This Terraform module deploys a PostgreSQL database on AWS RDS, simplifying the setup and management of cloud-based relational databases.
module "rds-pg" {
source = "saturnops/rds-postgresql/aws"
name = "postgresql"
db_name = "proddb"
vpc_id = "vpc-047eb8acfb73"
multi_az = "true"
subnet_ids = ["subnet-b39cfc", "subnet-090b8d8"]
environment = "prod"
storage_type = "gp3"
replica_enable = false
replica_count = 1
kms_key_arn = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b"
storage_type = "gp3"
engine_version = "15.2"
instance_class = "db.m5.large"
master_username = "pguser"
allocated_storage = "20"
publicly_accessible = false
skip_final_snapshot = true
backup_window = "03:00-06:00"
maintenance_window = "Mon:00:00-Mon:03:00"
major_engine_version = "15.2"
deletion_protection = false
allowed_security_groups = ["sg-013cbf880"]
final_snapshot_identifier_prefix = "final"
cloudwatch_metric_alarms_enabled = true
alarm_cpu_threshold_percent = 70
disk_free_storage_space = "10000000" # in bytes
slack_username = "John"
slack_channel = "skaf-dev"
slack_webhook_url = "https://hooks/xxxxxxxx"
custom_user_password = "postgresqlpasswd"
}Refer examples for more details.
The required IAM permissions to create resources from this module can be found here
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | 5.13.1 |
| Name | Version |
|---|---|
| archive | n/a |
| aws | 5.13.1 |
| random | n/a |
| Name | Source | Version |
|---|---|---|
| cw_sns_slack | ./lambda | n/a |
| db | terraform-aws-modules/rds/aws | 6.1.0 |
| db_replica | terraform-aws-modules/rds/aws | 6.1.0 |
| security_group_rds | terraform-aws-modules/security-group/aws | ~> 4 |
| Name | Type |
|---|---|
| aws_cloudwatch_metric_alarm.cache_cpu | resource |
| aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low | resource |
| aws_kms_ciphertext.slack_url | resource |
| aws_kms_key.this | resource |
| aws_lambda_permission.sns_lambda_slack_invoke | resource |
| aws_secretsmanager_secret.secret_master_db | resource |
| aws_secretsmanager_secret_version.rds_credentials | resource |
| aws_security_group_rule.cidr_ingress | resource |
| aws_security_group_rule.default_ingress | resource |
| aws_sns_topic.slack_topic | resource |
| aws_sns_topic_subscription.slack-endpoint | resource |
| random_password.master | resource |
| archive_file.lambdazip | data source |
| aws_availability_zones.available | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tags | A map of additional tags to apply to the AWS resources | map(string) |
{ |
no |
| alarm_actions | Alarm action list | list(string) |
[] |
no |
| alarm_cpu_threshold_percent | CPU threshold alarm level | number |
75 |
no |
| allocated_storage | The allocated storage capacity for the database in gibibytes (GiB) | number |
20 |
no |
| allowed_cidr_blocks | A list of CIDR blocks that are allowed to access the database | list(any) |
[] |
no |
| allowed_security_groups | A list of Security Group IDs to allow access to the database | list(any) |
[] |
no |
| apply_immediately | Specifies whether any cluster modifications are applied immediately or during the next maintenance window | bool |
false |
no |
| backup_retention_period | The number of days to retain backups for | number |
5 |
no |
| backup_window | The preferred window for taking automated backups of the database | string |
"03:00-06:00" |
no |
| cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool |
false |
no |
| create_db_subnet_group | Whether to create a database subnet group | bool |
true |
no |
| create_security_group | Whether to create a security group for the database | bool |
true |
no |
| custom_user_password | Custom password for the RDS master user | string |
"" |
no |
| cw_sns_topic_arn | The username to use when sending notifications to Slack. | string |
"" |
no |
| db_name | The name of the automatically created database on cluster creation | string |
"" |
no |
| deletion_protection | Specifies whether accidental deletion protection is enabled | bool |
true |
no |
| disk_free_storage_space | Alarm threshold for the 'lowFreeStorageSpace' alarm | string |
"10000000000" |
no |
| enable_ssl_connection | Whether to enable SSL connection to the database | bool |
false |
no |
| enable_storage_autoscaling | Whether enable storage autoscaling or not | bool |
true |
no |
| engine | The name of the database engine to be used for this DB cluster | string |
"postgres" |
no |
