Need help with terraform-aws-rds-aurora?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

terraform-aws-modules
208 Stars 309 Forks Apache License 2.0 184 Commits 24 Opened issues

Description

Terraform module which creates RDS Aurora resources on AWS

Services available

!
?

Need anything else?

Contributors list

AWS RDS Aurora Terraform module

Terraform module which creates RDS Aurora resources on AWS.

Available features

  • Autoscaling of read-replicas (based on CPU utilization)
  • Enhanced Monitoring

Usage

module "db" {
  source  = "terraform-aws-modules/rds-aurora/aws"
  version = "~> 5.0"

name = "test-aurora-db-postgres96" engine = "aurora-postgresql" engine_version = "11.9" instance_type = "db.r5.large"

vpc_id = "vpc-12345678" subnets = ["subnet-12345678", "subnet-87654321"]

replica_count = 1 allowed_security_groups = ["sg-12345678"] allowed_cidr_blocks = ["10.20.0.0/20"]

storage_encrypted = true apply_immediately = true monitoring_interval = 10

db_parameter_group_name = "default" db_cluster_parameter_group_name = "default"

enabled_cloudwatch_logs_exports = ["postgresql"]

tags = { Environment = "dev" Terraform = "true" } }

Conditional creation

Sometimes you need to have a way to create RDS Aurora resources conditionally but Terraform does not allow to use

count
inside
module
block, so the solution is to specify argument
create_cluster
.
# This RDS cluster will not be created
module "db" {
  source  = "terraform-aws-modules/rds-aurora/aws"
  version = "~> 5.0"

create_cluster = false

... omitted

}

Examples

  • Autoscaling: A PostgreSQL cluster with enhanced monitoring and autoscaling enabled
  • Custom Instance Settings: A PostgreSQL cluster with multiple replics configured using custom settings
  • MySQL: A simple MySQL cluster
  • PostgreSQL: A simple PostgreSQL cluster
  • S3 Import: A MySQL cluster created from a Percona Xtrabackup stored in S3
  • Serverless: Serverless PostgreSQL and MySQL clusters

Documentation

Terraform documentation is generated automatically using pre-commit hooks. Follow installation instructions here.

Requirements

| Name | Version | |------|---------| | terraform | >= 0.13 | | aws | >= 3.30 | | random | >= 2.2 |

Providers

| Name | Version | |------|---------| | aws | >= 3.30 | | random | >= 2.2 |

Modules

No modules.

Resources

| Name | Type | |------|------| | awsappautoscalingpolicy.autoscalingreadreplica_count | resource | | awsappautoscalingtarget.readreplicacount | resource | | awsdbsubnet_group.this | resource | | awsiamrole.rdsenhancedmonitoring | resource | | awsiamrolepolicyattachment.rdsenhancedmonitoring | resource | | awsrdscluster.this | resource | | awsrdscluster_instance.this | resource | | awssecuritygroup.this | resource | | awssecuritygrouprule.cidringress | resource | | awssecuritygrouprule.defaultingress | resource | | randomid.snapshotidentifier | resource | | randompassword.masterpassword | resource | | awsiampolicydocument.monitoringrdsassumerole | data source | | aws_partition.current | data source |

Inputs

| Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | allow_major_version_upgrade | Determines whether major engine upgrades are allowed when changing engine version |

