diff --git a/terraform/aws/implementation/main.tf b/terraform/aws/implementation/main.tf
index 11d83268..82279a33 100644
--- a/terraform/aws/implementation/main.tf
+++ b/terraform/aws/implementation/main.tf
@@ -43,6 +43,9 @@ module "eks" {
ecr_viewer_s3_role_arn = module.s3.ecr_viewer_s3_role_arn
tefca_viewer_db_role_arn = module.rds.tefca_viewer_db_role_arn
tefca_db_connection_string = module.rds.tefca_db_connection_string
+ tefca_jdbc_db_url = module.rds.tefca_jdbc_db_url
+ tefca_jdbc_db_password = module.rds.tefca_jdbc_db_password
+ tefca_jdbc_db_user = module.rds.tefca_jdbc_db_user
domain_name = local.domain_name
ecr_bucket_name = module.s3.ecr_bucket_name
enable_cognito = var.enable_cognito
diff --git a/terraform/aws/implementation/modules/eks/README.md b/terraform/aws/implementation/modules/eks/README.md
index 791059ad..780fffbe 100644
--- a/terraform/aws/implementation/modules/eks/README.md
+++ b/terraform/aws/implementation/modules/eks/README.md
@@ -79,6 +79,9 @@
| [smarty\_auth\_id](#input\_smarty\_auth\_id) | value of the SmartyStreets Auth ID | `any` | n/a | yes |
| [smarty\_auth\_token](#input\_smarty\_auth\_token) | value of the SmartyStreets Auth Token | `any` | n/a | yes |
| [tefca\_db\_connection\_string](#input\_tefca\_db\_connection\_string) | Connection string to the tefca database | `any` | n/a | yes |
+| [tefca\_jdbc\_db\_password](#input\_tefca\_jdbc\_db\_password) | JDBC password for flyway to the tefca database | `any` | n/a | yes |
+| [tefca\_jdbc\_db\_url](#input\_tefca\_jdbc\_db\_url) | JDBC connection string for flyway to the tefca database | `any` | n/a | yes |
+| [tefca\_jdbc\_db\_user](#input\_tefca\_jdbc\_db\_user) | JDBC username for flyway to the tefca database | `any` | n/a | yes |
| [tefca\_viewer\_db\_role\_arn](#input\_tefca\_viewer\_db\_role\_arn) | The db Role ARN for the Tefca Viewer Service | `any` | n/a | yes |
| [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |
diff --git a/terraform/aws/implementation/modules/eks/main.tf b/terraform/aws/implementation/modules/eks/main.tf
index c125dbf4..0d86d507 100644
--- a/terraform/aws/implementation/modules/eks/main.tf
+++ b/terraform/aws/implementation/modules/eks/main.tf
@@ -298,7 +298,7 @@ data "external" "latest_phdi_release" {
resource "helm_release" "building_blocks" {
depends_on = [terraform_data.wait_for_load_balancer_controller]
for_each = var.services_to_chart
- repository = "https://github.com/CDCgov/phdi-charts/tree/alis/upgrades/2565/85"
+ repository = "https://cdcgov.github.io/phdi-charts/"
name = "phdi-playground-${terraform.workspace}-${each.key}"
chart = each.value
version = data.external.chart_versions.result[each.value]
@@ -306,22 +306,38 @@ resource "helm_release" "building_blocks" {
recreate_pods = true
cleanup_on_fail = true
- set {
- name = "databaseUrl"
+ set_sensitive {
+ name = "jdbcDatabaseUrl"
+ value = var.tefca_jdbc_db_url
+ }
+
+ set_sensitive {
+ name = "jdbcDatabasePassword"
+ value = var.tefca_jdbc_db_password
+ }
+
+ set_sensitive {
+ name = "jdbcDatabaseUser"
+ value = var.tefca_jdbc_db_user
+ }
+
+ set_sensitive {
+ name = "databaseConnectionString"
value = var.tefca_db_connection_string
}
set {
name = "image.tag"
- value = data.external.latest_phdi_release.result.tagName
+ # value = data.external.latest_phdi_release.result.tagName
+ value = "v1.6.7"
}
- set {
+ set_sensitive {
name = "smartyAuthId"
value = var.smarty_auth_id
}
- set {
+ set_sensitive {
name = "smartyToken"
value = var.smarty_auth_token
}
@@ -337,6 +353,8 @@ resource "helm_release" "building_blocks" {
}
# Values needed for orchestration service
+ # "phdi-playground-${terraform.workspace}-${each.key}-${each.key}-service"
+ # phdi-playground-dev-ecr-viewer-ecr-viewer-service
set {
name = "fhirConverterUrl"
value = "https://${var.domain_name}/fhir-converter"
diff --git a/terraform/aws/implementation/modules/eks/variables.tf b/terraform/aws/implementation/modules/eks/variables.tf
index e2d39816..b2dae9c3 100644
--- a/terraform/aws/implementation/modules/eks/variables.tf
+++ b/terraform/aws/implementation/modules/eks/variables.tf
@@ -89,4 +89,16 @@ variable "cognito_domain" {
variable "tefca_db_connection_string" {
description = "Connection string to the tefca database"
+}
+
+variable "tefca_jdbc_db_url" {
+ description = "JDBC connection string for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_password" {
+ description = "JDBC password for flyway to the tefca database"
+}
+
+variable "tefca_jdbc_db_user" {
+ description = "JDBC username for flyway to the tefca database"
}
\ No newline at end of file
diff --git a/terraform/aws/implementation/modules/rds/README.md b/terraform/aws/implementation/modules/rds/README.md
index fbf40593..9013a061 100644
--- a/terraform/aws/implementation/modules/rds/README.md
+++ b/terraform/aws/implementation/modules/rds/README.md
@@ -48,5 +48,8 @@ No modules.
