Usage

To prevent accidental data deletion it has proven useful to put the storage devices for the database (data and backup) into a separate terraform module. This also makes it easier to re-provision the instance without risking deleting valuable data.

The examples below embrace this pattern, so each example has two different modules:

  • /storage contains all hcloud_volume resources for the databases
  • instance contains the database instance itself, the storage id is retrieved using the hcloud_volume data lookup

S3 Backed Backup

Below a minimal example of a PostgreSQL database using S3 as backup storage backend. The full example can be downloaded from the latest release.

instance/main.tf



data "aws_s3_bucket" "backup" {
  bucket = "test-rds-postgresql-backup"
}

data "hcloud_volume" "data" {
  name = "rds-postgresql-data"
}

resource "tls_private_key" "ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "hcloud_ssh_key" "ssh_key" {
  name       = "rds-postgresql"
  public_key = tls_private_key.ssh_key.public_key_openssh
}

module "rds-postgresql" {
  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
  version = "0.3.1"

  name     = "rds-postgresql"
  location = var.hetzner_location

  ssh_keys = [hcloud_ssh_key.ssh_key.id]

  data_volume = data.hcloud_volume.data.id

  backup_s3_bucket     = data.aws_s3_bucket.backup.id
  backup_s3_access_key = var.backup_s3_access_key
  backup_s3_secret_key = var.backup_s3_secret_key

  databases = [
    { id : "database1", user : "user1", password : "password1" }
  ]
}

Local attached storage Backup

Below a minimal example of a PostgreSQL database using a local volume backup storage backend. The full example can be downloaded from the latest release.

instance/main.tf



resource "tls_private_key" "ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "hcloud_ssh_key" "ssh_key" {
  name       = "rds-postgresql"
  public_key = tls_private_key.ssh_key.public_key_openssh
}

data "hcloud_volume" "data" {
  name = "rds-postgresql-data"
}

data "hcloud_volume" "backup" {
  name = "rds-postgresql-backup"
}

module "rds-postgresql" {
  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
  version = "0.3.1"
  name     = "rds-postgresql"
  location = var.hetzner_location
  ssh_keys = [hcloud_ssh_key.ssh_key.id]

  backup_volume = data.hcloud_volume.backup.id
  data_volume   = data.hcloud_volume.data.id

  databases = [
    { id : "database1", user : "user1", password : "password1" }
  ]
}

Private Networking Only

This example places the database instance in a private network so that it is not reachable from the internet.



resource "tls_private_key" "ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "hcloud_ssh_key" "ssh_key" {
  name       = "rds-postgresql"
  public_key = tls_private_key.ssh_key.public_key_openssh
}

data "hcloud_volume" "data" {
  name = "rds-postgresql-data"
}

data "hcloud_volume" "backup" {
  name = "rds-postgresql-backup"
}

resource "hcloud_network" "network" {
  ip_range = "10.0.0.0/16"
  name     = "network"
}

resource "hcloud_network_subnet" "subnet" {
  ip_range     = "10.0.1.0/24"
  network_id   = hcloud_network.network.id
  network_zone = "eu-central"
  type         = "cloud"
}

module "rds-postgresql" {
  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
  version = "0.3.1"

  name     = "rds-postgresql"
  location = var.hetzner_location
  ssh_keys = [hcloud_ssh_key.ssh_key.id]

  backup_volume = data.hcloud_volume.backup.id
  data_volume   = data.hcloud_volume.data.id

  public_net_ipv4_enabled = false
  public_net_ipv6_enabled = false
  network_id              = hcloud_network.network.id
  network_ip              = "10.0.1.5"

  databases = [
    { id : "database1", user : "user1", password : "password1" }
  ]
}

Hetzner Object Storage

This examples show how to use Hetzner Object storage as a provider for the S3 bucket. The full example can be downloaded from the latest release.



data "hcloud_volume" "data" {
  name = "rds-postgresql-data"
}

resource "tls_private_key" "ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "hcloud_ssh_key" "ssh_key" {
  name       = "rds-postgresql"
  public_key = tls_private_key.ssh_key.public_key_openssh
}

module "rds-postgresql" {
  source  = "pellepelster/solidblocks-rds-postgresql/hcloud"
  version = "0.3.1"

  name     = "rds-postgresql"
  location = var.hetzner_location

  ssh_keys = [hcloud_ssh_key.ssh_key.id]

  data_volume = data.hcloud_volume.data.id

  backup_s3_bucket     = "rds-postgresql-backup"
  backup_s3_host       = "${var.hetzner_location}.your-objectstorage.com"
  backup_s3_access_key = var.backup_s3_access_key
  backup_s3_secret_key = var.backup_s3_secret_key

  databases = [
    { id : "database1", user : "user1", password : "password1" }
  ]
}