Terraform module for provisioning an Amazon RDS Aurora resources.
module "rds_aurora_postgres" {
source = "dare-global/rds-aurora/aws"
version = "1.X.X"
name_prefix = "aurora-postgres-example-name"
instance_class = "db.t4g.medium"
replica_count = "2"
engine = "aurora-postgresql"
engine_version = "16.2"
engine_parameter_family = "aurora-postgresql16"
master_username = "MasterUserName"
master_password = "MasterPassword123456"
vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnets.all.ids
apply_immediately = true
skip_final_snapshot = true
monitoring_interval = 60
deletion_protection = false
}
Name | Version |
---|---|
terraform | >= 1.3 |
aws | >= 4.30 |
random | >= 2.4 |
Name | Version |
---|---|
aws | >= 4.30 |
random | >= 2.4 |
No modules.
Name | Type |
---|---|
aws_db_parameter_group.main | resource |
aws_db_subnet_group.main | resource |
aws_iam_role.rds_enhanced_monitoring | resource |
aws_iam_role_policy_attachment.rds_enhanced_monitoring | resource |
aws_rds_cluster.main | resource |
aws_rds_cluster_endpoint.main | resource |
aws_rds_cluster_instance.main | resource |
aws_rds_cluster_parameter_group.main | resource |
aws_rds_cluster_role_association.main | resource |
aws_security_group.main | resource |
aws_security_group_rule.default_egress | resource |
aws_security_group_rule.ingress | resource |
random_password.db_master_pass | resource |
aws_iam_policy_document.monitoring_rds_assume_role | data source |
aws_partition.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allocated_storage | The allocated storage in gibibytes. If max_allocated_storage is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. | number |
null |
no |
allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions | bool |
false |
no |
apply_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | bool |
false |
no |
auto_minor_version_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | bool |
true |
no |
backup_retention_period | Days to retain backups. Defaults to 7 | number |
7 |
no |
ca_cert_identifier | The identifier of the CA certificate for the DB instance | string |
null |
no |
cidr_blocks | main cidr blocks for ingress | list(string) |
[] |
no |
cluster_instance_tags | Additional tags for the cluster instance | map(string) |
{} |
no |
cluster_members | List of RDS Instances that are a part of this cluster | list(string) |
null |
no |
cluster_name_prefix_enabled | Whether to use name as a prefix for the cluster |
bool |
false |
no |
cluster_parameters | A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other | list(map(string)) |
[] |
no |
cluster_tags | Additional tags for the cluster | map(string) |
{} |
no |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) |
{} |
no |
copy_tags_to_snapshot | Copy all Cluster tags to snapshots |
bool |
null |
no |
create_parameter_group | Whether to create parameter groups for RDS cluster and RDS instances | bool |
true |
no |
create_security_group | Whether to create security group for RDS cluster | bool |
true |
no |
database_name | Identifier for database | string |
"main" |
no |
db_cluster_parameter_group_name | The name of a DB Cluster parameter group to use | string |
null |
no |
db_parameter_group_name | The name of a DB parameter group to use | string |
null |
no |
db_subnet_group_name | The existing subnet group name to use | string |
null |
no |
deletion_protection | If the DB instance should have deletion protection enabled. Defaults to true. | bool |
true |
no |
enable_global_write_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster 's primary cluster |
bool |
null |
no |
enable_http_endpoint | Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless |
bool |
null |
no |
enabled_cloudwatch_logs_exports | List of object which define log types to export to AWS Cloudwatch. See in examples. | list(any) |
[] |
no |
endpoints | Map of additional cluster endpoints and their attributes to be created | any |
{} |
no |
engine | The name of the database engine to be used for this DB cluster. Defaults to aurora-postgresql. Valid Values: aurora, aurora-mysql, aurora-postgresql, mysql, postgres. ( Note that mysql and postgres are Multi-AZ RDS clusters). |
string |
"aurora-postgresql" |
no |
engine_mode | The database engine mode. Valid values: global, parallelquery, provisioned, serverless. | string |
"provisioned" |
no |
engine_parameter_family | The database engine paramater group family | string |
"postgres14" |
no |
engine_version | Database engine version. | string |
n/a | yes |
final_snapshot_identifier | The name of your final DB snapshot when this DB instance is deleted. Must be provided if skip_final_snapshot is set to false. | bool |
null |
no |
iam_database_authentication_enabled | Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported. | bool |
true |
no |
iam_role_description | Description to apply to IAM role. Optional | string |
null |
no |
iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool |
null |
no |
iam_role_managed_policy_arns | ARNs of managed policies for enhanced monitoring IAM user | list(string) |
null |
no |
iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number |
null |
no |
iam_role_path | Path for the monitoring role | string |
null |
no |
iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string |
null |
no |
iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) |
{} |
no |
instance_class | Instance class of DB e.g. db.t4g.medium. Defaults to serverless. | string |
"db.t4g.medium" |
no |
instance_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | map(string) |
