Merge pull request #2 from TradrAPI/dms-related-modules

Adds DMS related modules
TradrAPI · Jul 27, 2023 · 54ff09e · 54ff09e
2 parents 246090b + 6f555eb
commit 54ff09e
Show file tree

Hide file tree

Showing 4 changed files with 222 additions and 0 deletions.
diff --git a/aws/dms-iam-roles/main.tf b/aws/dms-iam-roles/main.tf
@@ -0,0 +1,43 @@
+# See 
+# - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dms_replication_instance#example-usage
+# - https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  role       = aws_iam_role.dms-access-for-endpoint.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  role       = aws_iam_role.dms-cloudwatch-logs-role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  role       = aws_iam_role.dms-vpc-role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+}
diff --git a/aws/dms/main.tf b/aws/dms/main.tf
@@ -0,0 +1,90 @@
+resource "aws_dms_replication_subnet_group" "default" {
+  replication_subnet_group_id = var.subnet_group.id
+  subnet_ids                  = var.subnet_group.subnet_ids
+
+  replication_subnet_group_description = "DMS Subnet group"
+}
+
+resource "aws_dms_replication_instance" "default" {
+  replication_instance_class   = var.replication_instance.class
+  allocated_storage            = var.replication_instance.allocated_storage
+  availability_zone            = var.replication_instance.availability_zone
+  engine_version               = var.replication_instance.engine_version
+  preferred_maintenance_window = var.replication_instance.preferred_maintenance_window
+  multi_az                     = var.replication_instance.multi_az
+
+  apply_immediately          = true
+  auto_minor_version_upgrade = true
+  publicly_accessible        = false
+
+  replication_subnet_group_id = aws_dms_replication_subnet_group.default.id
+  replication_instance_id     = var.replication_instance.name
+
+  vpc_security_group_ids = var.replication_instance.vpc_security_group_ids
+
+  tags = {
+    Name = var.replication_instance.name
+  }
+}
+
+resource "aws_dms_endpoint" "sources" {
+  for_each = var.sources
+
+  database_name               = each.value.database_name
+  endpoint_id                 = each.value.endpoint_id
+  engine_name                 = each.value.engine_name
+  username                    = each.value.username
+  password                    = each.value.password
+  port                        = each.value.port
+  server_name                 = each.value.server_name
+  ssl_mode                    = each.value.ssl_mode
+  extra_connection_attributes = each.value.extra_connection_attributes
+
+  endpoint_type = "source"
+
+  tags = {
+    Name = each.value.name
+  }
+}
+
+resource "aws_dms_endpoint" "targets" {
+  for_each = var.targets
+
+  database_name               = each.value.database_name
+  endpoint_id                 = each.value.endpoint_id
+  engine_name                 = each.value.engine_name
+  username                    = each.value.username
+  password                    = each.value.password
+  port                        = each.value.port
+  server_name                 = each.value.server_name
+  ssl_mode                    = each.value.ssl_mode
+  extra_connection_attributes = each.value.extra_connection_attributes
+
+  endpoint_type = "target"
+
+  tags = {
+    Name = each.value.name
+  }
+}
+
+resource "aws_dms_replication_task" "replication" {
+  for_each = var.replication_tasks
+
+  migration_type            = each.value.migration_type
+  replication_task_settings = each.value.replication_task_settings
+  replication_task_id       = each.value.replication_task_id
+  table_mappings            = each.value.table_mappings
+
+  source_endpoint_arn = aws_dms_endpoint.sources[each.value.source_endpoint].endpoint_arn
+  target_endpoint_arn = aws_dms_endpoint.targets[each.value.target_endpoint].endpoint_arn
+
+  replication_instance_arn = aws_dms_replication_instance.default.replication_instance_arn
+
+  tags = {
+    Name = each.value.name
+  }
+
+  lifecycle {
+    ignore_changes = [replication_task_settings]
+  }
+}
diff --git a/aws/dms/outputs.tf b/aws/dms/outputs.tf
@@ -0,0 +1,19 @@
+output "subnet_group" {
+  value = aws_dms_replication_subnet_group.default
+}
+
+output "replication_instance" {
+  value = aws_dms_replication_instance.default
+}
+
+output "source_endpoints" {
+  value = aws_dms_endpoint.sources
+}
+
+output "target_endpoints" {
+  value = aws_dms_endpoint.targets
+}
+
+output "replication_tasks" {
+  value = aws_dms_replication_task.replication
+}
diff --git a/aws/dms/variables.tf b/aws/dms/variables.tf
@@ -0,0 +1,70 @@
+variable "subnet_group" {
+  type = object({
+    id         = string
+    subnet_ids = list(string)
+  })
+}
+
+variable "replication_instance" {
+  type = object({
+    name              = string
+    class             = string
+    allocated_storage = number
+
+    vpc_security_group_ids       = optional(list(string), [])
+    availability_zone            = optional(string)
+    engine_version               = optional(string)
+    preferred_maintenance_window = optional(string, "sun:10:30-sun:14:30")
+    multi_az                     = optional(bool, false)
+  })
+}
+
+variable "sources" {
+  type = map(object({
+    name          = string
+    database_name = string
+    endpoint_id   = string
+    engine_name   = string
+    username      = string
+    password      = string
+    server_name   = string
+    port          = number
+
+    ssl_mode                    = optional(string, "none")
+    extra_connection_attributes = optional(string, "")
+  }))
+
+  default = {}
+  # sensitive = true
+}
+
+variable "targets" {
+  type = map(object({
+    name          = string
+    database_name = string
+    endpoint_id   = string
+    engine_name   = string
+    username      = string
+    password      = string
+    server_name   = string
+    port          = number
+
+    ssl_mode                    = optional(string, "none")
+    extra_connection_attributes = optional(string, "")
+  }))
+
+  default = {}
+  # sensitive = true
+}
+
+variable "replication_tasks" {
+  type = map(object({
+    name                      = string
+    replication_task_id       = string
+    source_endpoint           = string
+    target_endpoint           = string
+    table_mappings            = string
+    replication_task_settings = optional(string)
+    migration_type            = optional(string, "full-load-and-cdc")
+  }))
+}