feat: use aurora rds with serverless v2 engine for production-like environments

lsipii · lsipii · commit 01575e73a21d · 2023-08-08T13:35:50.000+03:00
diff --git a/VirtualFinland.UsersAPI.Deployment/Common/Environments.cs b/VirtualFinland.UsersAPI.Deployment/Common/Environments.cs
@@ -5,5 +5,6 @@ public enum Environments
     Dev,
     Test,
     Staging,
-    Production
+    MvpStaging,
+    MvpProduction
 }
diff --git a/VirtualFinland.UsersAPI.Deployment/Common/Models/StackSetup.cs b/VirtualFinland.UsersAPI.Deployment/Common/Models/StackSetup.cs
@@ -2,11 +2,13 @@
 
 namespace VirtualFinland.UsersAPI.Deployment.Common.Models;
 
-public record StackSetup
+public class StackSetup
 {
     public InputMap<string> Tags = default!;
     public bool IsProductionEnvironment;
     public string Environment = default!;
     public string ProjectName = default!;
     public VpcSetup VpcSetup = default!;
+
+    public string CreateResourceName(string name) => $"{ProjectName}-{name}-{Environment}".ToLower();
 }
diff --git a/VirtualFinland.UsersAPI.Deployment/Features/PostgresDatabase.cs b/VirtualFinland.UsersAPI.Deployment/Features/PostgresDatabase.cs
@@ -1,5 +1,7 @@
 using Pulumi;
+using Pulumi.Aws.Kms;
 using Pulumi.Aws.Rds;
+using Pulumi.Aws.Rds.Inputs;
 using Pulumi.Random;
 using VirtualFinland.UsersAPI.Deployment.Common.Models;
 using Instance = Pulumi.Aws.Rds.Instance;
@@ -13,7 +15,89 @@ public class PostgresDatabase
 {
     public PostgresDatabase(Config config, StackSetup stackSetup)
     {
-        var dbSubNetGroup = new Pulumi.Aws.Rds.SubnetGroup("dbsubnets", new()
+        if (stackSetup.IsProductionEnvironment)
+        {
+            SetupProductionPostgresDatabase(config, stackSetup);
+        }
+        else
+        {
+            SetupDevelopmentPostgresDatabase(config, stackSetup);
+        }
+    }
+
+    /// <summary>
+    ///  Setup AWS Aurora RDS Serverless V2 for postgresql
+    /// </summary>
+    public void SetupProductionPostgresDatabase(Config config, StackSetup stackSetup)
+    {
+        var dbSubNetGroup = new SubnetGroup(stackSetup.CreateResourceName("database-subnets"), new()
+        {
+            SubnetIds = stackSetup.VpcSetup.PrivateSubnetIds,
+        });
+
+        var password = new RandomPassword(stackSetup.CreateResourceName("database-password"), new()
+        {
+            Length = 16,
+            Special = false,
+            OverrideSpecial = "_%@",
+        });
+
+        // Encryption key (KMS)
+        var encryptionKey = new Key(stackSetup.CreateResourceName("database-encryption-key"), new()
+        {
+            Description = "Encryption key for the database",
+            Tags = stackSetup.Tags,
+            DeletionWindowInDays = 30, // On deletion, the key will be retained for 30 days before being deleted permanently
+        });
+
+        // AWS Aurora RDS Serverless V2 for postgresql
+        var auroraCluster = new Cluster(stackSetup.CreateResourceName("database-cluster"), new ClusterArgs()
+        {
+            Engine = "aurora-postgresql",
+            EngineVersion = "13.6",
+            EngineMode = "provisioned", // serverless v2
+            Serverlessv2ScalingConfiguration = new ClusterServerlessv2ScalingConfigurationArgs
+            {
+                MaxCapacity = 4,
+                MinCapacity = 0.5,
+            },
+
+            DatabaseName = config.Require("dbName"),
+            MasterUsername = config.Require("dbAdmin"),
+            MasterPassword = password.Result,
+
+            SkipFinalSnapshot = false,
+            DeletionProtection = true,
+            StorageEncrypted = true,
+            KmsKeyId = encryptionKey.Arn,
+
+            DbSubnetGroupName = dbSubNetGroup.Name,
+            Tags = stackSetup.Tags,
+        });
+
+        var auroraInstance = new ClusterInstance(stackSetup.CreateResourceName("database-instance"), new()
+        {
+            ClusterIdentifier = auroraCluster.ClusterIdentifier,
+            InstanceClass = "db.serverless",
+            Engine = "aurora-postgresql",
+            EngineVersion = auroraCluster.EngineVersion,
+            Tags = stackSetup.Tags,
+        });
+
+        var DbName = config.Require("dbName");
+        var DbUsername = config.Require("dbAdmin");
+        var DbHostName = auroraCluster.Endpoint;
+        DBIdentifier = auroraInstance.Identifier;
+        var DbPassword = password.Result;
+        DbConnectionString = Output.Format($"Host={DbHostName};Database={DbName};Username={DbUsername};Password={DbPassword}");
+    }
+
+    /// <summary>
+    /// Setup AWS RDS for postgresql
+    /// </summary>
+    public void SetupDevelopmentPostgresDatabase(Config config, StackSetup stackSetup)
+    {
+        var dbSubNetGroup = new SubnetGroup("dbsubnets", new()
         {
             SubnetIds = stackSetup.VpcSetup.PrivateSubnetIds,
         });
@@ -25,7 +109,7 @@ public PostgresDatabase(Config config, StackSetup stackSetup)
             OverrideSpecial = "_%@",
         });
 
