Hi,
I've been trying to search the net for a solution but has not found anything that works.
First, I'm trying to create a Aurora Cluster:
resource "aws_rds_cluster" "example" {
count = 1
cluster_identifier = "example-${lower(terraform.workspace)}"
db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.postgresql.name
engine = "aurora-postgresql"
master_username = var.rds_postgresql.master.username
master_password = var.rds_postgresql.master.password
database_name = var.rds_postgresql.app1.database
vpc_security_group_ids = [aws_security_group.db.id]
db_subnet_group_name = aws_db_subnet_group.example.name
storage_encrypted = true
skip_final_snapshot = true
}
resource "aws_rds_cluster_instance" "example" {
count = 1
cluster_identifier = aws_rds_cluster.example[0].id
engine = aws_rds_cluster.example[0].engine
engine_version = aws_rds_cluster.example[0].engine_version
db_parameter_group_name = aws_db_parameter_group.postgresql.name
identifier = "db-example-${lower(terraform.workspace)}-${count.index + 1}"
instance_class = var.rds_pg_instance_class
apply_immediately = true
auto_minor_version_upgrade = false
performance_insights_enabled = true
}
But after this has been created, I'd like to create a custom user with limited access. The AWS provider doesn't have this option, so MySQL provider is needed.
provider "postgresql" {
host = aws_rds_cluster_instance.example[0].endpoint
username = var.rds_postgresql.master.username
password = var.rds_postgresql.master.password
}
resource "postgresql_role" "app_user" {
name = var.rds_postgresql.app1.username
password = var.rds_postgresql.app1.password
login = true
}
resource "postgresql_grant" "app_user" {
role = var.rds_postgresql.app1.username
schema = "*"
database = aws_rds_cluster.example[0].database_name
object_type = "table"
privileges = ["SELECT", "INSERT", "UPDATE", "DELETE"]
}
Problem I'm facing is that the provider itself need the connection info and is trying to access the database before it's created. Using the function "depends_on" doesn't work with these nested providers.
Has anyone faced this kind of issue and how did you solve it?
Might have to add that this is not using modules. It's ment to be in a automation with other systems and needs to be in one file.
Thanks in advance even if I don't get any help!