batcave-tf-mssql

This is a Terraform module for a Microsoft SQL Server (Standard Edition) for AWS RDS

Note that credentials are stored in AWS Secrets Manger

Debugging Tips

Once the mssql RDS is up and running, you may want to test connectivity from the cluster. To do this:

Start an interactive diagnostic pod with mssql tooling (note your shell will hang, so you'll likely need multiple terminals open):

  kubectl run mssql-diag --image=mcr.microsoft.com/mssql-tools --restart=Never -n default --overrides='{"spec":{"tolerations":[{"effect": "NoSchedule","key": "CriticalAddonsOnly","operator": "Exists" }]}}' -i --tty

In a separate terminal, shell into the mssql-diag pod and run the following command to test connectivity:

sqlcmd -U regscale -P <password> -S <server-url> -Q "SELECT * FROM SYSOBJECTS WHERE xtype='U';"

You should see output showing the tables in the mssql database.

Delete the mssql-diag pod when finished

Requirements

Name	Version
terraform	>= 1.2
aws	>= 4.61.0

Providers

Name	Version
aws	>= 4.61.0

Modules

Name	Source	Version
mssql-db	terraform-aws-modules/rds/aws	5.2.3

Resources

Name	Type
aws_db_instance_role_association.s3_integration	resource
aws_db_subnet_group.db_subnet_group	resource
aws_route53_record.www	resource
aws_security_group.mssql	resource
aws_security_group_rule.db_egress	resource
aws_security_group_rule.db_ingress_cidr_blocks	resource
aws_security_group_rule.db_ingress_prefix_lists	resource
aws_security_group_rule.db_ingress_security_groups	resource
aws_route53_zone.cms_zone	data source

Inputs

Name	Description	Type	Default	Required
additional_attached_security_group_ids	n/a	`list(string)`	`[]`	no
allocated_storage	n/a	`number`	`20`	no
allowed_cidr_blocks	n/a	`list(string)`	`[]`	no
allowed_prefix_lists	n/a	`list(string)`	`[]`	no
allowed_security_group_ids	n/a	`list(string)`	`[]`	no
apply_immediately	n/a	`bool`	`false`	no
auto_minor_version_upgrade	n/a	`bool`	`true`	no
backup_retention_period	The days to retain backups for. Default 7	`number`	`7`	no
backup_window	n/a	`string`	`"03:00-06:00"`	no
ca_cert_identifier	Specifies the identifier of the CA certificate for the DB instance	`string`	`"rds-ca-rsa2048-g1"`	no
create_random_password	Determines whether to create random password for RDS primary cluster	`bool`	`true`	no
deletion_protection	n/a	`bool`	`false`	no
instance_class	Instance classes for instances created under the cluster	`string`	`"db.r5.xlarge"`	no
maintenance_window	n/a	`string`	`"Mon:00:00-Mon:03:00"`	no
master_username	n/a	`string`	`"admin"`	no
max_allocated_storage	n/a	`number`	`100`	no
name	n/a	`string`	n/a	yes
options	A list of Options to apply	`any`	`[]`	no
port	n/a	`number`	`1433`	no
route53_record_name	n/a	`string`	n/a	yes
route53_zone_base_domain	If route53_zone_id is an empty string, this variable is used to lookup the r53 zone dynamicaly	`string`	`""`	no
route53_zone_id	n/a	`string`	`""`	no
s3_integration_role_arn	n/a	`string`	`""`	no
skip_final_snapshot	n/a	`bool`	`false`	no
subnet_group_name_override	Override the subnet group name. If not set, the name will be the same as the name of the RDS instance	`string`	`""`	no
subnet_ids	n/a	`list(string)`	n/a	yes
tags	n/a	`map(string)`	{ "Owner": "Batcave" }	no
vpc_id	n/a	`string`	n/a	yes

Outputs

Name	Description
db_database_name	Name for an automatically created database on creation
db_endpoint	Endpoint for the db
db_engine_version_actual	The running version of the RDS database
db_hosted_zone_id	The Route53 Hosted Zone ID of the endpoint
db_id	The RDS Identifier
db_instance_arn	Amazon Resource Name (ARN) of RDS instance
db_master_password	The database master password
db_master_username	The database master username
db_port	The database port
db_resource_id	The RDS Resource ID

CMS-Enterprise/batcave-tf-mssql