GH-97: Enable database backups on production

cloud/schemes/cloud-sql/main.tf

@@ -12,6 +12,17 @@ resource "google_sql_database_instance" "main" {
     tier                  = "db-f1-micro"
     connector_enforcement = "REQUIRED"
 
+    backup_configuration {
+      enabled                        = var.database_backups
+      point_in_time_recovery_enabled = var.database_backups
+      start_time                     = "21:00"
+      transaction_log_retention_days = 7
+
+      backup_retention_settings {
+        retained_backups = 30
+      }
+    }
+
     ip_configuration {
       ipv4_enabled = true
       require_ssl  = true

cloud/schemes/cloud-sql/variables.tf

@@ -7,3 +7,8 @@ variable "region" {
   description = "GCP region"
   type        = string
 }
+
+variable "database_backups" {
+  description = "Whether to enable database backups"
+  type        = bool
+}

cloud/schemes/main.tf

@@ -19,16 +19,19 @@ locals {
       schemes_database = "test"
       keep_idle        = false
       basic_auth       = true
+      database_backups = false
     }
     test = {
       schemes_database = "test"
       keep_idle        = false
       basic_auth       = true
+      database_backups = false
     }
     prod = {
       schemes_database = "prod"
       keep_idle        = true
       basic_auth       = false
+      database_backups = true
     }
   }
 }
@@ -48,9 +51,10 @@ module "secret_manager" {
 }
 
 module "cloud_sql" {
-  source  = "./cloud-sql"
-  project = local.project
-  region  = local.location
+  source           = "./cloud-sql"
+  project          = local.project
+  region           = local.location
+  database_backups = local.config[local.env].database_backups
 
   depends_on = [
     module.secret_manager