| engine_version | The database engine version. Updating this argument results in an outage | string |
"" |
no |
| environment | Select enviroment type: dev, demo, prod | string |
"" |
no |
| family | The version of the Postgresql DB family being created | string |
"postgres15" |
no |
| final_snapshot_identifier_prefix | The prefix name for the final snapshot on cluster destroy | string |
"final" |
no |
| instance_class | The instance type for the database | string |
"db.m5.large" |
no |
| kms_key_arn | The ARN for the KMS encryption key. Set this to the destination KMS ARN when creating an encrypted replica. If storage_encrypted is set to true and kms_key_id is not specified, the default KMS key created in your account will be used | string |
null |
no |
| maintenance_window | The preferred window for performing database maintenance | string |
"Mon:00:00-Mon:03:00" |
no |
| major_engine_version | The major engine version for the database. Updating this argument results in an outage | string |
"" |
no |
| manage_master_user_password | Whether to manage the master user password of the RDS primary cluster automatically | bool |
false |
no |
| master_username | The username for the RDS primary cluster | string |
"" |
no |
| max_allocated_storage | The Maximum storage capacity for the database value after autoscaling | number |
null |
no |
| multi_az | Enable multi-AZ for disaster recovery | bool |
false |
no |
| name | The name of the RDS instance | string |
"" |
no |
| ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) |
[] |
no |
| performance_insights_enabled | Specifies whether Performance Insights are enabled | bool |
false |
no |
| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Valid values are 7, 731 (2 years) or a multiple of 31 |
number |
7 |
no |
| port | The port number for the database | number |
5432 |
no |
| publicly_accessible | Specifies whether the RDS instance is publicly accessible over the internet | bool |
false |
no |
| random_password_length | The length of the randomly generated password for the RDS primary cluster (default: 16) | number |
16 |
no |
| replica_count | The number of replica instance | number |
1 |
no |
| replica_enable | Whether enable replica DB | bool |
false |
no |
| replicate_source_db | Specifies that this resource is a replicate database, and uses the specified value as the source database identifier | string |
null |
no |
| skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If set to true, no DB snapshot is created. If set to false, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier | bool |
true |
no |
| slack_channel | The Slack channel where notifications will be posted. | string |
"" |
no |
| slack_notification_enabled | Whether to enable/disable slack notification. | bool |
false |
no |
| slack_username | The username to use when sending notifications to Slack. | string |
"" |
no |
| slack_webhook_url | The Slack Webhook URL where notifications will be sent. | string |
"" |
no |
| snapshot_identifier | Specifies whether to create the database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05 | string |
null |
no |
| storage_encrypted | Specifies whether to enable database encryption | bool |
true |
no |
| storage_type | The storage type for the database storage like gp2,gp3,io1 | string |
"gp2" |
no |
| subnet_ids | A list of subnet IDs used by the database subnet group | list(any) |
[] |
no |
| vpc_id | The ID of the VPC where the RDS cluster will be deployed | string |
"" |
no |
| Name | Description |
|---|---|
| db_instance_endpoint | Connection endpoint of the RDS instance. |
| db_instance_name | Name of the database instance |
| db_instance_password | Password for accessing the database. |
| db_instance_username | Master username for accessing the database. |
| db_parameter_group_id | ID of the parameter group associated with the RDS instance. |
| db_subnet_group_id | ID of the subnet group associated with the RDS instance. |
| master_credential_secret_arn | The ARN of the master user secret (Only available when manage_master_user_password is set to true) |
| rds_dedicated_security_group | ID of the security group associated with the RDS instance. |
| replica_db_instance_endpoint | Connection endpoint of the RDS instance. |
| replica_db_instance_name | Name of the replica database s |
Please give our GitHub repository a ⭐️ to show your support and increase its visibility.