MongoDB Atlas Database on AWS.
This is intended to be a Terraform module, although you can run a separate example to demonstrate integrations with MongoDB Atlas.
You'll need to set up infrastructure as per joatmon08/hashicorp-stack-demoapp.
Log into Vault and retrieve the credentials you'll need for the module using the following:
$ vault kv get -format=json terraform-cloud-operator/bookstore/terraform-aws-postgres > example/secrets.jsonCopy each value into a file called secrets.auto.tfvars.
mongodbatlas_project_id = ""
mongodbatlas_region = ""
vault_address = ""
vault_namespace = ""
vault_token = ""Go into the example/ directory.
$ cd exampleCreate the MongoDB cluster and configure Vault database secrets engine for it. The Terraform configuration dynamically retrieves an API key from MongoDB Atlas and uses it to create a cluster in a project.
$ terraform applyNext, create the namespaces and secrets needed for the application. The manifest uses the Vault Secrets Operator to retrieve the MongoDB connection string stored in Vault and mount it as an environment variable. The username and password are dynamically retrieved by Vault Agent.
$ kubectl apply -f bookstore/secrets.yaml -n bookstoreCreate the sample application.
$ kubectl apply -f bookstore/deployment.yaml -n bookstoreDelete all Kubernetes resources.
$ kubectl delete -f bookstore/ -n bookstoreDelete resources.
$ terraform destroy| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| mongodbatlas | >= 1.12 |
| vault | >= 3.20 |
| Name | Version |
|---|---|
| mongodbatlas | 1.12.2 |
| vault | 3.21.0 |
No modules.
| Name | Type |
|---|---|
| mongodbatlas_cluster.db | resource |
| vault_database_secret_backend_connection.db | resource |
| vault_database_secret_backend_role.db | resource |
| vault_kubernetes_auth_backend_role.db | resource |
| vault_kv_secret_v2.mongodb | resource |
| vault_mount.db | resource |
| vault_mount.static | resource |
| vault_policy.db | resource |
| vault_policy.mongodb | resource |
| vault_generic_secret.mongodbatlas | data source |
| vault_policy_document.db | data source |
| vault_policy_document.mongodb | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_service_account_names | Additional service account names to allow access to database credentials | list(string) |
[] |
no |
| business_unit | Business unit to create MongoDB Atlas project | string |
n/a | yes |
| mongodbatlas_project_id | Project ID for MongoDB Atlas | string |
n/a | yes |
| mongodbatlas_region | MongoDB Atlas provider region, specifically AWS | string |
n/a | yes |
| name | Name of cluster | string |
n/a | yes |
| org_name | Organization to search for VPC resources, including database subnet group | string |
n/a | yes |
| vault_address | Vault address | string |
n/a | yes |
| vault_kubernetes_auth_path | Vault Kubernetes auth path | string |
"kubernetes" |
no |
| vault_mongodbatlas_secrets_path | Vault MongoDB Atlas secrets engine path | string |
"mongodbatlas" |
no |
| vault_namespace | Vault namespace | string |
n/a | yes |
| vault_token | Vault token | string |
n/a | yes |
| Name | Description |
|---|---|
| host | MongoDB Atlas SRV hostname |