d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/infra/terraform/database.tf
defiQUG 6a8582e54d feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
2025-11-13 09:32:55 -08:00

120 lines
3.6 KiB
HCL
Raw Permalink Blame History

# Azure Database for PostgreSQL
# Flexible Server for production workloads
variable "database_name" {
description = "PostgreSQL database name"
type = string
default = ""
}
variable "database_admin_user" {
description = "PostgreSQL admin username"
type = string
default = "theorder_admin"
}
variable "database_sku_name" {
description = "PostgreSQL SKU (e.g., Standard_B1ms, Standard_B2s)"
type = string
default = "Standard_B1ms"
}
variable "database_storage_mb" {
description = "PostgreSQL storage in MB"
type = number
default = 32768 # 32 GB
}
resource "azurerm_postgresql_flexible_server" "main" {
name = var.database_name != "" ? var.database_name : "the-order-db-${var.environment}"
resource_group_name = azurerm_resource_group.main.name
location = var.azure_region
version = "15"
delegated_subnet_id = null # Set if using VNet integration
private_dns_zone_id = null # Set if using private DNS
administrator_login = var.database_admin_user
administrator_password = null # Set via Key Vault secret
zone = "1"
storage_mb = var.database_storage_mb
sku_name = var.database_sku_name
backup {
geo_redundant_backup_enabled = var.environment == "prod"
backup_retention_days = var.environment == "prod" ? 35 : 7
}
high_availability {
mode = var.environment == "prod" ? "ZoneRedundant" : "Disabled"
standby_availability_zone = var.environment == "prod" ? "2" : null
}
maintenance_window {
day_of_week = 0 # Sunday
start_hour = 2
start_minute = 0
}
tags = merge(var.tags, {
Purpose = "Database"
})
}
# Database
resource "azurerm_postgresql_flexible_server_database" "main" {
count = var.create_database ? 1 : 0
name = "theorder_${var.environment}"
server_id = azurerm_postgresql_flexible_server.main[0].id
charset = "UTF8"
collation = "en_US.utf8"
}
# Firewall rules - allow Azure services
resource "azurerm_postgresql_flexible_server_firewall_rule" "azure_services" {
count = var.create_database ? 1 : 0
name = "AllowAzureServices"
server_id = azurerm_postgresql_flexible_server.main[0].id
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
# Generate random password for database
resource "random_password" "database_password" {
count = var.create_database ? 1 : 0
length = 32
special = true
}
# Store database connection string in Key Vault
resource "azurerm_key_vault_secret" "database_url" {
count = var.create_database ? 1 : 0
name = "database-url"
value = "postgresql://${var.database_admin_user}:${random_password.database_password[0].result}@${azurerm_postgresql_flexible_server.main[0].fqdn}:5432/${azurerm_postgresql_flexible_server_database.main[0].name}?sslmode=require"
key_vault_id = azurerm_key_vault.main.id
tags = var.tags
}
# Store password in Key Vault
resource "azurerm_key_vault_secret" "database_password" {
count = var.create_database ? 1 : 0
name = "database-password"
value = random_password.database_password[0].result
key_vault_id = azurerm_key_vault.main.id
tags = var.tags
}
# Outputs
output "database_fqdn" {
value = var.create_database ? azurerm_postgresql_flexible_server.main[0].fqdn : null
description = "Fully qualified domain name of the database server"
sensitive = true
}
output "database_name" {
value = var.create_database ? azurerm_postgresql_flexible_server_database.main[0].name : null
description = "Name of the database"
}
Reference in New Issue View Git Blame Copy Permalink