[tf][indexer] add publicly accessible flag

serbangv · May 4, 2022 · 1518c96 · 1518c96
1 parent ead3fce
commit 1518c96
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 16 deletions.
diff --git a/terraform/modules/indexer/rds.tf b/terraform/modules/indexer/rds.tf
@@ -18,6 +18,18 @@ resource "aws_security_group" "indexer" {
   }
 }
 
+resource "aws_db_parameter_group" "indexer" {
+  name = "indexer-${local.workspace_name}"
+  # family parameter must correspond with the engine version of aws_db_instance.indexer
+  # aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"
+  family = var.db_parameter_group_family
+
+  parameter {
+    name  = "log_connections"
+    value = "1"
+  }
+}
+
 
 resource "aws_db_instance" "indexer" {
   identifier = "indexer-${local.workspace_name}"
@@ -33,22 +45,10 @@ resource "aws_db_instance" "indexer" {
   db_subnet_group_name   = aws_db_subnet_group.indexer.name
   vpc_security_group_ids = [aws_security_group.indexer.id]
   parameter_group_name   = aws_db_parameter_group.indexer.name
-  publicly_accessible    = false
+  publicly_accessible    = var.db_publicly_accessible
   skip_final_snapshot    = true
 }
 
-resource "aws_db_parameter_group" "indexer" {
-  name = "indexer-${local.workspace_name}"
-  # family parameter must correspond with the engine version of aws_db_instance.indexer
-  # aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"
-  family = var.db_parameter_group_family
-
-  parameter {
-    name  = "log_connections"
-    value = "1"
-  }
-}
-
 resource "kubernetes_secret" "indexer_credentials" {
   metadata {
     name      = "indexer-credentials"

diff --git a/terraform/modules/indexer/variables.tf b/terraform/modules/indexer/variables.tf
@@ -76,3 +76,8 @@ variable "db_parameter_group_family" {
   description = "Parameter group family name for the RDS DB. Must be compatible with the db_engine and db_engine_version. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithDBInstanceParamGroups.html"
   default     = "postgres14"
 }
+
+variable "db_publicly_accessible" {
+  default     = false
+  description = "Determines if RDS instance is publicly accessible"
+}
diff --git a/terraform/testnet/indexer.tf b/terraform/testnet/indexer.tf
@@ -11,10 +11,11 @@ module "indexer" {
 
   oidc_provider = module.validator.oidc_provider
 
-  subnet_ids = module.validator.aws_subnet_private.*.id
+  subnet_ids = var.indexer_db_publicly_accessible ? module.validator.aws_subnet_public.*.id : module.validator.aws_subnet_private.*.id
   vpc_id     = module.validator.vpc_id
 
-  db_password = var.indexer_db_password
+  db_password            = var.indexer_db_password
+  db_publicly_accessible = var.indexer_db_publicly_accessible
 
   indexer_helm_values = var.indexer_helm_values
 }
diff --git a/terraform/testnet/variables.tf b/terraform/testnet/variables.tf
@@ -56,7 +56,7 @@ variable "ssh_pub_key" {
 
 variable "validator_lite_mode" {
   description = "Run validator lite deployment"
-  default = false
+  default     = false
 }
 
 variable "num_validators" {
@@ -178,6 +178,11 @@ variable "indexer_db_password" {
   default     = ""
 }
 
+variable "indexer_db_publicly_accessible" {
+  default     = false
+  description = "Determines if indexer RDS instance is publicly accessible"
+}
+
 variable "enable_k8s_metrics_server" {
   description = "Installs kubernetes metrics server: https://github.com/kubernetes-sigs/metrics-server"
   default     = false