Skip to content

Commit adbcba6

Browse files
authored
Merge branch 'ryvn-mango:main' into main
2 parents 0ccf9a9 + 346d1bc commit adbcba6

File tree

5 files changed

+23
-26
lines changed

5 files changed

+23
-26
lines changed

README.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ module "postgres" {
2222
name_prefix = "myapp-prod"
2323
database_name = "myapp"
2424
username = "dbadmin"
25+
password = var.db_password # or from a secret manager
2526
2627
# Optional variables
2728
instance_class = "db.t3.micro"
@@ -37,7 +38,7 @@ module "postgres" {
3738
}
3839
```
3940

40-
The module auto-generates a strong random password and exposes it as a sensitive Terraform output named `db_master_password`.
41+
Provide the master password via input variable `password` (8–128 chars). The module echoes it back as a sensitive Terraform output named `db_master_password` for convenience.
4142
Retrieve it after apply with:
4243

4344
```
@@ -54,14 +55,12 @@ terraform output -raw db_connection_uri
5455

5556
- Terraform >= 1.0.0
5657
- AWS Provider >= 4.0.0
57-
- Random Provider >= 3.0.0
5858

5959
## Providers
6060

61-
| Name | Version |
62-
|--------|---------|
63-
| aws | >= 4.0.0 |
64-
| random | >= 3.0.0 |
61+
| Name | Version |
62+
|------|---------|
63+
| aws | >= 4.0.0 |
6564

6665
## Inputs
6766

@@ -74,6 +73,7 @@ terraform output -raw db_connection_uri
7473
| name_prefix | Name prefix for RDS identifier and related resources | `string` | - |
7574
| database_name | The name of the database to create | `string` | - |
7675
| username | Username for the master DB user | `string` | - |
76+
| password | Password for the master DB user | `string` | - |
7777

7878
### Optional Variables
7979

@@ -111,7 +111,7 @@ terraform output -raw db_connection_uri
111111
| db_instance_port | The database port |
112112
| db_subnet_group_id | The db subnet group name |
113113
| db_security_group_id | The security group ID |
114-
| db_master_password | The generated master password (sensitive) |
114+
| db_master_password | The master password you provided (sensitive) |
115115
| db_connection_uri | PostgreSQL connection URI with credentials (sensitive) |
116116

117117
## Security Considerations
@@ -120,7 +120,7 @@ terraform output -raw db_connection_uri
120120
- Database encryption is enabled by default using AWS KMS.
121121
- Final snapshots are created by default when destroying the database (skip_final_snapshot = false).
122122
- The module uses Kubernetes backend configuration. Ensure your Terraform environment is properly configured for this.
123-
- The password is generated at apply time and marked as a sensitive output. Store it securely (e.g., AWS Secrets Manager) rather than relying on CLI history.
123+
- Provide the password securely (e.g., from a secrets manager or environment variable) rather than hardcoding it; it is exposed as a sensitive output for convenience.
124124
- Ensure `name_prefix` conforms to AWS naming constraints for RDS identifiers (letters, numbers, hyphens; must start with a letter; max 63 characters).
125125
- Deletion protection is enabled by default. Set `deletion_protection = false` before destroying the instance.
126126

main.tf

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ resource "aws_db_instance" "this" {
4848

4949
db_name = var.database_name
5050
username = var.username
51-
password = random_password.master.result
51+
password = var.password
5252
port = 5432
5353

5454
multi_az = var.multi_az
@@ -64,13 +64,3 @@ resource "aws_db_instance" "this" {
6464

6565
tags = var.tags
6666
}
67-
68-
resource "random_password" "master" {
69-
length = 20
70-
special = true
71-
min_upper = 1
72-
min_lower = 1
73-
min_numeric = 1
74-
min_special = 1
75-
override_special = "!#$%&*()-_=+[]{}<>:?@"
76-
}

outputs.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,8 @@ output "db_security_group_id" {
2929
}
3030

3131
output "db_master_password" {
32-
description = "The generated master password (sensitive)"
33-
value = random_password.master.result
32+
description = "The master password (sensitive)"
33+
value = var.password
3434
sensitive = true
3535
}
3636

@@ -39,7 +39,7 @@ output "db_connection_uri" {
3939
value = format(
4040
"postgresql://%s:%s@%s:%d/%s",
4141
urlencode(var.username),
42-
urlencode(random_password.master.result),
42+
urlencode(var.password),
4343
aws_db_instance.this.address,
4444
aws_db_instance.this.port,
4545
urlencode(var.database_name),

variables.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,17 @@ variable "username" {
9090
}
9191
}
9292

93+
variable "password" {
94+
description = "Password for the master DB user (8-128 chars)."
95+
type = string
96+
sensitive = true
97+
98+
validation {
99+
condition = length(var.password) >= 8 && length(var.password) <= 128
100+
error_message = "password must be 8-128 characters long."
101+
}
102+
}
103+
93104
# Optional variables with defaults
94105

95106
variable "engine_version" {

versions.tf

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,6 @@ terraform {
66
source = "hashicorp/aws"
77
version = ">= 4.0.0"
88
}
9-
random = {
10-
source = "hashicorp/random"
11-
version = ">= 3.0.0"
12-
}
139
}
1410

1511
backend "kubernetes" {}

0 commit comments

Comments
 (0)