[Issue 1119] Finish deploying DMS resources 🎉 #1132
Conversation
| # security group for the source DB | ||
| data "aws_security_group" "source_db" { | ||
| # security group for the DMS | ||
| data "aws_security_group" "dms" { |
There was a problem hiding this comment.
Slightly misleading name
| endpoint_type = "source" | ||
| engine_name = "oracle" | ||
| kms_key_arn = aws_kms_key.dms_endpoints.arn | ||
| ssl_mode = "none" | ||
| secrets_manager_access_role_arn = aws_iam_role.dms_access.arn | ||
| secrets_manager_arn = data.aws_secretsmanager_secret.source_db.arn | ||
| secrets_manager_arn = data.aws_secretsmanager_secret.source_db.id |
There was a problem hiding this comment.
It says "secrets_manager_arn" but recommendations I saw online said to use the id instead 🤷🏼♂️ 🤷🏼♀️ 🤷🏼
| resource "aws_dms_replication_subnet_group" "subnet" { | ||
| replication_subnet_group_description = "${var.environment_name} replication subnet group" | ||
| replication_subnet_group_id = "${var.environment_name}-replication-subnet-group" | ||
| subnet_ids = data.aws_subnets.all.ids | ||
| } |
There was a problem hiding this comment.
Not sure why so many AWS services need their own special purpose subnets
Also not sure if this should be attached to all the subnets or just the private ones.
There was a problem hiding this comment.
would it be better to add some of these services to preexisting subnet groups rather than creating their own? (e.g. all DMS and DB related resources in the same subnet groups)
There was a problem hiding this comment.
@aplybeah Yes but we're constrained by AWS's architecture here, which requires a specific DMS subnet. That's what this resource is for.
So this isn't anything we can change, more so it's a comment about the way AWS architects it's services. GCP does the opposite thing, where it almost always uses the standard VPC subnets that you provide.
| # Unfortunatly, the secret auto-generated by AWS RDS does not include the host and the port. | ||
| # So here we have created a new secret with the host and the port. | ||
| # docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret |
Summary
Closes #1119
Time to review: 3 mins
Changes proposed
Random changes needed in order to get the terraform-created DMS configuration working
I've tested in the console and can confirm it to be full functional now!