From d6fc660763b52c28ddfcd11c7a901e086427f934 Mon Sep 17 00:00:00 2001
From: Alejandro Garrido Mota <garridomota@gmail.com>
Date: Tue, 30 Mar 2021 11:17:44 +0100
Subject: [PATCH 1/3] - Using AWS data resources instead of remote state -
 Deleted unnecessary variables

---
 README.md      |  1 -
 example/rds.tf | 29 +++++++++++------------------
 main.tf        | 31 ++++++++++++++++++++-----------
 variables.tf   |  4 ----
 4 files changed, 31 insertions(+), 34 deletions(-)

diff --git a/README.md b/README.md
index def09e4..52cfb9d 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,6 @@ See [this example](example/rds.tf)
 | allow_major_version_upgrade | Indicates that major version upgrades are allowed |  string | false | no |
 | allow_minor_version_upgrade | Indicates that minor upgrades (eg 12.x for Postgres) are allowed |  bool | true | no |
 | cluster_name | The name of the cluster (eg.: cloud-platform-live-0) | string |  | yes |
-| cluster_state_bucket | The name of the S3 bucket holding the terraform state for the cluster | string | | yes |
 | db_allocated_storage | The allocated storage in gibibytes | string | `10` | no |
 | db_max_allocated_storage | Total storage in gibibytes up to which this RDS will autoscale | string | `10000` | no |
 | db_engine | Database engine used | string | `postgres` | no |
diff --git a/example/rds.tf b/example/rds.tf
index f248348..64c8329 100644
--- a/example/rds.tf
+++ b/example/rds.tf
@@ -4,11 +4,7 @@
  *
  */
 
-variable "cluster_name" {
-}
-
-variable "cluster_state_bucket" {
-}
+variable "cluster_name" {}
 
 /*
  * Make sure that you use the latest version of the module by changing the
@@ -21,14 +17,13 @@ variable "cluster_state_bucket" {
 # Make sure you restart your pods which use this RDS secret to avoid any down time.
 
 module "example_team_rds" {
-  source               = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=5.13.1"
-  cluster_name         = var.cluster_name
-  cluster_state_bucket = var.cluster_state_bucket
-  team_name            = "example-repo"
-  business-unit        = "example-bu"
-  application          = "exampleapp"
-  is-production        = "false"
-  namespace            = var.namespace
+  source        = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=5.13.1"
+  cluster_name  = var.cluster_name
+  team_name     = "example-repo"
+  business-unit = "example-bu"
+  application   = "exampleapp"
+  is-production = "false"
+  namespace     = var.namespace
 
   # If the rds_name is not specified a random name will be generated ( cp-* )
   # Changing the RDS name requires the RDS to be re-created (destroy + create)
@@ -73,8 +68,6 @@ module "example_team_read_replica" {
   source = "github.com/ministryofjustice/cloud-platform-terraform-rds-instance?ref=5.8"
 
   cluster_name         = var.cluster_name
-  cluster_state_bucket = var.cluster_state_bucket
-
   application            = var.application
   environment-name       = var.environment-name
   is-production          = var.is-production
@@ -91,11 +84,11 @@ module "example_team_read_replica" {
   db_name = module.example_team_rds.database_name
 
   # Set the db_identifier of the source db
-  replicate_source_db         = module.example_team_rds.db_identifier
+  replicate_source_db = module.example_team_rds.db_identifier
 
   # Set to true. No backups or snapshots are created for read replica
-  skip_final_snapshot         = "true"
-  db_backup_retention_period  = 0
+  skip_final_snapshot        = "true"
+  db_backup_retention_period = 0
 
   providers = {
     # Can be either "aws.london" or "aws.ireland"
diff --git a/main.tf b/main.tf
index b804fab..17af6de 100644
--- a/main.tf
+++ b/main.tf
@@ -1,17 +1,26 @@
 data "aws_caller_identity" "current" {}
-
 data "aws_region" "current" {}
 
