i am trying to create a vpc with public and private subnet along with Aurora mysql cluster and instance in same vpc with custom security group for RDS.
i've created vpc (public/private subnet, custom security group) in a module. also aurora-mysql in different module.
My vpc configuration in a module file
resource "aws_vpc" "main" {
cidr_block = "${var.vpc_cidr}"
instance_tenancy = "${var.tenancy}"
enable_dns_support = "true"
enable_dns_hostnames = "true"
tags {
Name = "${var.tag_name}"
}
}
resource "aws_subnet" "main-public-1" {
vpc_id = "${var.vpc_id}"
cidr_block = "${var.subnet_cidr_1}"
availability_zone = "${var.region}a"
map_public_ip_on_launch = true
tags {
Name = "${var.tag_name}-subnet1"
}
}
resource "aws_subnet" "main-private-1" {
count = "${var.create_private_subnet}"
vpc_id = "${var.vpc_id}"
cidr_block = "${var.private_subnet_cidr_1}"
map_public_ip_on_launch = false
availability_zone = "${var.region}a"
tags {
Name = "${var.tag_name}-private-subnet1"
}
}
resource "aws_subnet" "main-private-2" {
count = "${var.create_private_subnet}"
vpc_id = "${var.vpc_id}"
cidr_block = "${var.private_subnet_cidr_2}"
map_public_ip_on_launch = false
availability_zone = "${var.region}b"
tags {
Name = "${var.tag_name}-private-subnet2"
}
}
resource "aws_security_group" "aurora-sg" {
name = "aurora-security-group"
vpc_id = "${var.vpc_id}"
ingress {
protocol = "tcp"
from_port = 0
to_port = 65535
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
My RDS configuration in a module file
resource "aws_rds_cluster" "cluster" {
cluster_identifier = "${var.cluster_name}"
engine = "aurora-mysql"
database_name = "sample_rds"
master_username = "${var.username}"
master_password = "${var.password}"
vpc_security_group_ids = ["${aws_security_group.aurora-sg.id}"]
skip_final_snapshot = true
}
resource "aws_rds_cluster_instance" "cluster_instances" {
identifier = "${var.cluster_name}-instance"
cluster_identifier = "${aws_rds_cluster.cluster.id}"
instance_class = "${var.instance_class}"
publicly_accessible = "${var.publicly_accessible}"
db_subnet_group_name =
"${aws_db_subnet_group.aurora_subnet_group.id}"
}
resource "aws_db_subnet_group" "aurora_subnet_group" {
name = "tf-rds-${var.cluster_name}"
subnet_ids = ["${var.subnets}"]
tags {
Name = "tf-rds-${var.cluster_name}"
}
}
My main terraform script. i have passed variables to RDS module like vpc_id, db username and password,private subnet ids and security group id
module "aurora_mysql" {
source = "../modules/rds-aurora"
vpc_id = "${module.my_vpc.vpc_id}"
publicly_accessible = true
instance_class = "db.t2.medium"
username = "${var.db_username}"
password = "${var.db_password}"
subnets =
["${module.my_vpc.subnet_id_1[1]}","${module.my_vpc.subnet_id_1[2]}"]
security_group_ids = "${module.my_vpc.vpc_rds_sg_id}"
}
When i try to apply the configuration vpc created successfully with subnet and security group but get the error
Error creating DB Instance: InvalidParameterCombination: DB instance and EC2 security group are in different VPC
My RDS instance gets created in the default VPC even though i am passing new vpc private subnet ids and custom security group id.
"${var.vpc_id}"as vpc_id instead of"${aws_vpc.main.id}"? – AlexK