docs: Simplify terraform configuration, remove grafana_password

Author: bogdan-ts

terraform/aws/QUICKSTART.md

@@ -19,7 +19,7 @@ cd terraform/aws
 
 # Configure
 cp terraform.tfvars.example terraform.tfvars
-vim terraform.tfvars  # Set ssh_key_name and grafana_password
+vim terraform.tfvars  # Set ssh_key_name 
 
 # Validate
 ./validate.sh
@@ -39,7 +39,7 @@ terraform output ssh_command
 ```bash
 # Grafana dashboard
 open $(terraform output -raw grafana_url)
-# Login: monitor / <your grafana_password>
+# Login: monitor / demo (or your custom password)
 
 # SSH
 ssh -i ~/.ssh/postgres-ai-key.pem ubuntu@$(terraform output -raw public_ip)

terraform/aws/README.md

@@ -25,20 +25,37 @@ See [QUICKSTART.md](QUICKSTART.md) for step-by-step guide.
 
 ```hcl
 # terraform.tfvars
-ssh_key_name     = "postgres-ai-key"
-grafana_password = "SecurePassword123!"
+ssh_key_name = "postgres-ai-key"
+
+# Optional: Set custom Grafana password (defaults to 'demo')
+# grafana_password = "YourSecurePassword123!"
 ```
 
 ### Minimal production setup
 
 ```hcl
+# terraform.tfvars
+
+# REQUIRED PARAMETERS
+ssh_key_name = "your-key-name"
+
+# AWS SETTINGS
 aws_region = "us-east-1"
 environment = "production"
-grafana_password = "SecurePassword123!"
+instance_type = "t3.medium"
+
+# STORAGE
+data_volume_size = 50 # GiB
 
-# Optional: API key for uploading reports to PostgresAI
-# Get it from: https://console.postgres.ai → Your Org → Manage → Access Tokens
-postgres_ai_api_key = "your-api-key-here"
+# SECURITY (restrict access!)
+allowed_ssh_cidr = ["0.0.0.0/0"] # WARNING: Allows access from anywhere
+allowed_cidr_blocks = ["0.0.0.0/0"] # WARNING: Allows access from anywhere
+
+# OPTIONAL PARAMETERS
+# grafana_password = "YourSecurePassword123!" # Defaults to 'demo'
+# postgres_ai_api_key = "your-api-key" # For uploading reports
+# enable_demo_db = false # true for testing
+# use_elastic_ip = true # Stable IP address
 
 monitoring_instances = [
   {
@@ -57,20 +74,20 @@ monitoring_instances = [
 # AWS
 aws_region = "us-east-1"
 environment = "production"
-instance_type = "t3.large"
+instance_type = "t3.medium"
 
 # Storage
-data_volume_size = 100
+data_volume_size = 50
 
 # Security (restrict access in production)
 allowed_ssh_cidr = ["203.0.113.0/24"]
 allowed_cidr_blocks = ["203.0.113.0/24"]
 
 # Required
-ssh_key_name = "postgres-ai-key"
-grafana_password = "SecurePassword123!"
+ssh_key_name = "ssh-key"
 
 # Optional
+grafana_password = "SecurePassword123!" # Defaults to 'demo'
 postgres_ai_api_key = "your-api-key"
 enable_demo_db = false
 use_elastic_ip = true

terraform/aws/terraform.tfvars.example

@@ -7,9 +7,6 @@
 # SSH key for EC2 access (create in AWS Console or CLI)
 ssh_key_name = "your-key-name"
 
-# Grafana password (minimum 8 characters)
-grafana_password = "YourSecurePassword123!"
-
 
 # AWS SETTINGS
 # -------------------------
@@ -80,6 +77,9 @@ monitoring_instances = [
 # If not set, reports will be generated locally without upload
 # postgres_ai_api_key = "your-api-key-here"
 
+# Grafana admin password (defaults to 'demo')
+# grafana_password = "YourSecurePassword123!"
+
 # Enable demo database (for testing)
 # enable_demo_db = false
 

terraform/aws/user_data.sh

@@ -74,6 +74,11 @@ grafana_password=${grafana_password}
 %{ if enable_demo_db }demo_mode=true%{ else }demo_mode=false%{ endif }
 EOF
 
+# Create .env file for docker-compose
+cat > .env <<ENV_EOF
+GRAFANA_PASSWORD=${grafana_password}
+ENV_EOF
+
 # Configure monitoring instances
 %{ if length(monitoring_instances) > 0 }
 cat > instances.yml <<'INSTANCES_EOF'
@@ -135,6 +140,11 @@ systemctl start postgres-ai
 # Wait for services to be healthy
 sleep 30
 
+# Reset Grafana admin password to match terraform config
+echo "Setting Grafana admin password..."
+cd /home/postgres_ai/postgres_ai
+docker exec grafana-with-datasources grafana-cli admin reset-admin-password "${grafana_password}" 2>/dev/null || true
+
 echo "Installation complete!"
 echo "Access Grafana at: http://$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4):3000"
 echo "Username: monitor"

terraform/aws/variables.tf

@@ -46,8 +46,9 @@ variable "use_elastic_ip" {
 }
 
 variable "grafana_password" {
-  description = "Grafana admin password"
+  description = "Grafana admin password (optional, defaults to 'demo')"
   type        = string
+  default     = "demo"
   sensitive   = true
 }