joe/everytab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switched from rds to i5 ec2 for nvme disk read/write speeds

Browse source
This commit is contained in:
Joe Lothan 2026-05-25 18:17:07 -04:00
parent c93d1736fe
commit bf8b932cdc
4 changed files with 233 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

78
infra/main.tf
View file

@ -28,13 +28,14 @@ variable "vpc_id" {
}
variable "subnet_ids" {
description = "At least 2 subnet IDs in different AZs (required for RDS subnet group)"
description = "Subnet IDs — both EC2 instances are placed in subnet_ids[0] (same AZ for low latency)"
type = list(string)
}
variable "db_password" {
description = "Postgres master password"
description = "Unused — kept for tfvars compatibility. Local Postgres uses trust auth."
type = string
default = ""
sensitive = true
}
@ -54,7 +55,7 @@ variable "ec2_ami" {
}
variable "scanning" {
description = "Set to true during scanning phase, false for serving-only (tears down EC2, RDS, icons bucket)"
description = "Set to true during scanning phase, false for serving-only (tears down EC2 instances)"
type = bool
default = true
}
@ -116,18 +117,32 @@ resource "aws_security_group" "ec2" {
}
}
resource "aws_security_group" "rds" {
resource "aws_security_group" "db" {
count = var.scanning ? 1 : 0
name = "everytab-rds"
description = "EveryTab RDS instance"
name = "everytab-db"
description = "EveryTab DB instance (Postgres on NVMe)"
vpc_id = var.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.ssh_cidr]
}
ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
security_groups = [aws_security_group.ec2[0].id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# --- IAM ---
@ -310,31 +325,23 @@ resource "aws_s3_bucket_policy" "site" {
})
}
# --- RDS ---
# --- DB Instance (i3.large with local NVMe for Postgres) ---
resource "aws_db_subnet_group" "main" {
count = var.scanning ? 1 : 0
name = "everytab"
subnet_ids = var.subnet_ids
variable "db_instance_type" {
default = "i3.large"
}
resource "aws_db_instance" "main" {
count = var.scanning ? 1 : 0
identifier = "everytab"
engine = "postgres"
engine_version = "16"
instance_class = "db.t3.medium"
allocated_storage = 20
storage_type = "gp3"
db_name = "everytab"
username = "everytab"
password = var.db_password
db_subnet_group_name = aws_db_subnet_group.main[0].name
vpc_security_group_ids = [aws_security_group.rds[0].id]
publicly_accessible = false
multi_az = false
backup_retention_period = 0
skip_final_snapshot = true
resource "aws_instance" "db" {
count = var.scanning ? 1 : 0
ami = var.ec2_ami != "" ? var.ec2_ami : data.aws_ami.al2023.id
instance_type = var.db_instance_type
key_name = aws_key_pair.ec2[0].key_name
vpc_security_group_ids = [aws_security_group.db[0].id]
subnet_id = var.subnet_ids[0]
tags = {
Name = "everytab-db"
}
}
# --- EC2 ---
@ -364,13 +371,16 @@ output "ec2_public_ip" {
value = var.scanning ? aws_instance.main[0].public_ip : null
}
output "rds_endpoint" {
value = var.scanning ? aws_db_instance.main[0].endpoint : null
output "db_private_ip" {
value = var.scanning ? aws_instance.db[0].private_ip : null
}
output "db_public_ip" {
value = var.scanning ? aws_instance.db[0].public_ip : null
}
output "database_url" {
value = var.scanning ? "postgres://everytab:${var.db_password}@${aws_db_instance.main[0].endpoint}/everytab" : null
sensitive = true
value = var.scanning ? "postgres://everytab@${aws_instance.db[0].private_ip}:5432/everytab" : null
}
output "ssh_private_key" {
@ -382,6 +392,10 @@ output "ssh_command" {
value = var.scanning ? "ssh -i everytab-key ec2-user@${aws_instance.main[0].public_ip}" : null
}
output "ssh_command_db" {
value = var.scanning ? "ssh -i everytab-key ec2-user@${aws_instance.db[0].public_ip}" : null
}
output "cloudfront_domain" {
value = aws_cloudfront_distribution.site.domain_name
}