-        var rdsPostGreInstance = new Instance($"{stackSetup.ProjectName}-postgres-db-{stackSetup.Environment}", new InstanceArgs()
+        var rdsPostGreInstance = new Instance(stackSetup.CreateResourceName("postgres-db"), new InstanceArgs()
         {
             Engine = "postgres",
             InstanceClass = "db.t3.micro",
@@ -36,9 +120,8 @@ public PostgresDatabase(Config config, StackSetup stackSetup)
             Username = config.Require("dbAdmin"),
             Password = password.Result,
             Tags = stackSetup.Tags,
-            PubliclyAccessible = !stackSetup.IsProductionEnvironment, // DEV: For Production set to FALSE
-            SkipFinalSnapshot = !stackSetup.IsProductionEnvironment, // DEV: For production set to FALSE to avoid accidental deletion of the cluster, data safety measure and is the default for AWS.
-            //SnapshotIdentifier = "" // See README.database.md for more information
+            PubliclyAccessible = false,
+            SkipFinalSnapshot = true,
         });
 
         var DbName = config.Require("dbName");
diff --git a/VirtualFinland.UsersAPI.Deployment/UsersAPIStack.cs b/VirtualFinland.UsersAPI.Deployment/UsersAPIStack.cs
@@ -60,16 +60,14 @@ public UsersApiStack()
     private bool IsProductionEnvironment()
     {
         var stackName = Pulumi.Deployment.Instance.StackName;
-        switch (stackName)
+        return stackName switch
         {
             // Cheers: https://stackoverflow.com/a/65642709
-            case var value when value == Environments.Production.ToString().ToLowerInvariant():
-                return true;
-            case var value when value == Environments.Staging.ToString().ToLowerInvariant():
-                return true;
-            default:
-                return false;
-        }
+            var value when value == Environments.MvpProduction.ToString().ToLowerInvariant() => true,
+            var value when value == Environments.MvpStaging.ToString().ToLowerInvariant() => true,
+            var value when value == Environments.Staging.ToString().ToLowerInvariant() => false,
+            _ => false,
+        };
     }
 
     // Outputs for Pulumi service

Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,6 @@ public enum Environments`
`5`	`5`	`Dev,`
`6`	`6`	`Test,`
`7`	`7`	`Staging,`
`8`		`- Production`
	`8`	`+ MvpStaging,`
	`9`	`+ MvpProduction`
`9`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,13 @@`
`2`	`2`
`3`	`3`	`namespace VirtualFinland.UsersAPI.Deployment.Common.Models;`
`4`	`4`
`5`		`-public record StackSetup`
	`5`	`+public class StackSetup`
`6`	`6`	`{`
`7`	`7`	`public InputMap<string> Tags = default!;`
`8`	`8`	`public bool IsProductionEnvironment;`
`9`	`9`	`public string Environment = default!;`
`10`	`10`	`public string ProjectName = default!;`
`11`	`11`	`public VpcSetup VpcSetup = default!;`
	`12`	`+`
	`13`	`+ public string CreateResourceName(string name) => $"{ProjectName}-{name}-{Environment}".ToLower();`
`12`	`14`	`}`