{} |
no |
instances_parameters | Individual settings for instances. | any |
[] |
no |
iops | The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. For information about valid Iops values, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS to improve performance in the Amazon RDS User Guide. (This setting is required to create a Multi-AZ DB cluster). Must be a multiple between .5 and 50 of the storage amount for the DB cluster. | number |
null |
no |
kms_key_id | The ARN for the KMS encryption key. | string |
null |
no |
master_password | Password for db admin/master user. Defaults to a random cryptographically secure password. | string |
"" |
no |
master_username | Username for db admin/master user. Defaults to 'postgres' | string |
"postgres" |
no |
monitoring_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | number |
0 |
no |
monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string |
"" |
no |
monitoring_role_enabled | Determines whether to create the IAM role for RDS enhanced monitoring | bool |
true |
no |
name_prefix | Name to prefix provisioned resources. | string |
n/a | yes |
network_type | The network type of the cluster. Valid values: IPV4, DUAL | string |
null |
no |
parameters | A list of parameter objects | list(object({ |
[] |
no |
performance_insights_enabled | Whether to enable RDS performance insights. Defaults to true | bool |
null |
no |
performance_insights_kms_key_id | KMS key for performance insights | string |
null |
no |
performance_insights_retention_period | Number of days to retain performance insights information. Defaults to 7 | number |
null |
no |
port | Port of the RDS instance. Defaults to 5432 | number |
5432 |
no |
preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTC |
string |
"02:00-03:00" |
no |
preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30 | string |
null |
no |
publicly_accessible | Whether the DB should have a public IP address | bool |
null |
no |
replica_count | Number of reader nodes to create. | number |
1 |
no |
replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string |
null |
no |
restore_to_point_in_time | Restore to point in time configuration. See docs for arguments https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#restore_to_point_in_time-argument-reference | map(string) |
{} |
no |
revoke_rules_on_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Defaults to true |
bool |
true |
no |
s3_import | Restore from a Percona XtraBackup stored in S3 bucket. Only Aurora MySQL is supported. | map(string) |
{} |
no |
scaling_configuration | Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless |
map(string) |
{} |
no |
security_group_tags | Additional tags for the security group | map(string) |
{} |
no |
serverlessv2_scaling_configuration | Map of nested attributes with serverless v2 scaling properties. Only valid when engine_mode is set to provisioned |
map(string) |
{} |
no |
skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool |
null |
no |
snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string |
null |
no |
source_region | The source region for an encrypted replica DB cluster | string |
null |
no |
storage_encrypted | Specifies whether the underlying storage layer should be encrypted | bool |
true |
no |
storage_type | Specifies the storage type to be associated with the DB cluster. Defaults to io1 | string |
null |
no |
subnet_ids | A list of VPC subnet IDs. | list(string) |
n/a | yes |
tags | A map of tags to add to all resources | map(string) |
{} |
no |
vpc_id | VPC ID for instance | string |
n/a | yes |
vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) |
[] |
no |
Name | Description |
---|---|
additional_cluster_endpoints | A map of additional cluster endpoints and their attributes |
cluster_arn | Amazon Resource Name (ARN) of cluster |
cluster_database_name | Name for an automatically created database on cluster creation |
cluster_endpoint | Writer endpoint for the cluster |
cluster_hosted_zone_id | The Route53 Hosted Zone ID of the endpoint |
cluster_id | The RDS Cluster Identifier |
cluster_instances | A map of cluster instances and their attributes |
cluster_master_password | The database master password |
cluster_master_username | The database master username |
cluster_members | List of RDS Instances that are a part of this cluster |
cluster_port | The database port |
cluster_reader_endpoint | Reader endpoint for the cluster |
cluster_resource_id | The RDS Cluster Resource ID |
cluster_role_associations | A map of IAM roles associated with the cluster and their attributes |
db_cluster_parameter_group_arn | The ARN of the DB cluster parameter group created |
db_cluster_parameter_group_id | The ID of the DB cluster parameter group created |
db_parameter_group_arn | The ARN of the DB parameter group created |
db_parameter_group_id | The ID of the DB parameter group created |
db_subnet_group_arn | The db subnet group ARN. |
db_subnet_group_id | The db subnet group name. |
enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
enhanced_monitoring_iam_role_name | The name of the enhanced monitoring role |
enhanced_monitoring_iam_role_unique_id | Stable and unique string identifying the enhanced monitoring role |
security_group_id | The security group ID of the cluster |
See LICENSE file for full details.
pre-commit
terraform-docs
required forterraform_docs
hooks.TFLint
required forterraform_tflint
hook.
brew install pre-commit terraform-docs tflint
brew tap git-chglog/git-chglog
brew install git-chglog