Initial feedback

keycloak · Jul 20, 2023 · 59bdf09 · 59bdf09
1 parent 4dae8f4
commit 59bdf09
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 12 deletions.
diff --git a/doc/kubernetes/modules/ROOT/pages/storage/aurora-postgres.adoc b/doc/kubernetes/modules/ROOT/pages/storage/aurora-postgres.adoc
@@ -9,25 +9,31 @@ following env:
 
 [source]
 ----
-AURORA_CLUSTER= # The name of the Aurora cluster instance
+AURORA_CLUSTER= # The name of the Aurora cluster
 AURORA_REGION= # The AWS region hosting the Aurora cluster
 ----
 
 This creates the necessary VPCs, subnets and routes required by an Aurora cluster as well as a single Aurora instance
 for said cluster. The script waits until both the cluster and instance are available. If the cluster already exists,
 a message indiciating this is displayed and the script will fail with exit code 1.
 
+[NOTE]
+====
+The specified `AURORA_CLUSTER` must be unique per the AWS region and follow the conventions outlined for the
+https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html#Aurora.CreateInstance.Settings["DB cluster identifier"].
+====
+
 == Connecting ROSA cluster to Aurora Cluster
 
-In order to follow security best practices, the Aurora cluster is not exposed publicly over the internet. Instead, it'sa
-necessary for us to establish a [Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html)
+In order to follow security best practices, the Aurora cluster is not exposed publicly over the internet. Instead, it's
+necessary for us to establish a https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[Peering Connection]
 between a ROSA cluster VPC and the Aurora Cluster VPC.
 
 To configure such a connection execute `./provision/aws/rds/aurora_create_peering_connection.sh` with the following env:
 
 [source]
 ----
-AURORA_CLUSTER= # The name of the Aurora cluster instance
+AURORA_CLUSTER= # The name of the Aurora cluster
 AURORA_REGION= # The AWS region hosting the Aurora cluster
 CLUSTER_NAME= # The name of the ROSA cluster to establish the peering connectin with
 AWS_REGION= # The AWS region hosting the ROSA cluster
@@ -86,7 +92,7 @@ AWS_REGION= # The AWS region hosting the ROSA cluster
 Before deleting an Aurora cluster it's first necessary for all Peering Connections established with ROSA cluster(s) to
 be removed.
 
-To remove an Aurora cluster, execute `./provision/aws/rds/aurora_create.sh` with the following env:
+To remove an Aurora cluster, execute `./provision/aws/rds/aurora_delete.sh` with the following env:
 
 [source]
 ----

diff --git a/provision/aws/rds/aurora_create.sh b/provision/aws/rds/aurora_create.sh
@@ -22,6 +22,7 @@ fi
 # Create the Aurora VPC
 AURORA_VPC=$(aws ec2 create-vpc \
   --cidr-block ${AURORA_VPC_CIDR} \
+  --output json \
   | jq -r '.Vpc.VpcId'
 )
 
@@ -30,18 +31,21 @@ SUBNET_A=$(aws ec2 create-subnet \
   --availability-zone "${AWS_REGION}a" \
   --vpc-id ${AURORA_VPC} \
   --cidr-block 192.168.0.0/19 \
+  --output json \
   | jq -r '.Subnet.SubnetId'
 )
 
 SUBNET_B=$(aws ec2 create-subnet \
   --availability-zone "${AWS_REGION}b" \
   --vpc-id ${AURORA_VPC} \
   --cidr-block 192.168.32.0/19 \
+  --output json \
   | jq -r '.Subnet.SubnetId'
 )
 
 AURORA_PUBLIC_ROUTE_TABLE_ID=$(aws ec2 describe-route-tables \
   --filters Name=vpc-id,Values=${AURORA_VPC} \
+  --output json \
   | jq -r '.RouteTables[0].RouteTableId'
 )
 
@@ -64,6 +68,7 @@ AURORA_SECURITY_GROUP_ID=$(aws ec2 create-security-group \
   --group-name ${AURORA_SECURITY_GROUP_NAME} \
   --description "Aurora DB Security Group" \
   --vpc-id ${AURORA_VPC} \
+  --output json \
   | jq -r '.GroupId'
 )
 
@@ -75,7 +80,7 @@ aws rds create-db-cluster \
     --master-username ${AURORA_USERNAME} \
     --master-user-password ${AURORA_PASSWORD} \
     --vpc-security-group-ids ${AURORA_SECURITY_GROUP_ID} \
-    --db-subnet-group-name ${AURORA_SUBNET_GROUP_NAME} \
+    --db-subnet-group-name ${AURORA_SUBNET_GROUP_NAME}
 
 aws rds create-db-instance \
   --db-cluster-identifier ${AURORA_CLUSTER} \

diff --git a/provision/aws/rds/aurora_create_peering_connection.sh b/provision/aws/rds/aurora_create_peering_connection.sh
@@ -23,6 +23,7 @@ if [ -z "${AURORA_VPC}" ]; then
   AURORA_VPC=$(aws ec2 create-vpc \
   --cidr-block ${AURORA_VPC_CIDR} \
   --region ${AURORA_REGION} \
+  --output json \
   | jq -r '.Vpc.VpcId'
   )
 fi
@@ -33,8 +34,8 @@ NODE=$(oc get nodes --selector=node-role.kubernetes.io/worker \
 
 ROSA_VPC=$(aws ec2 describe-instances \
   --filters "Name=private-dns-name,Values=${NODE}" \
-  --output json \
   --query 'Reservations[*].Instances[*].{VpcId:VpcId}' \
+  --output json \
   | jq -r '.[0][0].VpcId'
 )
 
@@ -75,8 +76,8 @@ aws ec2 create-route \
 AURORA_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \
   --filters "Name=group-name,Values=${AURORA_SECURITY_GROUP_NAME}" \
   --query "SecurityGroups[*].GroupId" \
-  --output text \
-  --region ${AURORA_REGION}
+  --region ${AURORA_REGION} \
+  --output text
 )
 
 aws ec2 authorize-security-group-ingress \

diff --git a/provision/aws/rds/aurora_delete_peering_connection.sh b/provision/aws/rds/aurora_delete_peering_connection.sh
@@ -18,8 +18,8 @@ if [ -z "${ROSA_VPC}" ]; then
 
   ROSA_VPC=$(aws ec2 describe-instances \
     --filters "Name=private-dns-name,Values=$NODE" \
-    --output json \
     --query 'Reservations[*].Instances[*].{VpcId:VpcId}' \
+    --output json \
     | jq -r '.[0][0].VpcId'
   )
 fi
@@ -60,8 +60,8 @@ if [ -n ${AURORA_REGION} ]; then
   AURORA_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \
     --filters "Name=vpc-id,Values=${AURORA_VPC}" "Name=group-name,Values=${AURORA_SECURITY_GROUP_NAME}" \
     --query "SecurityGroups[*].GroupId" \
-    --output text \
-    --region ${AURORA_REGION}
+    --region ${AURORA_REGION} \
+    --output text
   )
   if [ -n "${AURORA_SECURITY_GROUP_ID}" ]; then
     aws ec2 revoke-security-group-ingress \