21832: Allows to control whether RDS should be snapshotted before deletion.

Also, changed the default to 'true' as this is more sensible for production
environments.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

diff --git a/tools/salt-install/terraform/aws/services/locals.tf b/tools/salt-install/terraform/aws/services/locals.tf
index 4a3d1b20f6b6ad936ab7fb9289aa3e5797804a47..923b948baaf3a8e6670eef6c284e700f6d456256 100644 (file)
--- a/tools/salt-install/terraform/aws/services/locals.tf
+++ b/tools/salt-install/terraform/aws/services/locals.tf
@@ -36,5 +36,7 @@ locals {
   rds_max_allocated_storage = max(var.rds_max_allocated_storage, var.rds_allocated_storage)
   rds_instance_type = var.rds_instance_type
   rds_backup_retention_period = var.rds_backup_retention_period
+  rds_backup_before_deletion = var.rds_backup_before_deletion
+  rds_final_backup_name = var.rds_final_backup_name != "" ? var.rds_final_backup_name : "arvados-${local.cluster_name}-db-final-snapshot"
   rds_postgresql_version = var.rds_postgresql_version
 }

diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index 13101739527b0410a1e6830a9f8282410d2d042a..6e51535abd595eb231cd2fb5bbe96aebc551f5e9 100644 (file)
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -106,7 +106,8 @@ resource "aws_db_instance" "postgresql_service" {
   db_name = "${local.cluster_name}_arvados"
   username = local.rds_username
   password = local.rds_password
-  skip_final_snapshot  = true
+  skip_final_snapshot  = !local.rds_backup_before_deletion
+  final_snapshot_identifier = local.rds_final_backup_name
 
   vpc_security_group_ids = [local.arvados_sg_id]
   db_subnet_group_name = aws_db_subnet_group.arvados_db_subnet_group[0].name

diff --git a/tools/salt-install/terraform/aws/services/terraform.tfvars b/tools/salt-install/terraform/aws/services/terraform.tfvars
index 5ada04ee9184b86942e8d6c5fd7ce38f9e881b96..a11dde20cc5f130c8d99f685dc9138be516d0363 100644 (file)
--- a/tools/salt-install/terraform/aws/services/terraform.tfvars
+++ b/tools/salt-install/terraform/aws/services/terraform.tfvars
@@ -33,6 +33,8 @@
 # rds_allocated_storage = 200
 # rds_max_allocated_storage = 1000
 # rds_backup_retention_period = 30
+# rds_backup_before_deletion = false
+# rds_final_backup_name = ""
 
 # AWS secret's name which holds the SSL certificate private key's password.
 # Default: "arvados-ssl-privkey-password"

diff --git a/tools/salt-install/terraform/aws/services/variables.tf b/tools/salt-install/terraform/aws/services/variables.tf
index 7cc9d541afc1cdb75043f9a6314d0fe3da4a7c4f..1f1cca050c1b2ab786f61d65d969e7fb1e738f92 100644 (file)
--- a/tools/salt-install/terraform/aws/services/variables.tf
+++ b/tools/salt-install/terraform/aws/services/variables.tf
@@ -80,9 +80,25 @@ variable "rds_max_allocated_storage" {
 }
 
 variable "rds_backup_retention_period" {
-  description = "RDS Backup retention (days). Set to 0 to disable."
+  description = "RDS Backup retention (days). Set to 0 to disable"
   type = number
   default = 7
+  validation {
+    condition = (var.rds_backup_retention_period <= 35)
+    error_message = "rds_backup_retention_period should be less than 36 days"
+  }
+}
+
+variable "rds_backup_before_deletion" {
+  description = "Create a snapshot before deleting the RDS instance"
+  type = bool
+  default = true
+}
+
+variable "rds_final_backup_name" {
+  description = "Snapshot name to use for the RDS final snapshot"
+  type = string
+  default = ""
 }
 
 variable "rds_postgresql_version" {