feat(phase-2): workstream 8 — Multi-Region Terraform Deployment

AWS environment: - VPC (3-AZ, public + private subnets, NAT gateways, VPC endpoints for ECR/SM/CW) - ECS Fargate service (sentryagent/agentidp) — secrets from Secrets Manager - RDS PostgreSQL 14 (Multi-AZ, encrypted, VPC-internal, storage autoscaling) - ElastiCache Redis 7 (primary + replica, at-rest + in-transit encryption) - ALB with HTTPS/443, HTTP→HTTPS redirect, ACM certificate - Route 53 alias record GCP environment: - VPC + private services access + Serverless VPC connector - Cloud Run service — secrets from Secret Manager - Cloud SQL PostgreSQL 14 (private IP, no public endpoint) - Cloud Memorystore Redis 7 (VPC-internal, AUTH enabled) Shared: - 4 reusable modules: agentidp (dual AWS/GCP), rds, redis, lb - No hardcoded secrets; all sensitive vars marked sensitive=true - terraform.tfvars.example for both environments - docs/devops/deployment.md — AWS + GCP step-by-step walkthrough, rollback procedures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-29 06:25:14 +00:00
parent a504964e5f
commit 6913d62648
22 changed files with 4138 additions and 8 deletions
--- a/terraform/modules/rds/outputs.tf
+++ b/terraform/modules/rds/outputs.tf
@@ -0,0 +1,44 @@
+################################################################################
+# Module: rds
+# Outputs
+################################################################################
+
+output "endpoint" {
+  description = "RDS instance endpoint hostname (without port). Use to construct DATABASE_URL."
+  value       = aws_db_instance.main.address
+}
+
+output "port" {
+  description = "Port the RDS instance listens on (always 5432)."
+  value       = aws_db_instance.main.port
+}
+
+output "db_name" {
+  description = "Name of the database created on the RDS instance."
+  value       = aws_db_instance.main.db_name
+}
+
+output "db_username" {
+  description = "Master username for the RDS instance."
+  value       = aws_db_instance.main.username
+}
+
+output "instance_id" {
+  description = "RDS instance identifier."
+  value       = aws_db_instance.main.identifier
+}
+
+output "instance_arn" {
+  description = "ARN of the RDS instance."
+  value       = aws_db_instance.main.arn
+}
+
+output "security_group_id" {
+  description = "Security group ID attached to the RDS instance. Use to add further ingress rules if needed."
+  value       = aws_security_group.rds.id
+}
+
+output "db_subnet_group_name" {
+  description = "Name of the DB subnet group."
+  value       = aws_db_subnet_group.main.name
+}