chore(terraform): add valkey and rds for staging env (#5471)

infra/terraform/cloudwatch.tf

@@ -96,7 +96,7 @@ locals {
       metric_name         = "CPUUtilization"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     RDS_FreeStorageSpace = {
@@ -110,7 +110,7 @@ locals {
       metric_name         = "FreeStorageSpace"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     RDS_FreeableMemory = {
@@ -124,7 +124,7 @@ locals {
       metric_name         = "FreeableMemory"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     RDS_DiskQueueDepth = {
@@ -138,7 +138,7 @@ locals {
       metric_name         = "DiskQueueDepth"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     RDS_ReadIOPS = {
@@ -152,7 +152,7 @@ locals {
       metric_name         = "ReadIOPS"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     RDS_WriteIOPS = {
@@ -166,7 +166,7 @@ locals {
       metric_name         = "WriteIOPS"
       statistic           = "Average"
       dimensions = {
-        DBInstanceIdentifier = module.rds-aurora.cluster_instances["one"].id
+        DBInstanceIdentifier = module.rds-aurora["prod"].cluster_instances["one"].id
       }
     }
     SQS_ApproximateAgeOfOldestMessage = {

infra/terraform/elasticache.tf

@@ -5,13 +5,15 @@ locals {
   valkey_major_version = 8
 }
 
-resource "random_password" "valkey" {
-  length  = 20
-  special = false
+moved {
+  from = random_password.valkey
+  to   = random_password.valkey["prod"]
 }
-resource "random_password" "valkey_default_user" {
-  length  = 20
-  special = false
+
+resource "random_password" "valkey" {
+  for_each = local.envs
+  length   = 20
+  special  = false
 }
 
 module "valkey_sg" {
@@ -28,40 +30,24 @@ module "valkey_sg" {
   tags = local.tags
 }
 
-module "elasticache_user_group" {
-  source  = "terraform-aws-modules/elasticache/aws//modules/user-group"
-  version = "1.4.1"
-
-  user_group_id       = "${local.name}-valkey"
-  create_default_user = false
-  default_user = {
-    user_id   = "formbricks-default"
-    passwords = [random_password.valkey_default_user.result]
-  }
-  users = {
-    formbricks = {
-      access_string = "on ~* +@all"
-      passwords     = [random_password.valkey.result]
-    }
-  }
-  engine = "redis"
-  tags = merge(local.tags, {
-    terraform-aws-modules = "elasticache"
-  })
+moved {
+  from = module.valkey
+  to   = module.valkey["prod"]
 }
 
 module "valkey" {
-  source  = "terraform-aws-modules/elasticache/aws"
-  version = "1.4.1"
+  for_each = local.envs
+  source   = "terraform-aws-modules/elasticache/aws"
+  version  = "1.4.1"
 
-  replication_group_id = "${local.name}-valkey"
+  replication_group_id = "${each.value}-valkey"
 
   engine         = "valkey"
   engine_version = "8.0"
   node_type      = "cache.m7g.large"
 
   transit_encryption_enabled = true
-  auth_token                 = random_password.valkey.result
+  auth_token                 = random_password.valkey[each.key].result
   maintenance_window         = "sun:05:00-sun:09:00"
   apply_immediately          = true
 
@@ -85,15 +71,15 @@ module "valkey" {
   }
 
   # Subnet Group
-  subnet_group_name        = "${local.name}-valkey"
-  subnet_group_description = "${title(local.name)} subnet group"
+  subnet_group_name        = "${each.value}-valkey"
+  subnet_group_description = "${title(each.value)} subnet group"
   subnet_ids               = module.vpc.database_subnets
 
   # Parameter Group
   create_parameter_group      = true
-  parameter_group_name        = "${local.name}-valkey-${local.valkey_major_version}"
+  parameter_group_name        = "${each.value}-valkey-${local.valkey_major_version}"
   parameter_group_family      = "valkey8"
-  parameter_group_description = "${title(local.name)} parameter group"
+  parameter_group_description = "${title(each.value)} parameter group"
   parameters = [
     {
       name  = "latency-tracking"
@@ -101,20 +87,5 @@ module "valkey" {
     }
   ]
 
