Skip to content

dare-global/terraform-aws-rds-aurora

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

terraform-aws-rds-aurora

Terraform module for provisioning an Amazon RDS Aurora resources.

Usage

module "rds_aurora_postgres" {
  source  = "dare-global/rds-aurora/aws"
  version = "1.X.X"

  name_prefix = "aurora-postgres-example-name"

  instance_class = "db.t4g.medium"
  replica_count  = "2"

  engine                  = "aurora-postgresql"
  engine_version          = "16.2"
  engine_parameter_family = "aurora-postgresql16"

  master_username = "MasterUserName"
  master_password = "MasterPassword123456"

  vpc_id     = data.aws_vpc.default.id
  subnet_ids = data.aws_subnets.all.ids

  apply_immediately   = true
  skip_final_snapshot = true

  monitoring_interval = 60

  deletion_protection = false
}

Examples

Requirements

Name Version
terraform >= 1.3
aws >= 4.30
random >= 2.4

Providers

Name Version
aws >= 4.30
random >= 2.4

Modules

No modules.

Resources

Name Type
aws_db_parameter_group.main resource
aws_db_subnet_group.main resource
aws_iam_role.rds_enhanced_monitoring resource
aws_iam_role_policy_attachment.rds_enhanced_monitoring resource
aws_rds_cluster.main resource
aws_rds_cluster_endpoint.main resource
aws_rds_cluster_instance.main resource
aws_rds_cluster_parameter_group.main resource
aws_rds_cluster_role_association.main resource
aws_security_group.main resource
aws_security_group_rule.default_egress resource
aws_security_group_rule.ingress resource
random_password.db_master_pass resource
aws_iam_policy_document.monitoring_rds_assume_role data source
aws_partition.current data source

