fix(infra): infra

luke-h1 · Jan 2, 2025 · a82d708 · a82d708
1 parent f3e1716
commit a82d708
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/terraform/app-runner.tf b/terraform/app-runner.tf
@@ -207,7 +207,12 @@ resource "aws_apprunner_service" "app_runner_service" {
         }
 
         runtime_environment_variables = {
-          DATABASE_URL = var.database_url
+          DATABASE_URL = format(
+            "postgres://%s:%s@%s?sslmode=verify-full",
+            urlencode(aws_rds_cluster.db.master_username),
+            urlencode(aws_rds_cluster.db.master_password),
+            aws_rds_cluster.db.endpoint
+          )
           API_BASE_URL = "${var.api_base_url}"
           DEPLOYED_BY  = "${var.deployed_by}"
           DEPLOYED_AT  = "${var.deployed_at}"

diff --git a/terraform/db-vpc.tf b/terraform/db-vpc.tf
@@ -81,15 +81,6 @@ resource "aws_db_subnet_group" "db" {
   }
 }
 
-# see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
-resource "aws_security_group" "db" {
-  vpc_id      = aws_vpc.db_vpc.id
-  name        = "db"
-  description = "PostgreSQL Database"
-  tags = {
-    Name = "${var.project_name}-db"
-  }
-}
 
 # see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule
 resource "aws_vpc_security_group_ingress_rule" "db_postgresql" {

diff --git a/terraform/db.tf b/terraform/db.tf
@@ -8,6 +8,25 @@ locals {
   )
 }
 
+resource "aws_security_group" "db" {
+  name   = "${var.project_name}-${var.env}-db-sg"
+  vpc_id = aws_default_vpc.default_vpc.id
+
+  ingress {
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    security_groups = [aws_security_group.app_runner_sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
 
 data "aws_availability_zones" "available" {}