-  tags = local.tags
-}
-
-module "valkey_serverless" {
-  source  = "terraform-aws-modules/elasticache/aws//modules/serverless-cache"
-  version = "1.4.1"
-
-  engine               = "valkey"
-  cache_name           = "${local.name}-valkey-serverless"
-  major_engine_version = 8
-  subnet_ids           = module.vpc.database_subnets
-
-  security_group_ids = [
-    module.valkey_sg.security_group_id
-  ]
-  user_group_id = module.elasticache_user_group.group_id
+  tags = local.tags_map[each.key]
 }

infra/terraform/main.tf

@@ -2,14 +2,32 @@ locals {
   project     = "formbricks"
   environment = "prod"
   name        = "${local.project}-${local.environment}"
-  vpc_cidr    = "10.0.0.0/16"
-  azs         = slice(data.aws_availability_zones.available.names, 0, 3)
+  envs = {
+    prod  = "${local.project}-prod"
+    stage = "${local.project}-stage"
+  }
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
   tags = {
     Project     = local.project
     Environment = local.environment
     MangedBy    = "Terraform"
     Blueprint   = local.name
   }
+  tags_map = {
+    prod = {
+      Project     = local.project
+      Environment = "prod"
+      MangedBy    = "Terraform"
+      Blueprint   = "${local.project}-prod"
+    }
+    stage = {
+      Project     = local.project
+      Environment = "stage"
+      MangedBy    = "Terraform"
+      Blueprint   = "${local.project}-stage"
+    }
+  }
   domain                 = "k8s.formbricks.com"
   karpetner_helm_version = "1.3.1"
   karpenter_namespace    = "karpenter"

infra/terraform/rds.tf

@@ -6,22 +6,34 @@ data "aws_rds_engine_version" "postgresql" {
   version = "16.4"
 }
 
+moved {
+  from = random_password.postgres
+  to   = random_password.postgres["prod"]
+}
+
 resource "random_password" "postgres" {
-  length  = 20
-  special = false
+  for_each = local.envs
+  length   = 20
+  special  = false
+}
+
+moved {
+  from = module.rds-aurora
+  to   = module.rds-aurora["prod"]
 }
 
 module "rds-aurora" {
-  source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "9.12.0"
+  for_each = local.envs
+  source   = "terraform-aws-modules/rds-aurora/aws"
+  version  = "9.12.0"
 
-  name                              = "${local.name}-postgres"
+  name                              = "${each.value}-postgres"
   engine                            = data.aws_rds_engine_version.postgresql.engine
   engine_mode                       = "provisioned"
   engine_version                    = data.aws_rds_engine_version.postgresql.version
   storage_encrypted                 = true
   master_username                   = "formbricks"
-  master_password                   = random_password.postgres.result
+  master_password                   = random_password.postgres[each.key].result
   manage_master_user_password       = false
   create_db_cluster_parameter_group = true
   db_cluster_parameter_group_family = data.aws_rds_engine_version.postgresql.parameter_group_family
@@ -63,6 +75,6 @@ module "rds-aurora" {
     one = {}
   }
 
-  tags = local.tags
+  tags = local.tags_map[each.key]
 
 }

infra/terraform/secrets.tf

@@ -1,25 +1,24 @@
 # Create the first AWS Secrets Manager secret for environment variables
-resource "aws_secretsmanager_secret" "formbricks_app_secrets" {
-  name = "prod/formbricks/secrets"
+moved {
+  from = aws_secretsmanager_secret.formbricks_app_secrets
+  to   = aws_secretsmanager_secret.formbricks_app_secrets["prod"]
 }
 
-resource "aws_secretsmanager_secret" "formbricks_app_secrets_temp" {
-  name = "prod/formbricks/secrets_temp"
+resource "aws_secretsmanager_secret" "formbricks_app_secrets" {
+  for_each = local.envs
+  name = "${each.key}/formbricks/secrets"
+}
+
+moved {
+  from = aws_secretsmanager_secret_version.formbricks_app_secrets
+  to   = aws_secretsmanager_secret_version.formbricks_app_secrets["prod"]
 }
 
 resource "aws_secretsmanager_secret_version" "formbricks_app_secrets" {
-  secret_id = aws_secretsmanager_secret.formbricks_app_secrets.id
+  for_each = local.envs
+  secret_id = aws_secretsmanager_secret.formbricks_app_secrets[each.key].id
   secret_string = jsonencode({
-    #    DATABASE_URL = "postgres://formbricks:${random_password.postgres.result}@${module.rds-aurora.cluster_endpoint}/formbricks"
-    REDIS_URL = "rediss://:${random_password.valkey.result}@${module.valkey.replication_group_primary_endpoint_address}:6379"
-    #    REDIS_URL = "rediss://formbricks:${random_password.valkey.result}@${module.valkey_serverless.serverless_cache_endpoint[0].address}:6379"
+    REDIS_URL = "rediss://:${random_password.valkey[each.key].result}@${module.valkey[each.key].replication_group_primary_endpoint_address}:6379"
   })
 }
 
-resource "aws_secretsmanager_secret_version" "formbricks_app_secrets_temp" {
-  secret_id = aws_secretsmanager_secret.formbricks_app_secrets_temp.id
-  secret_string = jsonencode({
-    DATABASE_URL = "postgres://formbricks:${random_password.postgres.result}@${module.rds-aurora.cluster_endpoint}/formbricks"
-    #    REDIS_URL    = "rediss://formbricks:${random_password.valkey.result}@${module.valkey_serverless.serverless_cache_endpoint[0].address}:6379"
-  })
-}