs/resources/password) | resource |
+| [aws_db_snapshot.latest_snapshot](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/data-sources/db_snapshot) | data source |
| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/data-sources/eks_cluster) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/data-sources/region) | data source |
| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/data-sources/security_group) | data source |
| [aws_ssm_parameter.subnet_ids](https://registry.terraform.io/providers/hashicorp/aws/5.67.0/docs/data-sources/ssm_parameter) | data source |
+| [external_external.rds_final_snapshot_exists](https://registry.terraform.io/providers/hashicorp/external/2.3.4/docs/data-sources/external) | data source |
## Inputs
@@ -49,5 +54,6 @@ No modules.
| Name | Description |
|------|-------------|
| [db\_instance\_identifier](#output\_db\_instance\_identifier) | n/a |
+| [db\_latest\_snapshot](#output\_db\_latest\_snapshot) | n/a |
| [db\_secret\_arn](#output\_db\_secret\_arn) | n/a |
diff --git a/terraform-unity/modules/terraform-unity-sps-database/check_rds_snapshot.sh b/terraform-unity/modules/terraform-unity-sps-database/check_rds_snapshot.sh
new file mode 100755
index 00000000..826f78da
--- /dev/null
+++ b/terraform-unity/modules/terraform-unity-sps-database/check_rds_snapshot.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+db_id=$1
+aws_region=$2
+
+if [ -z ${db_id} ]; then
+ echo "usage : $0 " >2
+ exit 1
+fi
+
+RESULT=($(aws rds describe-db-snapshots --db-instance-identifier $db_id --output text --region $aws_region 2> /dev/null))
+aws_result=$?
+
+if [ ${aws_result} -eq 0 ] && [[ ${RESULT[0]} == "DBSNAPSHOTS" ]]; then
+ result='true'
+else
+ result='false'
+fi
+
+jq -n --arg exists ${result} '{"db_exists": $exists }'
diff --git a/terraform-unity/modules/terraform-unity-sps-database/data.tf b/terraform-unity/modules/terraform-unity-sps-database/data.tf
index 266c660f..590ab61d 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/data.tf
+++ b/terraform-unity/modules/terraform-unity-sps-database/data.tf
@@ -1,3 +1,5 @@
+data "aws_region" "current" {}
+
data "aws_eks_cluster" "cluster" {
name = format(local.resource_name_prefix, "eks")
}
@@ -13,3 +15,18 @@ data "aws_security_group" "default" {
values = ["${format(local.resource_name_prefix, "eks")}-node"]
}
}
+
+data "aws_db_snapshot" "latest_snapshot" {
+ count = data.external.rds_final_snapshot_exists.result.db_exists ? 1 : 0
+ db_instance_identifier = format(local.resource_name_prefix, "db")
+ most_recent = true
+
+}
+
+data "external" "rds_final_snapshot_exists" {
+ program = [
+ "${path.module}/check_rds_snapshot.sh",
+ format(local.resource_name_prefix, "db"),
+ data.aws_region.current.name
+ ]
+}
diff --git a/terraform-unity/modules/terraform-unity-sps-database/main.tf b/terraform-unity/modules/terraform-unity-sps-database/main.tf
index 2cfb41d9..f0187c27 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/main.tf
+++ b/terraform-unity/modules/terraform-unity-sps-database/main.tf
@@ -61,24 +61,43 @@ resource "aws_security_group_rule" "eks_egress_to_rds" {
source_security_group_id = aws_security_group.rds_sg.id
}
+
resource "aws_db_instance" "sps_db" {
- identifier = format(local.resource_name_prefix, "db")
- allocated_storage = 100
- storage_type = "gp3"
- engine = "postgres"
- engine_version = "16.4"
- instance_class = "db.m5d.large"
- db_name = "sps_db"
- username = "db_user"
- password = aws_secretsmanager_secret_version.db.secret_string
- parameter_group_name = "default.postgres16"
- skip_final_snapshot = true
- publicly_accessible = false
- db_subnet_group_name = aws_db_subnet_group.db.name
- vpc_security_group_ids = [aws_security_group.rds_sg.id]
+ identifier = format(local.resource_name_prefix, "db")
+ allocated_storage = 100
+ storage_type = "gp3"
+ engine = "postgres"
+ engine_version = "16.4"
+ instance_class = "db.m5d.large"
+ db_name = "sps_db"
+ username = "db_user"
+ password = aws_secretsmanager_secret_version.db.secret_string
+ parameter_group_name = "default.postgres16"
+
+ backup_retention_period = 7
+ # 07:00-08:00 GMT = 01:00-02:00 PST
+ backup_window = "07:00-08:00"
+ storage_encrypted = true
+ copy_tags_to_snapshot = true
+
+ skip_final_snapshot = false
+ # rds:unity-luca-1-dev-sps-db-2025-01-26-12-14
+ # unity-luca-1-dev-sps-20250122213608
+ final_snapshot_identifier = "${terraform.workspace}-db-${formatdate("YYYY-MM-DD-hh-mm", timestamp())}"
+ snapshot_identifier = try(data.aws_db_snapshot.latest_snapshot[0].id, null)
+ publicly_accessible = false
+ db_subnet_group_name = aws_db_subnet_group.db.name
+ vpc_security_group_ids = [aws_security_group.rds_sg.id]
tags = merge(local.common_tags, {
Name = format(local.resource_name_prefix, "db")
Component = "processing"
Stack = "processing"
})
+
+ lifecycle {
+ ignore_changes = [
+ snapshot_identifier,
+ final_snapshot_identifier
+ ]
+ }
}
diff --git a/terraform-unity/modules/terraform-unity-sps-database/outputs.tf b/terraform-unity/modules/terraform-unity-sps-database/outputs.tf
index 126657ad..86f061ac 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/outputs.tf
+++ b/terraform-unity/modules/terraform-unity-sps-database/outputs.tf
@@ -5,3 +5,7 @@ output "db_instance_identifier" {
output "db_secret_arn" {
value = aws_secretsmanager_secret_version.db.arn
}
+
+output "db_latest_snapshot" {
+ value = data.external.rds_final_snapshot_exists.result.db_exists ? data.aws_db_snapshot.latest_snapshot[0].db_snapshot_arn : null
+}
diff --git a/terraform-unity/modules/terraform-unity-sps-database/versions.tf b/terraform-unity/modules/terraform-unity-sps-database/versions.tf
index 8fb90635..a5769d48 100644
--- a/terraform-unity/modules/terraform-unity-sps-database/versions.tf
+++ b/terraform-unity/modules/terraform-unity-sps-database/versions.tf
@@ -13,5 +13,9 @@ terraform {
source = "hashicorp/random"
version = "3.6.1"
}
+ external = {
+ source = "hashicorp/external"
+ version = "2.3.4"
+ }
}
}
diff --git a/terraform-unity/versions.tf b/terraform-unity/versions.tf
index c5b63afa..4d0095ba 100644
--- a/terraform-unity/versions.tf
+++ b/terraform-unity/versions.tf
@@ -13,6 +13,10 @@ terraform {
source = "hashicorp/null"
version = "3.2.3"
}
+ external = {
+ source = "hashicorp/external"
+ version = "2.3.4"
+ }
aws = {
source = "hashicorp/aws"
version = "5.67.0"