Skip to content

Latest commit

 

History

History
154 lines (126 loc) · 14.4 KB

README.md

File metadata and controls

154 lines (126 loc) · 14.4 KB

Amazon DocumentDB (with MongoDB Compatibility)

Terraform module to provision an instance based cluster, Amazon DocumentDB (with MongoDB Compatibility).

An instance based cluster can scale the databases to millions of reads per second and up to 128 TiB of storage capacity.

Table of Contents:

Important Notes

  • The cluster admin user name (cluster_master_username input variable) must be from 1 to 63 letters or numbers. The first character must be a letter and cannot be a reserved word.

  • The cluster master password (cluster_master_password input variable) be at least eight characters long and cannot contain a / (slash), " (double quote) or @ (at symbol). If not value is set for the password, a random password will be generated. Optionally you can store the provided/generated password in AWS SSM Parameter Store (save_cluster_master_password_ssm_params=true) and/or AWS Secrets (save_cluster_master_password_aws_secrets); the password will be available at /documentdb/<CLUSTER_NAME>/CLUSTER_MASTER_PASSWORD key.

  • All resources with tags support, will be tagged with the following tags as default:

    • Terraform: indicates the resources is managed by Terraform. Value true.
    • TerraformWorkspace: indicates the current Terraform's workspace. If no worksapce is used, the value is default.
    • Environment: indicates the name of the environment to which the resource belongs. The value is taken from the environment input variable.

    Additional tags can be defined by setting the tags input variable, e.g.:

    tags = {
      Project = "MyProject"
      TerraformModule = "documentdb_cluster"
    }

Cluster Access

This module attach a Security Group to the DocumentDB only allowing traffic within the Security Group itself. To allow others Security Group to access to the cluster, set the cluster_allowed_security_groups_id input parameter.

Amazon DocumentDB Quotas and Limits

For the resource quotas, limits, and naming constraints for Amazon DocumentDB (with MongoDB compatibility) see Amazon DocumentDB Quotas and Limits.

Usage

module "documentdb_cluster" {
  source = "../"

  environment                              = "testing"
  cluster_name                             = "mydocumentdb1245"
  cluster_size                             = 3
  cluster_engine_version                   = "5.0.0"
  cluster_instance_class                   = "db.t4g.medium"
  cluster_vpc_id                           = "vpc-xxx"
  cluster_subnets_id                       = ["subnet-abc", "subnet-cdf", "subnet-ghi"]
  cluster_master_username                  = "docadmin"
  deletion_protection                      = true
  save_cluster_master_password_ssm_params  = true

  tags = {
    Project         = "MyProject"
    TerraformModule = "documentdb_cluster"
  }
}

Requirements

Name Version
terraform >=1.5
aws >=5.42.0
random >=3.6.0

Providers

Name Version
aws 5.42.0
random 3.6.0

Modules

No modules.

Resources

Name Type
aws_docdb_cluster.this resource
aws_docdb_cluster_instance.this resource
aws_docdb_cluster_parameter_group.custom resource
aws_docdb_subnet_group.default resource
aws_secretsmanager_secret.cluster_master_password resource
aws_secretsmanager_secret_version.cluster_master_password resource
aws_security_group.docdb resource
aws_security_group_rule.docdb_egress resource
aws_security_group_rule.docdb_ingress resource
aws_security_group_rule.docdb_self_ingress resource
aws_ssm_parameter.cluster_master_password resource
random_password.password resource

