Initial commit

.github/settings.yml

@@ -1,11 +1,7 @@
 # Upstream changes from _extends are only recognized when modifications are made to this file in the default branch.
 _extends: .github
 repository:
-  name: template
-  description: Template for Terraform Components
+  name: aws-dms-replication-instance
+  description: This component provisions DMS replication instances
   homepage: https://cloudposse.com/accelerate
   topics: terraform, terraform-component
-
-
-
-

src/main.tf

@@ -1,8 +1,20 @@
-locals {
-  enabled = module.this.enabled
-}
-
-
-
+module "dms_replication_instance" {
+  source  = "cloudposse/dms/aws//modules/dms-replication-instance"
+  version = "0.1.1"
 
+  # https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReleaseNotes.html
+  engine_version               = var.engine_version
+  replication_instance_class   = var.replication_instance_class
+  allocated_storage            = var.allocated_storage
+  apply_immediately            = var.apply_immediately
+  auto_minor_version_upgrade   = var.auto_minor_version_upgrade
+  allow_major_version_upgrade  = var.allow_major_version_upgrade
+  multi_az                     = var.multi_az
+  publicly_accessible          = var.publicly_accessible
+  preferred_maintenance_window = var.preferred_maintenance_window
+  vpc_security_group_ids       = [module.security_group.id]
+  subnet_ids                   = module.vpc.outputs.private_subnet_ids
+  availability_zone            = var.availability_zone
 
+  context = module.this.context
+}

src/outputs.tf

@@ -1,4 +1,9 @@
-output "mock" {
-  description = "Mock output example for the Cloud Posse Terraform component template"
-  value       = local.enabled ? "hello ${basename(abspath(path.module))}" : ""
+output "dms_replication_instance_id" {
+  value       = module.dms_replication_instance.replication_instance_id
+  description = "DMS replication instance ID"
+}
+
+output "dms_replication_instance_arn" {
+  value       = module.dms_replication_instance.replication_instance_arn
+  description = "DMS replication instance ARN"
 }

src/providers.tf

@@ -0,0 +1,19 @@
+provider "aws" {
+  region = var.region
+
+  # Profile is deprecated in favor of terraform_role_arn. When profiles are not in use, terraform_profile_name is null.
+  profile = module.iam_roles.terraform_profile_name
+
+  dynamic "assume_role" {
+    # module.iam_roles.terraform_role_arn may be null, in which case do not assume a role.
+    for_each = compact([module.iam_roles.terraform_role_arn])
+    content {
+      role_arn = assume_role.value
+    }
+  }
+}
+
+module "iam_roles" {
+  source  = "../../account-map/modules/iam-roles"
+  context = module.this.context
+}

src/remote-state.tf

@@ -0,0 +1,8 @@
+module "vpc" {
+  source  = "cloudposse/stack-config/yaml//modules/remote-state"
+  version = "1.5.0"
+
+  component = "vpc"
+
+  context = module.this.context
+}

src/sg.tf

@@ -0,0 +1,25 @@
+locals {
+  ingress_cidr_blocks_enabled = var.security_group_ingress_cidr_blocks != null && length(var.security_group_ingress_cidr_blocks) > 0
+
+  rules = local.ingress_cidr_blocks_enabled ? [
+    {
+      type        = "ingress"
+      from_port   = var.security_group_ingress_from_port
+      to_port     = var.security_group_ingress_to_port
+      protocol    = "all"
+      cidr_blocks = var.security_group_ingress_cidr_blocks
+    }
+  ] : []
+}
+
+module "security_group" {
+  source  = "cloudposse/security-group/aws"
+  version = "1.0.1"
+
+  vpc_id                = module.vpc.outputs.vpc_id
+  create_before_destroy = var.security_group_create_before_destroy
+  allow_all_egress      = var.security_group_allow_all_egress
+  rules                 = local.rules
+
+  context = module.this.context
+}

src/variables.tf

@@ -0,0 +1,102 @@
+variable "region" {
+  type        = string
+  description = "AWS Region"
+}
+
+variable "allocated_storage" {
+  type        = number
+  description = "The amount of storage (in gigabytes) to be initially allocated for the replication instance. Default: 50, Min: 5, Max: 6144"
+  default     = 50
+}
+
+variable "apply_immediately" {
+  type        = bool
+  description = "Indicates whether the changes should be applied immediately or during the next maintenance window. Only used when updating an existing resource"
+  default     = true
+}
+
+variable "auto_minor_version_upgrade" {
+  type        = bool
+  description = "Indicates that major version upgrades are allowed"
+  default     = true
+}
+
+variable "allow_major_version_upgrade" {
+  type        = bool
+  description = "Indicates that major version upgrades are allowed"
+  default     = false
+}
+
+variable "availability_zone" {
+  type        = any
+  description = "The EC2 Availability Zone that the replication instance will be created in"
+  default     = null
+}
+
+variable "engine_version" {
+  type        = string
+  description = "The engine version number of the replication instance"
+  default     = "3.4"
+}
+
+variable "multi_az" {
+  type        = bool
+  description = "Specifies if the replication instance is a multi-az deployment. You cannot set the `availability_zone` parameter if the `multi_az` parameter is set to true"
+  default     = false
+}
+
+variable "preferred_maintenance_window" {
+  type        = string
+  description = "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC)"
+  default     = "sun:10:30-sun:14:30"
+}
+
+variable "publicly_accessible" {
+  type        = bool
+  description = "Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address"
+  default     = false
+}
+
+variable "replication_instance_class" {
+  type        = string
+  description = "The compute and memory capacity of the replication instance as specified by the replication instance class"
+  default     = "dms.t2.small"
+}
+
+variable "security_group_create_before_destroy" {
+  type        = bool
+  description = <<-EOT
+    Set `true` to enable terraform `create_before_destroy` behavior on the created security group.
+    We only recommend setting this `false` if you are importing an existing security group
+    that you do not want replaced and therefore need full control over its name.
+    Note that changing this value will always cause the security group to be replaced.
+    EOT
+  default     = true
+}
+
+variable "security_group_allow_all_egress" {
+  type        = bool
+  default     = true
+  description = <<-EOT
+    A convenience that adds to the rules a rule that allows all egress.
+    If this is false and no egress rules are specified via `rules` or `rule-matrix`, then no egress will be allowed.
+    EOT
+}
+
+variable "security_group_ingress_cidr_blocks" {
+  type        = list(string)
+  default     = []
+  description = "A list of CIDR blocks for the the cluster Security Group to allow ingress to the cluster security group."
+}
+
+variable "security_group_ingress_from_port" {
+  type        = number
+  default     = 0
+  description = "Start port on which the Glue connection accepts incoming connections."
+}
+
+variable "security_group_ingress_to_port" {
+  type        = number
+  default     = 65535
+  description = "End port on which the Glue connection accepts incoming connections."
+}

src/versions.tf

@@ -1,5 +1,15 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.2.0"
 
-  required_providers {}
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+      # Using the latest version of the provider since the earlier versions had many issues with DMS replication tasks.
+      # In particular:
+      # https://github.com/hashicorp/terraform-provider-aws/pull/24047
+      # https://github.com/hashicorp/terraform-provider-aws/pull/23692
+      # https://github.com/hashicorp/terraform-provider-aws/pull/13476
+      version = ">= 4.26.0"
+    }
+  }
 }