Inputs

Name Description Type Default Required
allocated_storage The allocated storage in gibibytes. If max_allocated_storage is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. number null no
allow_major_version_upgrade Enable to allow major engine version upgrades when changing engine versions bool false no
apply_immediately Determines whether or not any DB modifications are applied immediately, or during the maintenance window bool false no
auto_minor_version_upgrade Determines whether minor engine upgrades will be performed automatically in the maintenance window bool true no
backup_retention_period Days to retain backups. Defaults to 7 number 7 no
ca_cert_identifier The identifier of the CA certificate for the DB instance string null no
cidr_blocks main cidr blocks for ingress list(string) [] no
cluster_instance_tags Additional tags for the cluster instance map(string) {} no
cluster_members List of RDS Instances that are a part of this cluster list(string) null no
cluster_name_prefix_enabled Whether to use name as a prefix for the cluster bool false no
cluster_parameters A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other list(map(string)) [] no
cluster_tags Additional tags for the cluster map(string) {} no
cluster_timeouts Create, update, and delete timeout configurations for the cluster map(string) {} no
copy_tags_to_snapshot Copy all Cluster tags to snapshots bool null no
create_parameter_group Whether to create parameter groups for RDS cluster and RDS instances bool true no
create_security_group Whether to create security group for RDS cluster bool true no
database_name Identifier for database string "main" no
db_cluster_parameter_group_name The name of a DB Cluster parameter group to use string null no
db_parameter_group_name The name of a DB parameter group to use string null no
db_subnet_group_name The existing subnet group name to use string null no
deletion_protection If the DB instance should have deletion protection enabled. Defaults to true. bool true no
enable_global_write_forwarding Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster's primary cluster bool null no
enable_http_endpoint Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless bool null no
enabled_cloudwatch_logs_exports List of object which define log types to export to AWS Cloudwatch. See in examples. list(any) [] no
endpoints Map of additional cluster endpoints and their attributes to be created any {} no
engine The name of the database engine to be used for this DB cluster.
Defaults to aurora-postgresql. Valid Values: aurora, aurora-mysql, aurora-postgresql, mysql, postgres. (
Note that mysql and postgres are Multi-AZ RDS clusters).
string "aurora-postgresql" no
engine_mode The database engine mode. Valid values: global, parallelquery, provisioned, serverless. string "provisioned" no
engine_parameter_family The database engine paramater group family string "postgres14" no
engine_version Database engine version. string n/a yes
final_snapshot_identifier The name of your final DB snapshot when this DB instance is deleted. Must be provided if skip_final_snapshot is set to false. bool null no
iam_database_authentication_enabled Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported. bool true no
iam_role_description Description to apply to IAM role. Optional string null no
iam_role_force_detach_policies Whether to force detaching any policies the monitoring role has before destroying it bool null no
iam_role_managed_policy_arns ARNs of managed policies for enhanced monitoring IAM user list(string) null no
iam_role_max_session_duration Maximum session duration (in seconds) that you want to set for the monitoring role number null no
iam_role_path Path for the monitoring role string null no
iam_role_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the monitoring role string null no
iam_roles Map of IAM roles and supported feature names to associate with the cluster map(map(string)) {} no
instance_class Instance class of DB e.g. db.t4g.medium. Defaults to serverless. string "db.t4g.medium" no
instance_timeouts Create, update, and delete timeout configurations for the cluster instance(s) map(string) {} no
instances_parameters Individual settings for instances. any [] no
iops The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. For information about valid Iops values, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS to improve performance in the Amazon RDS User Guide. (This setting is required to create a Multi-AZ DB cluster). Must be a multiple between .5 and 50 of the storage amount for the DB cluster. number null no
kms_key_id The ARN for the KMS encryption key. string null no
master_password Password for db admin/master user. Defaults to a random cryptographically secure password. string "" no
master_username Username for db admin/master user. Defaults to 'postgres' string "postgres" no
monitoring_interval The interval (seconds) between points when Enhanced Monitoring metrics are collected. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. number 0 no
monitoring_role_arn IAM role used by RDS to send enhanced monitoring metrics to CloudWatch string "" no
monitoring_role_enabled Determines whether to create the IAM role for RDS enhanced monitoring bool true no
name_prefix Name to prefix provisioned resources. string n/a yes
network_type The network type of the cluster. Valid values: IPV4, DUAL string null no
parameters A list of parameter objects
list(object({
name = string
value = string
}))
[] no
performance_insights_enabled Whether to enable RDS performance insights. Defaults to true bool null no
performance_insights_kms_key_id KMS key for performance insights string null no
performance_insights_retention_period Number of days to retain performance insights information. Defaults to 7 number null no
port Port of the RDS instance. Defaults to 5432 number 5432 no
preferred_backup_window The daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTC string "02:00-03:00" no
preferred_maintenance_window The weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30 string null no
publicly_accessible Whether the DB should have a public IP address bool null no
replica_count Number of reader nodes to create. number 1 no
replication_source_identifier ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica string null no
restore_to_point_in_time Restore to point in time configuration. See docs for arguments https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#restore_to_point_in_time-argument-reference map(string) {} no
revoke_rules_on_delete Instruct Terraform to revoke all of the Security Groups attached
ingress and egress rules before deleting the rule itself.
Defaults to true
bool true no
s3_import Restore from a Percona XtraBackup stored in S3 bucket. Only Aurora MySQL is supported. map(string) {} no
scaling_configuration Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless map(string) {} no
security_group_tags Additional tags for the security group map(string) {} no
serverlessv2_scaling_configuration Map of nested attributes with serverless v2 scaling properties. Only valid when engine_mode is set to provisioned map(string) {} no
skip_final_snapshot Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created bool null no
snapshot_identifier Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot string null no
source_region The source region for an encrypted replica DB cluster string null no
storage_encrypted Specifies whether the underlying storage layer should be encrypted bool true no
storage_type Specifies the storage type to be associated with the DB cluster. Defaults to io1 string null no
subnet_ids A list of VPC subnet IDs. list(string) n/a yes
tags A map of tags to add to all resources map(string) {} no
vpc_id VPC ID for instance string n/a yes
vpc_security_group_ids List of VPC security groups to associate to the cluster in addition to the SG we create in this module list(string) [] no

Outputs

Name Description
additional_cluster_endpoints A map of additional cluster endpoints and their attributes
cluster_arn Amazon Resource Name (ARN) of cluster
cluster_database_name Name for an automatically created database on cluster creation
cluster_endpoint Writer endpoint for the cluster
cluster_hosted_zone_id The Route53 Hosted Zone ID of the endpoint
cluster_id The RDS Cluster Identifier
cluster_instances A map of cluster instances and their attributes
cluster_master_password The database master password
cluster_master_username The database master username
cluster_members List of RDS Instances that are a part of this cluster
cluster_port The database port
cluster_reader_endpoint Reader endpoint for the cluster
cluster_resource_id The RDS Cluster Resource ID
cluster_role_associations A map of IAM roles associated with the cluster and their attributes
db_cluster_parameter_group_arn The ARN of the DB cluster parameter group created
db_cluster_parameter_group_id The ID of the DB cluster parameter group created
db_parameter_group_arn The ARN of the DB parameter group created
db_parameter_group_id The ID of the DB parameter group created
db_subnet_group_arn The db subnet group ARN.
db_subnet_group_id The db subnet group name.
enhanced_monitoring_iam_role_arn The Amazon Resource Name (ARN) specifying the enhanced monitoring role
enhanced_monitoring_iam_role_name The name of the enhanced monitoring role
enhanced_monitoring_iam_role_unique_id Stable and unique string identifying the enhanced monitoring role
security_group_id The security group ID of the cluster

License

See LICENSE file for full details.

Maintainers

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog