Dedicated Terraform repository for the Garage project's RDS PostgreSQL database infrastructure. This repository manages the database instance, security groups, subnet groups, and SSM parameters independently from the main cloud infrastructure.
- RDS PostgreSQL Instance —
db.t3.microrunning PostgreSQL 16.11 - DB Subnet Group — Places the RDS instance in private subnets across two availability zones
- RDS Security Group — Controls ingress from EKS nodes and Lambda functions on port 5432
- SSM Parameters — Publishes
/garage/prod/db/endpointand/garage/prod/db/secret_arnfor service discovery
- Terraform >= 1.5.0
- AWS CLI configured with valid credentials
- Access to the S3 state bucket:
garage-terraform-state-211125475874 - The
garage-cloud-stackmust be applied first (provides VPC, subnets, and security group outputs)
This repository depends on outputs from garage-cloud-stack. Always follow this order:
- garage-cloud-stack — Apply first to provision VPC, EKS, Lambda, and expose network outputs
- garage-database-infra — Apply second to provision RDS and publish SSM parameters
- tech-challange (K8s deploy) — Reads DB connection details from SSM parameters
cd infra
terraform init
terraform plan
terraform applygarage-database-infra/
├── .github/
│ └── workflows/
│ └── pipeline.yml # CI/CD pipeline (triggers on push to master)
├── infra/
│ ├── main.tf # Provider, backend, locals, remote state
│ ├── rds.tf # RDS instance and DB subnet group
│ ├── security_groups.tf # RDS security group and ingress rules
│ ├── ssm_parameter.tf # SSM parameters for DB endpoint and secret ARN
│ ├── outputs.tf # Terraform outputs
│ ├── variables.tf # Input variables
│ └── terraform.tfvars # Variable values
├── docs/
│ └── MIGRATION.md # State migration procedure
└── README.md
If migrating existing RDS resources from garage-cloud-stack, see docs/MIGRATION.md for the step-by-step state migration procedure.