-data "terraform_remote_state" "cluster" {
-  backend = "s3"
+data "aws_vpc" "selected" {
+  filter {
+    name   = "tag:Name"
+    values = [var.cluster_name]
+  }
+}
+
+data "aws_subnet_ids" "private" {
+  vpc_id = data.aws_vpc.selected.id
 
-  config = {
-    bucket = var.cluster_state_bucket
-    region = "eu-west-1"
-    key    = "cloud-platform/${var.cluster_name}/terraform.tfstate"
+  tags = {
+    SubnetType = "Private"
   }
 }
 
+data "aws_subnet" "private" {
+  for_each = data.aws_subnet_ids.private.ids
+  id       = each.value
+}
+
 resource "random_id" "id" {
   byte_length = 8
 }
@@ -55,7 +64,7 @@ resource "aws_kms_alias" "alias" {
 resource "aws_db_subnet_group" "db_subnet" {
   count      = var.replicate_source_db != "" ? 0 : 1
   name       = local.identifier
-  subnet_ids = data.terraform_remote_state.cluster.outputs.internal_subnets_ids
+  subnet_ids = data.aws_subnet_ids.private
 
   tags = {
     business-unit          = var.business-unit
@@ -71,7 +80,7 @@ resource "aws_db_subnet_group" "db_subnet" {
 resource "aws_security_group" "rds-sg" {
   name        = local.identifier
   description = "Allow all inbound traffic"
-  vpc_id      = data.terraform_remote_state.cluster.outputs.vpc_id
+  vpc_id      = data.aws_vpc.selected.id
 
   // We cannot use `${aws_db_instance.rds.port}` here because it creates a
   // cyclic dependency. Rather than resorting to `aws_security_group_rule` which
@@ -81,14 +90,14 @@ resource "aws_security_group" "rds-sg" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = data.terraform_remote_state.cluster.outputs.internal_subnets
+    cidr_blocks = [for s in data.aws_subnet.private : s.cidr_block]
   }
 
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = data.terraform_remote_state.cluster.outputs.internal_subnets
+    cidr_blocks = [for s in data.aws_subnet.private : s.cidr_block]
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 39838a5..5c5b446 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2,10 +2,6 @@ variable "cluster_name" {
   description = "The name of the cluster (eg.: cloud-platform-live-0)"
 }
 
-variable "cluster_state_bucket" {
-  description = "The name of the S3 bucket holding the terraform state for the cluster"
-}
-
 variable "team_name" {}
 
 variable "application" {}

From 0d3f93f1931c24e7cbb0085eb121ca2b10a249b4 Mon Sep 17 00:00:00 2001
From: Alejandro Garrido Mota <garridomota@gmail.com>
Date: Tue, 30 Mar 2021 11:30:19 +0100
Subject: [PATCH 2/3] Settings resouce as a list

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 17af6de..063e75c 100644
--- a/main.tf
+++ b/main.tf
@@ -64,7 +64,7 @@ resource "aws_kms_alias" "alias" {
 resource "aws_db_subnet_group" "db_subnet" {
   count      = var.replicate_source_db != "" ? 0 : 1
   name       = local.identifier
-  subnet_ids = data.aws_subnet_ids.private
+  subnet_ids = [data.aws_subnet_ids.private]
 
   tags = {
     business-unit          = var.business-unit

From 3dbe244145fe7e16be1868af5c2338b9a832e611 Mon Sep 17 00:00:00 2001
From: Alejandro Garrido Mota <garridomota@gmail.com>
Date: Tue, 30 Mar 2021 11:32:26 +0100
Subject: [PATCH 3/3] Accesing attribute

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 063e75c..7443a06 100644
--- a/main.tf
+++ b/main.tf
@@ -64,7 +64,7 @@ resource "aws_kms_alias" "alias" {
 resource "aws_db_subnet_group" "db_subnet" {
   count      = var.replicate_source_db != "" ? 0 : 1
   name       = local.identifier
-  subnet_ids = [data.aws_subnet_ids.private]
+  subnet_ids = data.aws_subnet_ids.private.ids
 
   tags = {
     business-unit          = var.business-unit