diff --git a/terraform/deployments/rds/main.tf b/terraform/deployments/rds/main.tf new file mode 100644 index 000000000..46064b220 --- /dev/null +++ b/terraform/deployments/rds/main.tf @@ -0,0 +1,36 @@ +terraform { + cloud { + organization = "govuk" + workspaces { + tags = ["rds", "eks", "aws"] + } + } + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + random = { + source = "hashicorp/random" + version = "~> 3.6" + } + } +} + +provider "random" {} + +provider "aws" { + region = var.aws_region + default_tags { + tags = { + Product = "GOV.UK" + System = "EKS RDS" + Environment = var.govuk_environment + Owner = "govuk-platform-engineering@digital.cabinet-office.gov.uk" + cluster = "govuk" + repository = "govuk-infrastructure" + terraform_deployment = basename(abspath(path.root)) + } + } +} diff --git a/terraform/deployments/rds/outputs.tf b/terraform/deployments/rds/outputs.tf new file mode 100644 index 000000000..87ceb7231 --- /dev/null +++ b/terraform/deployments/rds/outputs.tf @@ -0,0 +1,24 @@ +output "rds_instance_id" { + description = "RDS instance IDs" + value = { for k, v in aws_db_instance.instance : k => v.id } +} + +output "rds_resource_id" { + description = "RDS instance resource IDs" + value = { for k, v in aws_db_instance.instance : k => v.resource_id } +} + +output "rds_endpoint" { + description = "RDS instance endpoints" + value = { for k, v in aws_db_instance.instance : k => v.endpoint } +} + +output "rds_address" { + description = "RDS instance addresses" + value = { for k, v in aws_db_instance.instance : k => v.address } +} + +output "sg_rds" { + description = "RDS instance security groups" + value = { for k, v in aws_security_group.rds : k => v.id } +} diff --git a/terraform/deployments/rds/rds.tf b/terraform/deployments/rds/rds.tf new file mode 100644 index 000000000..aa8141e3b --- /dev/null +++ b/terraform/deployments/rds/rds.tf @@ -0,0 +1,147 @@ +resource "random_string" "database_password" { + for_each = var.databases + + length = 32 + lower = true +} + +resource "aws_db_subnet_group" "subnet_group" { + name = "${var.stackname}-govuk-rds-subnet" + subnet_ids = data.terraform_remote_state.infra_networking.outputs.private_subnet_rds_ids + + tags = { Name = "${var.stackname}-govuk-rds-subnet" } +} + +resource "aws_db_parameter_group" "engine_params" { + for_each = var.databases + + name_prefix = "${each.value.name}-${each.value.engine}-" + family = merge({ engine_params_family = "${each.value.engine}${each.value.engine_version}" }, each.value)["engine_params_family"] + + dynamic "parameter" { + for_each = each.value.engine_params + + content { + name = parameter.key + value = parameter.value.value + apply_method = merge({ apply_method = "immediate" }, parameter.value)["apply_method"] + } + } +} + +resource "aws_db_instance" "instance" { + for_each = var.databases + + engine = each.value.engine + engine_version = each.value.engine_version + username = var.database_admin_username + password = random_string.database_password[each.key].result + allocated_storage = each.value.allocated_storage + instance_class = each.value.instance_class + identifier = "${each.value.name}-${each.value.engine}" + storage_type = "gp3" + db_subnet_group_name = aws_db_subnet_group.subnet_group.name + multi_az = var.multi_az + parameter_group_name = aws_db_parameter_group.engine_params[each.key].name + maintenance_window = var.maintenance_window + backup_retention_period = var.backup_retention_period + backup_window = var.backup_window + copy_tags_to_snapshot = true + monitoring_interval = 60 + monitoring_role_arn = data.terraform_remote_state.infra_monitoring.outputs.rds_enhanced_monitoring_role_arn + vpc_security_group_ids = [aws_security_group.rds[each.key].id] + ca_cert_identifier = "rds-ca-rsa2048-g1" + apply_immediately = var.govuk_environment != "production" + + performance_insights_enabled = each.value.performance_insights_enabled + performance_insights_retention_period = each.value.performance_insights_enabled ? 7 : 0 + + timeouts { + create = var.terraform_create_rds_timeout + delete = var.terraform_delete_rds_timeout + update = var.terraform_update_rds_timeout + } + + deletion_protection = var.govuk_environment == "production" + final_snapshot_identifier = "${each.value.name}-final-snapshot" + skip_final_snapshot = var.skip_final_snapshot + + tags = { Name = "${var.stackname}-govuk-rds-${each.value.name}-${each.value.engine}" } +} + +resource "aws_db_event_subscription" "subscription" { + name = "govuk-rds-event-subscription" + sns_topic = data.terraform_remote_state.infra_monitoring.outputs.sns_topic_rds_events_arn + + source_type = "db-instance" + source_ids = [for i in aws_db_instance.instance : i.identifier] + event_categories = ["availability", "deletion", "failure", "low storage"] +} + +# Alarm if average CPU utilisation is above the threshold (we use 80% for most of our databases) for 60s +resource "aws_cloudwatch_metric_alarm" "rds_cpuutilization" { + for_each = var.databases + + alarm_name = "${each.value.name}-rds-cpuutilization" + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = "2" + metric_name = "CPUUtilization" + namespace = "AWS/RDS" + period = "60" + statistic = "Average" + threshold = each.value.cpuutilization_threshold + actions_enabled = true + alarm_actions = [data.terraform_remote_state.infra_monitoring.outputs.sns_topic_cloudwatch_alarms_arn] + alarm_description = "This metric monitors the percentage of CPU utilization." + + dimensions = { + DBInstanceIdentifier = aws_db_instance.instance[each.key].id + } +} + +# Alarm if free storage space is below the threshold (we use 10GiB for most of our databases) for 60s +resource "aws_cloudwatch_metric_alarm" "rds_freestoragespace" { + for_each = var.databases + + alarm_name = "${each.value.name}-rds-freestoragespace" + comparison_operator = "LessThanThreshold" + evaluation_periods = "2" + metric_name = "FreeStorageSpace" + namespace = "AWS/RDS" + period = "60" + statistic = "Average" + threshold = each.value.freestoragespace_threshold + actions_enabled = true + alarm_actions = [data.terraform_remote_state.infra_monitoring.outputs.sns_topic_cloudwatch_alarms_arn] + alarm_description = "This metric monitors the amount of available storage space." + + dimensions = { + DBInstanceIdentifier = aws_db_instance.instance[each.key].id + } +} + +data "aws_route53_zone" "internal" { + name = var.internal_zone_name + private_zone = true +} + +# internal_domain_name is ${var.stackname}.${internal_root_domain_name} +resource "aws_route53_record" "database_internal_domain_name" { + for_each = var.databases + + zone_id = data.aws_route53_zone.internal.zone_id + name = "${each.value.name}-${each.value.engine}.${var.internal_domain_name}" + type = "CNAME" + ttl = 300 + records = [aws_db_instance.instance[each.key].address] +} + +resource "aws_route53_record" "database_internal_root_domain_name" { + for_each = var.databases + + zone_id = data.terraform_remote_state.infra_root_dns_zones.outputs.internal_root_zone_id + name = "${each.value.name}-${each.value.engine}.${data.terraform_remote_state.infra_root_dns_zones.outputs.internal_root_domain_name}" + type = "CNAME" + ttl = 300 + records = [aws_route53_record.database_internal_domain_name[each.key].fqdn] +} diff --git a/terraform/deployments/rds/remote_state.tf b/terraform/deployments/rds/remote_state.tf new file mode 100644 index 000000000..1bb0bba50 --- /dev/null +++ b/terraform/deployments/rds/remote_state.tf @@ -0,0 +1,39 @@ +data "terraform_remote_state" "infra_monitoring" { + backend = "s3" + + config = { + bucket = var.govuk_aws_state_bucket + key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" + region = var.aws_region + } +} + +data "terraform_remote_state" "infra_networking" { + backend = "s3" + + config = { + bucket = var.govuk_aws_state_bucket + key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" + region = var.aws_region + } +} + +data "terraform_remote_state" "infra_root_dns_zones" { + backend = "s3" + + config = { + bucket = var.govuk_aws_state_bucket + key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" + region = var.aws_region + } +} + +data "terraform_remote_state" "infra_vpc" { + backend = "s3" + + config = { + bucket = var.govuk_aws_state_bucket + key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" + region = var.aws_region + } +} diff --git a/terraform/deployments/rds/security_groups.tf b/terraform/deployments/rds/security_groups.tf new file mode 100644 index 000000000..9bbbdcf4a --- /dev/null +++ b/terraform/deployments/rds/security_groups.tf @@ -0,0 +1,8 @@ +resource "aws_security_group" "rds" { + for_each = var.databases + + name = "${var.stackname}_${each.value.name}_rds_access" + vpc_id = data.terraform_remote_state.infra_vpc.outputs.vpc_id + description = "Access to ${each.value.name} RDS" + tags = { Name = "${var.stackname}_${each.value.name}_rds_access" } +} diff --git a/terraform/deployments/rds/variables.tf b/terraform/deployments/rds/variables.tf new file mode 100644 index 000000000..6f08c2dbc --- /dev/null +++ b/terraform/deployments/rds/variables.tf @@ -0,0 +1,114 @@ +variable "govuk_environment" { + type = string + description = "Environment name" +} + +variable "aws_region" { + type = string + description = "AWS region" + default = "eu-west-1" +} + +variable "stackname" { + type = string + description = "Stackname" + default = "blue" +} + +variable "govuk_aws_state_bucket" { + type = string + description = "Bucket where govuk-aws state is stored" +} + +variable "remote_state_infra_monitoring_key_stack" { + type = string + description = "Override path to infra_monitoring remote state" + default = "govuk" +} + +variable "remote_state_infra_networking_key_stack" { + type = string + description = "Override path to infra_networking remote state" + default = "govuk" +} + +variable "remote_state_infra_root_dns_zones_key_stack" { + type = string + description = "Override path to infra_root_dns_zones remote state" + default = "govuk" +} + +variable "remote_state_infra_vpc_key_stack" { + type = string + description = "Override path to infra_vpc remote state" + default = "govuk" +} + +variable "databases" { + type = map(any) + description = "Databases to create and their configuration." +} + +variable "database_admin_username" { + type = string + default = "aws_db_admin" + description = "RDS root account username." +} + +variable "multi_az" { + type = bool + description = "Set to true to deploy the RDS instance in multiple AZs." + default = false +} + +variable "maintenance_window" { + type = string + description = "The window to perform maintenance in" + default = "Mon:04:00-Mon:06:00" +} + +variable "backup_window" { + type = string + description = "The daily time range during which automated backups are created if automated backups are enabled." + default = "01:00-03:00" +} + +variable "backup_retention_period" { + type = number + description = "Backup retention period in days." + default = 7 +} + +variable "skip_final_snapshot" { + type = bool + description = "Set to true to NOT create a final snapshot when the cluster is deleted." + default = false +} + +variable "terraform_create_rds_timeout" { + type = string + description = "Set the timeout time for AWS RDS creation." + default = "2h" +} + +variable "terraform_update_rds_timeout" { + type = string + description = "Set the timeout time for AWS RDS modification." + default = "2h" +} + +variable "terraform_delete_rds_timeout" { + type = string + description = "Set the timeout time for AWS RDS deletion." + default = "2h" +} + +variable "internal_zone_name" { + type = string + description = "The name of the Route53 zone that contains internal records" +} + +variable "internal_domain_name" { + type = string + description = "The domain name of the internal DNS records, it could be different from the zone name" +} diff --git a/terraform/deployments/tfc-configuration/rds.tf b/terraform/deployments/tfc-configuration/rds.tf index 5362ab363..65010cb0e 100644 --- a/terraform/deployments/tfc-configuration/rds.tf +++ b/terraform/deployments/tfc-configuration/rds.tf @@ -14,7 +14,7 @@ module "rds-integration" { project_name = "govuk-infrastructure" vcs_repo = { identifier = "alphagov/govuk-infrastructure" - branch = "samsimpson1/rds" + branch = "main" oauth_token_id = data.tfe_oauth_client.github.oauth_token_id } diff --git a/terraform/deployments/tfc-configuration/variables-production.tf b/terraform/deployments/tfc-configuration/variables-production.tf index ef8735cac..c61ed7403 100644 --- a/terraform/deployments/tfc-configuration/variables-production.tf +++ b/terraform/deployments/tfc-configuration/variables-production.tf @@ -92,3 +92,464 @@ resource "tfe_variable" "ecr-puller-arns" { ) hcl = true } + +module "variable-set-rds-production" { + source = "./variable-set" + + name = "rds-production" + tfvars = { + internal_zone_name = "production.govuk-internal.digital" + internal_domain_name = "blue.production.govuk-internal.digital" + backup_retention_period = 7 + skip_final_snapshot = false + multi_az = true + + databases = { + account_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "account-api" + allocated_storage = 100 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + authenticating_proxy = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + password_encryption = { value = "md5" } + } + engine_params_family = "postgres14" + + name = "authenticating-proxy" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + ckan = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "ckan" + allocated_storage = 1000 + instance_class = "db.m6g.2xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + collections_publisher = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "collections-publisher" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + contacts_admin = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "contacts-admin" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_data_admin = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-data-admin" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_publisher = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-publisher" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_store = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres14" + + name = "content-store" + allocated_storage = 1000 + instance_class = "db.m6g.2xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_tagger = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-tagger" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + draft_content_store = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres14" + + name = "draft-content-store" + allocated_storage = 1000 + instance_class = "db.m6g.2xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + email_alert_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "email-alert-api" + allocated_storage = 4500 + instance_class = "db.m7g.2xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + imminence = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + password_encryption = { value = "md5" } + } + engine_params_family = "postgres14" + + name = "imminence" + allocated_storage = 100 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + link_checker_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "link-checker-api" + allocated_storage = 100 + instance_class = "db.t4g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + local_links_manager = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "local-links-manager" + allocated_storage = 100 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + locations_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "locations-api" + allocated_storage = 1000 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + publishing_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "publishing-api" + allocated_storage = 1000 + instance_class = "db.m6g.4xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + release = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "release" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + search_admin = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "search-admin" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + service_manual_publisher = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "service-manual-publisher" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + signon = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "signon" + allocated_storage = 100 + instance_class = "db.t4g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + support_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "support-api" + allocated_storage = 200 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + whitehall = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "whitehall" + allocated_storage = 300 + instance_class = "db.m7g.xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + } + } +} diff --git a/terraform/deployments/tfc-configuration/variables-staging.tf b/terraform/deployments/tfc-configuration/variables-staging.tf index 89aa90ce5..e955d4670 100644 --- a/terraform/deployments/tfc-configuration/variables-staging.tf +++ b/terraform/deployments/tfc-configuration/variables-staging.tf @@ -65,3 +65,467 @@ module "variable-set-cloudfront-staging" { origin_notify_id = "notify alerts" } } + +module "variable-set-rds-staging" { + source = "./variable-set" + + name = "rds-staging" + tfvars = { + internal_zone_name = "staging.govuk-internal.digital" + internal_domain_name = "blue.staging.govuk-internal.digital" + backup_retention_period = 0 + skip_final_snapshot = true + multi_az = false + + databases = { + account_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "account-api" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + authenticating_proxy = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + password_encryption = { value = "md5" } + } + engine_params_family = "postgres14" + + name = "authenticating-proxy" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + ckan = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "ckan" + allocated_storage = 1000 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + collections_publisher = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "collections-publisher" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + contacts_admin = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "contacts-admin" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_data_admin = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-data-admin" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_publisher = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-publisher" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_store = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres14" + + name = "content-store" + allocated_storage = 500 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + content_tagger = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "content-tagger" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + draft_content_store = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres14" + + name = "draft-content-store" + allocated_storage = 500 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + email_alert_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "email-alert-api" + allocated_storage = 1000 + instance_class = "db.m6g.xlarge" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + imminence = { + engine = "postgres" + engine_version = "14" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + password_encryption = { value = "md5" } + } + engine_params_family = "postgres14" + + name = "imminence" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + link_checker_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "link-checker-api" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + local_links_manager = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "local-links-manager" + allocated_storage = 100 + instance_class = "db.t4g.small" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + locations_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "locations-api" + allocated_storage = 1000 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + publishing_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + checkpoint_timeout = { value = 3600 } + max_wal_size = { value = 4096 } + synchronous_commit = { value = "off" } + } + engine_params_family = "postgres13" + + name = "publishing-api" + allocated_storage = 1000 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + release = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "release" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + search_admin = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "search-admin" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + service_manual_publisher = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "service-manual-publisher" + allocated_storage = 100 + instance_class = "db.t4g.micro" + + performance_insights_enabled = false + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + signon = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "signon" + allocated_storage = 100 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + support_api = { + engine = "postgres" + engine_version = "13" + engine_params = { + log_min_duration_statement = { value = 10000 } + log_statement = { value = "all" } + deadlock_timeout = { value = 2500 } + log_lock_waits = { value = 1 } + } + engine_params_family = "postgres13" + + name = "support-api" + allocated_storage = 200 + instance_class = "db.t4g.medium" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + + whitehall = { + engine = "mysql" + engine_version = "8.0" + engine_params = { + max_allowed_packet = { value = 1073741824 } + } + engine_params_family = "mysql8.0" + + name = "whitehall" + allocated_storage = 400 + instance_class = "db.m6g.large" + + performance_insights_enabled = true + + cpuutilization_threshold = 80 + freestoragespace_threshold = 10737418240 + } + } + } +}