Merge pull request #8 from blockscout/rds-multi-zone

Rds multi zone

.pre-commit-config.yaml

@@ -1,11 +1,92 @@
 ---
+
 fail_fast: false
 minimum_pre_commit_version: "2.6.0"
+
 repos:
   -
-    repo: https://github.com/aws-ia/pre-commit-configs
-    # To update run:
-    # pre-commit autoupdate --freeze
-    rev: v1.6.2
+    repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: 3298ddab3c13dd77d6ce1fc0baf97691430d84b0  # frozen: v4.3.0
     hooks:
-      - id: aws-ia-meta-hook
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-symlinks
+      - id: check-vcs-permalinks
+      - id: check-xml
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+        exclude: "templates/.*"
+      - id: mixed-line-ending
+      #      - id: trailing-whitespace
+      #- id: flake8
+
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: 1d54ea2b9950097568c6a7a2e2bcb6d4b4ebfb61  # frozen: v1.77.0
+    hooks:
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_fmt
+      - id: terraform_fmt
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_validate
+      - id: terraform_validate
+        exclude: examples/.*
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_docs
+      - id: terraform_docs
+        args:
+          - "--args=--config=.terraform-docs.yaml"
+          - "--args=--lockfile=false"
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_providers_lock
+      - id: terraform_providers_lock
+
+      # see https://github.com/antonbabenko/pre-commit-terraform#terraform_tflint
+      - id: terraform_tflint
+        exclude: 'examples/.*'
+        args:
+          - "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"
+
+      - id: terraform_tfsec
+        args:
+          - "--args=--exclude-downloaded-modules"
+          - "--args=--custom-check-dir=__GIT_WORKING_DIR__/.tfsec"
+        files: \.tf$
+        exclude: \.terraform\/.*$
+  - repo: https://github.com/aws-quickstart/qs-cfn-lint-rules
+    rev: 93a9fc75ed3d7ede082b8afad4cdd97e4794cee0  # frozen: v1.4
+    hooks:
+      # Inverse flag passed to effectively enforce that CFN templates must be in `templates/`
+      - id: files-are-not-cfn
+        name: Validating no CFN files exist outside of templates/
+        verbose: true
+        types_or: [json,yaml]
+        require_serial: true
+        args:
+          - '-i'
+        exclude: '^templates/.*'
+      - id: files-are-cfn
+        name: Validating only CFN files exist in templates/
+        verbose: true
+        require_serial: true
+        files: '^templates/.*'
+      - id: qs-cfn-lint-wrapped
+        files: '^templates/.*'
+  - repo: https://github.com/aws-ia/pre-commit-hooks
+    rev: 16be3ef859223383f402c8523bfd3bbb5f750894  # frozen: v1.0
+    hooks:
+      - id: git-submodule-sanity-check
+        always_run: true
+  - repo: local
+    hooks:
+      - id: restricted-filenames
+        name: Check commits for unexpected file extensions
+        entry: These files are prohibited and should be removed.
+        language: fail
+        files: '.*\.(taskcat_overrides.yml)'
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1ed79063e3672a1c6d91ee27cb648e07a7465344  # frozen: 1.7.4
+    hooks:
+      - id: bandit
+        description: 'Bandit is a tool for finding common security issues in Python code'

README.md

@@ -118,6 +118,7 @@ module "vpc" {
 | <a name="input_rds_allocated_storage"></a> [rds\_allocated\_storage](#input\_rds\_allocated\_storage) | Size of rds storage | `number` | `20` | no |
 | <a name="input_rds_instance_type"></a> [rds\_instance\_type](#input\_rds\_instance\_type) | AWS RDS instance type | `string` | `"db.t3.large"` | no |
 | <a name="input_rds_max_allocated_storage"></a> [rds\_max\_allocated\_storage](#input\_rds\_max\_allocated\_storage) | Max size of rds storage | `number` | `300` | no |
+| <a name="input_rds_multi_az"></a> [rds\_multi\_az](#input\_rds\_multi\_az) | Creates a primary DB instance and a standby DB instance in a different AZ. Provides high availability and data redundancy, but the standby DB instance doesn't support connections for read workloads. | `bool` | `false` | no |
 | <a name="input_sig_provider_docker_image"></a> [sig\_provider\_docker\_image](#input\_sig\_provider\_docker\_image) | Docker image of sig-provider | `string` | `"ghcr.io/blockscout/sig-provider:main"` | no |
 | <a name="input_sig_provider_enabled"></a> [sig\_provider\_enabled](#input\_sig\_provider\_enabled) | sig-provider deploy | `bool` | `false` | no |
 | <a name="input_sig_provider_instance_type"></a> [sig\_provider\_instance\_type](#input\_sig\_provider\_instance\_type) | AWS instance type | `string` | `"t2.medium"` | no |
@@ -151,5 +152,4 @@ module "vpc" {
 | Name | Description |
 |------|-------------|
 | <a name="output_blockscout_url"></a> [blockscout\_url](#output\_blockscout\_url) | DNS name of frontend |
-
 <!-- END_TF_DOCS -->

main.tf

@@ -171,7 +171,7 @@ module "rds" {
   db_name                             = "blockscout"
   username                            = "blockscout"
   port                                = 5432
-  multi_az                            = false
+  multi_az                            = var.rds_multi_az
   db_subnet_group_name                = var.existed_rds_subnet_group_name != "" ? var.existed_rds_subnet_group_name : module.vpc[0].database_subnet_group
   vpc_security_group_ids              = [module.db_sg.security_group_id]
   maintenance_window                  = "Mon:00:00-Mon:03:00"

variables.tf

@@ -24,6 +24,11 @@ variable "rds_max_allocated_storage" {
   type        = number
   default     = 300
 }
+variable "rds_multi_az" {
+  description = "Creates a primary DB instance and a standby DB instance in a different AZ. Provides high availability and data redundancy, but the standby DB instance doesn't support connections for read workloads."
+  type        = bool
+  default     = false
+}
 
 ## Service settings
 variable "path_docker_compose_files" {