| Name | Description |
|------|-------------|
| [tefca\_db\_connection\_string](#output\_tefca\_db\_connection\_string) | n/a |
+| [tefca\_jdbc\_db\_password](#output\_tefca\_jdbc\_db\_password) | n/a |
+| [tefca\_jdbc\_db\_url](#output\_tefca\_jdbc\_db\_url) | n/a |
+| [tefca\_jdbc\_db\_user](#output\_tefca\_jdbc\_db\_user) | n/a |
| [tefca\_viewer\_db\_role\_arn](#output\_tefca\_viewer\_db\_role\_arn) | n/a |
\ No newline at end of file
diff --git a/terraform/aws/implementation/modules/rds/main.tf b/terraform/aws/implementation/modules/rds/main.tf
index 2fb83299..f470debe 100644
--- a/terraform/aws/implementation/modules/rds/main.tf
+++ b/terraform/aws/implementation/modules/rds/main.tf
@@ -7,7 +7,7 @@ resource "aws_db_instance" "tefca-viewer-db" {
engine = var.engine_type
engine_version = var.engine_version
username = var.db_username
- password = random_string.setup_rds_password.result
+ password = random_password.setup_rds_password.result
db_subnet_group_name = aws_db_subnet_group.this.name
vpc_security_group_ids = [aws_security_group.ds_sg.id]
parameter_group_name = aws_db_parameter_group.this.name
@@ -40,7 +40,7 @@ resource "aws_security_group" "ds_sg" {
from_port = 5432
to_port = 5432
protocol = "tcp"
- cidr_blocks = ["10.0.0.0/16"]
+ cidr_blocks = ["176.24.0.0/16"]
}
# Allow all outbound traffic
@@ -65,9 +65,9 @@ resource "aws_db_subnet_group" "this" {
# TODO: Update for Production to AWS Secrets Manager
# This resource's attribute(s) default value is true
-resource "random_string" "setup_rds_password" {
+resource "random_password" "setup_rds_password" {
length = 13 #update as needed
# Character set that excludes problematic characters like quotes, backslashes, etc.
- override_special = "_!@#-$%^&*()[]{}"
+ override_special = "()[]{}"
}
diff --git a/terraform/aws/implementation/modules/rds/output.tf b/terraform/aws/implementation/modules/rds/output.tf
index 5a47f3dd..a7203343 100644
--- a/terraform/aws/implementation/modules/rds/output.tf
+++ b/terraform/aws/implementation/modules/rds/output.tf
@@ -3,6 +3,21 @@ output "tefca_viewer_db_role_arn" {
}
output "tefca_db_connection_string" {
- value = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}:5432/${aws_db_instance.tefca-viewer-db.db_name}"
+ value = "postgresql://${aws_db_instance.tefca-viewer-db.username}:${aws_db_instance.tefca-viewer-db.password}@${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
sensitive = true
}
+
+output "tefca_jdbc_db_url" {
+ value = "jdbc:postgres://${aws_db_instance.tefca-viewer-db.endpoint}/${aws_db_instance.tefca-viewer-db.db_name}"
+ sensitive = true
+}
+
+output "tefca_jdbc_db_user" {
+ value = aws_db_instance.tefca-viewer-db.username
+ sensitive = true
+}
+
+output "tefca_jdbc_db_password" {
+ value = aws_db_instance.tefca-viewer-db.password
+ sensitive = true
+}
\ No newline at end of file