feat: AWS RDS plugins

Author: tjholm

rds-database/icon.svg

@@ -0,0 +1,45 @@
+name: rds-database
+display_name: RDS PostgreSQL Database
+type: database
+description: "Creates a PostgreSQL database on an existing RDS instance with automatic credential generation and service injection"
+icon: ./icon.svg
+deployment:
+  terraform: ./module
+
+inputs:
+  rds_instance_endpoint:
+    type: string
+    required: true
+    description: "Connection endpoint of the RDS instance in format hostname:port (e.g. `mydb.abc123.us-east-1.rds.amazonaws.com:5432`)"
+
+  codebuild_project_name:
+    type: string
+    required: true
+    description: "Name of the CodeBuild project for database operations (from RDS instance)"
+
+  database_name:
+    type: string
+    required: false
+    description: "Name of the database to create. If not specified, uses stack_id and resource name (e.g. `myapp_db`)"
+
+  database_owner:
+    type: string
+    required: false
+    description: "Username for the database owner role. If not specified, a unique role is created (e.g. `myapp_user`)"
+
+outputs:
+  database_name:
+    type: string
+    description: "Name of the created database"
+
+  database_owner:
+    type: string
+    description: "Username of the database owner"
+
+  database_password:
+    type: string
+    description: "Password for the database owner (sensitive)"
+
+  connection_string:
+    type: string
+    description: "PostgreSQL connection string for the database"

rds-database/manifest.yaml

@@ -0,0 +1,65 @@
+# Local variables
+locals {
+  database_name  = var.database_name != null ? var.database_name : replace("${var.suga.stack_id}_${var.suga.name}", "-", "_")
+  database_owner = var.database_owner != null ? var.database_owner : replace("${var.suga.stack_id}_${var.suga.name}_user", "-", "_")
+
+  # Build PostgreSQL connection string
+  connection_string = "postgresql://${local.database_owner}:${random_password.db_password.result}@${var.rds_instance_endpoint}/${local.database_name}?sslmode=require"
+
+  # Output service export map
+  service_outputs = {
+    for name, service in var.suga.services : name => {
+      env = {
+        (var.suga.env_var_key) = local.connection_string
+      }
+    }
+  }
+}
+
+# Generate a random password for the database owner role
+resource "random_password" "db_password" {
+  length  = 32
+  special = false
+}
+
+# Trigger CodeBuild to create the database and role
+resource "null_resource" "create_database" {
+  triggers = {
+    database_name     = local.database_name
+    database_owner    = local.database_owner
+    rds_endpoint      = var.rds_instance_endpoint
+    codebuild_project = var.codebuild_project_name
+  }
+
+  provisioner "local-exec" {
+    interpreter = ["bash", "-c"]
+    command     = <<EOF
+      BUILD_ID=$(aws codebuild start-build \
+        --project-name ${var.codebuild_project_name} \
+        --environment-variables-override '${jsonencode([
+          {
+            name  = "DB_NAME"
+            value = local.database_name
+          },
+          {
+            name  = "DB_ROLE"
+            value = local.database_owner
+          },
+          {
+            name  = "DB_ROLE_PASSWORD"
+            value = random_password.db_password.result
+          }
+        ])}' \
+        --query 'build.id' --output text)
+      STATUS="IN_PROGRESS"
+      while [[ $STATUS == "IN_PROGRESS" ]]; do
+        sleep 5
+        STATUS=$(aws codebuild batch-get-builds --ids $BUILD_ID --query 'builds[0].buildStatus' --output text)
+      done
+      if [[ $STATUS != "SUCCEEDED" ]]; then
+        echo "Build failed with status $STATUS"
+        exit 1
+      fi
+    EOF
+  }
+}

rds-database/module/main.tf

@@ -0,0 +1,32 @@
+output "database_name" {
+  description = "Name of the created database"
+  value       = local.database_name
+}
+
+output "database_owner" {
+  description = "Username of the database owner"
+  value       = local.database_owner
+}
+
+output "database_password" {
+  description = "Password for the database owner"
+  value       = random_password.db_password.result
+  sensitive   = true
+}
+
+output "connection_string" {
+  description = "PostgreSQL connection string for the database"
+  value       = local.connection_string
+  sensitive   = true
+}
+
+output "suga" {
+  value = {
+    id      = local.database_name
+    exports = {
+      # Export known service outputs
+      services  = local.service_outputs
+      resources = {}
+    }
+  }
+}

rds-database/module/outputs.tf

@@ -0,0 +1,35 @@
+variable "rds_instance_endpoint" {
+  type        = string
+  description = "Connection endpoint of the RDS instance in format hostname:port"
+}
+
+variable "codebuild_project_name" {
+  type        = string
+  description = "Name of the CodeBuild project for database operations"
+}
+
+variable "database_name" {
+  type        = string
+  description = "Name of the database to create"
+  default     = null
+}
+
+variable "database_owner" {
+  type        = string
+  description = "Username for the database owner role"
+  default     = null
+}
+
+variable "suga" {
+  type = object({
+    name     = string
+    stack_id = string
+    env_var_key = string
+    services = map(object({
+      actions = list(string)
+      identities = map(object({
+        exports = map(string)
+      }))
+    }))
+  })
+}