feat: AWS RDS plugins

README.md

@@ -25,9 +25,14 @@ Terraform modules that provide a consistent interface for provisioning AWS cloud
 - **Lambda** - Serverless functions with container support and VPC integration
 - **Fargate** - Container orchestration with ECS and load balancer integration
 
+### Database
+- **RDS Instance** - Managed PostgreSQL database instances with automated backups
+- **RDS Database** - PostgreSQL database and role provisioning within RDS instances
+
 ### Networking
 - **VPC** - Virtual private clouds with public/private subnets and NAT gateways
 - **Load Balancer** - Application and network load balancers for traffic distribution
+- **Security Group Rule** - Firewall rules for controlling inbound and outbound traffic
 
 ### Identity
 - **IAM Role** - Identity and access management roles with trust policies

rds-database/manifest.yaml

@@ -0,0 +1,45 @@
+name: rds-database
+display_name: RDS PostgreSQL Database
+type: database
+description: "Creates a PostgreSQL database on an existing RDS instance with automatic credential generation and service injection"
+icon: ./icon.svg
+deployment:
+  terraform: ./module
+
+inputs:
+  rds_instance_endpoint:
+    type: string
+    required: true
+    description: "Connection endpoint of the RDS instance in format hostname:port (e.g. `mydb.abc123.us-east-1.rds.amazonaws.com:5432`)"
+
+  codebuild_project_name:
+    type: string
+    required: true
+    description: "Name of the CodeBuild project for database operations (from RDS instance)"
+
+  database_name:
+    type: string
+    required: false
+    description: "Name of the database to create. If not specified, uses stack_id and resource name (e.g. `myapp_db`)"
+
+  database_owner:
+    type: string
+    required: false
+    description: "Username for the database owner role. If not specified, a unique role is created (e.g. `myapp_user`)"
+
+outputs:
+  database_name:
+    type: string
+    description: "Name of the created database"
+
+  database_owner:
+    type: string
+    description: "Username of the database owner"
+
+  database_password:
+    type: string
+    description: "Password for the database owner (sensitive)"
+
+  connection_string:
+    type: string
+    description: "PostgreSQL connection string for the database"

rds-database/module/main.tf

@@ -0,0 +1,70 @@
+# Get the current AWS region
+data "aws_region" "current" {
+}
+
+# Local variables
+locals {
+  database_name  = var.database_name != null ? var.database_name : replace("${var.suga.stack_id}_${var.suga.name}", "-", "_")
+  database_owner = var.database_owner != null ? var.database_owner : replace("${var.suga.stack_id}_${var.suga.name}_user", "-", "_")
+
+  # Build PostgreSQL connection string
+  connection_string = "postgresql://${local.database_owner}:${random_password.db_password.result}@${var.rds_instance_endpoint}/${local.database_name}?sslmode=require"
+
+  # Output service export map
+  service_outputs = {
+    for name, service in var.suga.services : name => {
+      env = {
+        (var.suga.env_var_key) = local.connection_string
+      }
+    }
+  }
+}
+
+# Generate a random password for the database owner role
+resource "random_password" "db_password" {
+  length  = 32
+  special = false
+}
+
+# Trigger CodeBuild to create the database and role
+resource "null_resource" "create_database" {
+  triggers = {
+    database_name     = local.database_name
+    database_owner    = local.database_owner
+    rds_endpoint      = var.rds_instance_endpoint
+    codebuild_project = var.codebuild_project_name
+  }
+
+  provisioner "local-exec" {
+    interpreter = ["bash", "-c"]
+    command = <<EOF
+      BUILD_ID=$(aws codebuild start-build \
+        --region ${data.aws_region.current.id} \
+        --project-name ${var.codebuild_project_name} \
+        --environment-variables-override '${jsonencode([
+    {
+      name  = "DB_NAME"
+      value = local.database_name
+    },
+    {
+      name  = "DB_ROLE"
+      value = local.database_owner
+    },
+    {
+      name  = "DB_ROLE_PASSWORD"
+      value = random_password.db_password.result
+    }
+])}' \
+        --query 'build.id' --output text)
+      STATUS="IN_PROGRESS"
+      while [[ $STATUS == "IN_PROGRESS" ]]; do
+        sleep 5
+        STATUS=$(aws codebuild batch-get-builds --region ${data.aws_region.current.id} --ids $BUILD_ID --query 'builds[0].buildStatus' --output text)
+      done
+      if [[ $STATUS != "SUCCEEDED" ]]; then
+        echo "Build failed with status $STATUS"
+        exit 1
+      fi
+    EOF
+}
+}

rds-database/module/outputs.tf

@@ -0,0 +1,32 @@
+output "database_name" {
+  description = "Name of the created database"
+  value       = local.database_name
+}
+
+output "database_owner" {
+  description = "Username of the database owner"
+  value       = local.database_owner
+}
+
+output "database_password" {
+  description = "Password for the database owner"
+  value       = random_password.db_password.result
+  sensitive   = true
+}
+
+output "connection_string" {
+  description = "PostgreSQL connection string for the database"
+  value       = local.connection_string
+  sensitive   = true
+}
+
+output "suga" {
+  value = {
+    id = local.database_name
+    exports = {
+      # Export known service outputs
+      services  = local.service_outputs
+      resources = {}
+    }
+  }
+}

rds-database/module/variables.tf

@@ -0,0 +1,35 @@
+variable "rds_instance_endpoint" {
+  type        = string
+  description = "Connection endpoint of the RDS instance in format hostname:port"
+}
+
+variable "codebuild_project_name" {
+  type        = string
+  description = "Name of the CodeBuild project for database operations"
+}
+
+variable "database_name" {
+  type        = string
+  description = "Name of the database to create"
+  default     = null
+}
+
+variable "database_owner" {
+  type        = string
+  description = "Username for the database owner role"
+  default     = null
+}
+
+variable "suga" {
+  type = object({
+    name        = string
+    stack_id    = string
+    env_var_key = string
+    services = map(object({
+      actions = list(string)
+      identities = map(object({
+        exports = map(string)
+      }))
+    }))
+  })
+}