From 8093ed62878dd2cbc00be8bd61f354ba86d43092 Mon Sep 17 00:00:00 2001
From: Tomasz Magulski <tomasz.magulski@gmail.com>
Date: Sat, 15 Nov 2025 16:24:03 +0100
Subject: [PATCH] Zmiana zawiera 3 uaktualnienia:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* instancja AWS RDS otrzymała PostgreSQL minor upgrade z 13.18 do 13.20
* komenda ssh zamiast być zahadrkodowana, jest interpolowana jako terraform output
* usuwam ze stanu terraformowego access keys administratorów (sam musiałem swój klucz przerotować
  - zrobiłem to ręcznie, a jednocześnie nie ma powodu by jeden administrator miał dostęp
  do credentiali innych administratorów)
---
 admin/main.tf    | 4 ----
 database/main.tf | 4 ----
 db.tf            | 2 +-
 outputs.tf       | 7 +++++++
 4 files changed, 8 insertions(+), 9 deletions(-)
 create mode 100644 outputs.tf

diff --git a/admin/main.tf b/admin/main.tf
index cf29903..1ee8cef 100644
--- a/admin/main.tf
+++ b/admin/main.tf
@@ -9,10 +9,6 @@ resource "aws_iam_user" "user" {
   name = var.name
 }
 
-resource "aws_iam_access_key" "access_key" {
-  user = aws_iam_user.user.name
-}
-
 resource "aws_iam_user_policy_attachment" "policy_attachment" {
   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
   user       = aws_iam_user.user.name
diff --git a/database/main.tf b/database/main.tf
index 78160f2..98e8cf8 100644
--- a/database/main.tf
+++ b/database/main.tf
@@ -4,10 +4,6 @@ variable "name" {
 
 variable "db_instance" {}
 
-
-// https://github.com/hashicorp/terraform/issues/8367
-// before running terraform create a ssh tunel
-// ssh ubuntu@bastion.codeforpoznan.pl -L 15432:main-postgres.ct6cadodkpjm.eu-west-1.rds.amazonaws.com:5432
 provider "postgresql" {
   host            = "127.0.0.1" // var.db_instance.address
   port            = "15432"     // var.db_instance.port
diff --git a/db.tf b/db.tf
index 91dc576..cfaa144 100644
--- a/db.tf
+++ b/db.tf
@@ -16,7 +16,7 @@ resource "aws_db_instance" "db" {
   identifier = "main-postgres"
 
   engine         = "postgres"
-  engine_version = "13.18"
+  engine_version = "13.20"
 
   instance_class    = "db.t3.micro"
   allocated_storage = 8
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..87e9b94
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,7 @@
+output "ssh_tunnel" {
+  value       = "ubuntu@${aws_route53_record.bastion.name} -L 15432:${aws_db_instance.db.address}:${aws_db_instance.db.port}"
+  description = <<-DESCRIPTION
+    https://github.com/hashicorp/terraform/issues/8367
+    before running terraform create a ssh tunel
+  DESCRIPTION
+}