Inputs

Name Description Type Default Required
apply_immediately Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. bool false no
ca_cert_identifier The identifier of the CA certificate for the DocumentDB instance, string null no
cluster_allowed_security_groups_id A list with the allowed Security Groups ID to access to the DocumentDB Cluster. list(string) [] no
cluster_at_rest_encryption Whether to enable encryption of data stored on disk. bool true no
cluster_backup_retention_period The days to retain backups for. number 35 no
cluster_custom_parameters A map of string with the custom parameters for this DocumentDB Cluster. map(string) {} no
cluster_db_port The port on which the DB accepts connections. number 27017 no
cluster_engine_version The database engine version. To see the available versions issue:
aws docdb describe-db-engine-versions --engine docdb --query 'DBEngineVersions[*].EngineVersion' --output text
string "5.0.0" no
cluster_instance_class The DocumentDB instance class. For a list of the supported instances, see:
https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs
string "db.t4g.medium" no
cluster_master_password Password for the master DB user.
Password must be at least eight characters long and cannot contain a / (slash), " (double quote) or @ (at symbol).
Don't set when snapshot_identifier is provided. If no value is set, a random password will be generated.
string "" no
cluster_master_username Username for the master DB user. Required unless a snapshot_identifier is provided. string "admin" no
cluster_name A unique name for this DocumentDB Cluster. string n/a yes
cluster_preferred_backup_window The daily time range during which automated backups are created if automated backups are enabled.
The format is hh24:mi-hh24:mi (24H Clock UTC).
string "02:00-02:30" no
cluster_preferred_maintenance_window Specifies the weekly time range for when maintenance on the DocumentDB Cluster is performed.
The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period.
string "wed:04:00-wed:05:30" no
cluster_size Set he number of instances to be deployed in this DocumentDB Cluster.
A cluster can have up to sixteen instances (one primary and up to 15 replicas).
number 3 no
cluster_storage_type The storage type to associate with the DB cluster. string "standard" no
cluster_subnet_group_name The subnet group name for the DocumentDB Cluster. This input variable is ignored when cluster_subnets_id is set. string "" no
cluster_subnets_id A list with the subnets ID to add to the Cluster Subnet Group. By setting this input variable, the cluster_subnet_group_name
will be ignored and a new subnet group with the given subnets will be created and used by the DocumentDB Cluster.
Subnet groups must contain at least two subnets in two different Availability Zones in the same region.
list(string) [] no
cluster_vpc_id The VPC ID where the cluster will be provisioned. string n/a yes
deletion_protection Whether the DocumentDB Cluster has deletion protection enabled. bool false no
enable_performance_insights Whether to enable Performance Insights for the DocumentDB Instance. bool false no
enabled_cloudwatch_logs_exports List of log types to export to Amazon CloudWatch. The following log types are supported: audit, profiler.
To enable auditing, ensure that both exporting auditing logs to Amazon CloudWatch is enabled and
the Cluster Parameter "Auditing" is enabled.
list(string) [] no
environment The environment name, e.g: testing. string n/a yes
save_cluster_master_password_aws_secrets Whether or no save the cluster master password in AWS Secrets.
The password is stored in a secret called /documentdb/<CLUSTER_NAME>/CLUSTER_MASTER_PASSWORD.
bool false no
save_cluster_master_password_ssm_params Whether or no save the cluster master password in AWS SSM Parameter Store.
The password is stored as secure string in /documentdb/<CLUSTER_NAME>/CLUSTER_MASTER_PASSWORD.
bool false no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB cluster is deleted. bool false no
snapshot_identifier Specifies whether or not to create this cluster from a snapshot.
You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.
Automated snapshots should not be used for this attribute, unless from a different cluster.
Automated snapshots are deleted as part of cluster destruction when the resource is replaced.
string "" no
tags Tags added to all supported resources. map(any) {} no

Outputs

Name Description
arn Amazon Resource Name (ARN) of the cluster.
cluster_name Cluster Identifier
endpoint Endpoint of the DocumentDB cluster.
master_password Password for the master DB user.
master_username Username for the master DB user.
reader_endpoint A read-only endpoint of the DocumentDB cluster, automatically load-balanced across replicas.
security_group_arn ARN of the DocumentDB cluster Security Group.
security_group_id ID of the DocumentDB cluster Security Group.
security_group_name Name of the DocumentDB cluster Security Group.