bool
|
false
| no | | allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database |
list(string)
|
[]
| no | | allowed_security_groups | A list of Security Group ID's to allow access to |
list(string)
|
[]
| no | | apply_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window |
bool
|
false
| no | | auto_minor_version_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window |
bool
|
true
| no | | backtrack_window | The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) |
number
|
0
| no | | backup_retention_period | How long to keep backups for (in days) |
number
|
7
| no | | ca_cert_identifier | The identifier of the CA certificate for the DB instance |
string
|
"rds-ca-2019"
| no | | cluster_tags | A map of tags to add to only the RDS cluster. Used for AWS Instance Scheduler tagging |
map(string)
|
{}
| no | | copy_tags_to_snapshot | Copy all Cluster tags to snapshots |
bool
|
false
| no | | create_cluster | Whether cluster should be created (it affects almost all resources) |
bool
|
true
| no | | create_monitoring_role | Whether to create the IAM role for RDS enhanced monitoring |
bool
|
true
| no | | create_random_password | Whether to create random password for RDS primary cluster |
bool
|
true
| no | | create_security_group | Whether to create security group for RDS cluster |
bool
|
true
| no | | database_name | Name for an automatically created database on cluster creation |
string
|
""
| no | | db_cluster_parameter_group_name | The name of a DB Cluster parameter group to use |
string
|
null
| no | | db_parameter_group_name | The name of a DB parameter group to use |
string
|
null
| no | | db_subnet_group_name | The existing subnet group name to use |
string
|
""
| no | | deletion_protection | If the DB instance should have deletion protection enabled |
bool
|
false
| no | | enable_http_endpoint | Whether or not to enable the Data API for a serverless Aurora database engine |
bool
|
false
| no | | enabled_cloudwatch_logs_exports | List of log types to export to cloudwatch -
audit
,
error
,
general
,
slowquery
,
postgresql
|
list(string)
|
[]
| no | | engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql |
string
|
"aurora"
| no | | engine_mode | The database engine mode. Valid values: global, parallelquery, provisioned, serverless, multimaster |
string
|
"provisioned"
| no | | engine_version | Aurora database engine version |
string
|
"5.6.10a"
| no | | final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. |
string
|
"final"
| no | | global_cluster_identifier | The global cluster identifier specified on aws_rds_global_cluster |
string
|
""
| no | | iam_database_authentication_enabled | Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported |
bool
|
false
| no | | iam_role_description | Description of the role |
string
|
null
| no | | iam_role_force_detach_policies | Whether to force detaching any policies the role has before destroying it |
bool
|
null
| no | | iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the IAM role |
list(string)
|
null
| no | | iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the role |
number
|
null
| no | | iam_role_name | Friendly name of the role |
string
|
null
| no | | iam_role_path | Path to the role |
string
|
null
| no | | iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role |
string
|
null
| no | | iam_role_use_name_prefix | Whether to use
iam_role_name
as is or create a unique name beginning with the
iam_role_name
as the prefix |
bool
|
false
| no | | iam_roles | A List of ARNs for the IAM roles to associate to the RDS Cluster |
list(string)
|
[]
| no | | instance_type | Instance type to use at master instance. If instance_type_replica is not set it will use the same type for replica instances |
string
|
""
| no | | instance_type_replica | Instance type to use at replica instance |
string
|
null
| no | | instances_parameters | Customized instance settings. Supported keys:
instance_name
,
instance_type
,
instance_promotion_tier
,
publicly_accessible
|
list(map(string))
|
[]
| no | | is_primary_cluster | Whether to create a primary cluster (set to false to be a part of a Global database) |
bool
|
true
| no | | kms_key_id | The ARN for the KMS encryption key if one is set to the cluster |
string
|
""
| no | | monitoring_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected |
number
|
0
| no | | monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch |
string
|
""
| no | | name | Name used across resources created |
string
|
""
| no | | password | Master DB password. Note - when specifying a value here, 'create_random_password' should be set to
false
|
string
|
""
| no | | performance_insights_enabled | Specifies whether Performance Insights is enabled or not |
bool
|
false
| no | | performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data |
string
|
""
| no | | port | The port on which to accept connections |
string
|
""
| no | | predefined_metric_type | The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections |
string
|
"RDSReaderAverageCPUUtilization"
| no | | preferred_backup_window | When to perform DB backups |
string
|
"02:00-03:00"
| no | | preferred_maintenance_window | When to perform DB maintenance |
string
|
"sun:05:00-sun:06:00"
| no | | publicly_accessible | Whether the DB should have a public IP address |
bool
|
false
| no | | replica_count | Number of reader nodes to create. If
replica_scale_enable
is
true
, the value of
replica_scale_min
is used instead. |
number
|
1
| no | | replica_scale_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4.large's default max_connections |
number
|
700
| no | | replica_scale_cpu | CPU threshold which will initiate autoscaling |
number
|
70
| no | | replica_scale_enabled | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas |
bool
|
false
| no | | replica_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in |
number
|
300
| no | | replica_scale_max | Maximum number of read replicas permitted when autoscaling is enabled |
number
|
0
| no | | replica_scale_min | Minimum number of read replicas permitted when autoscaling is enabled |
number
|
2
| no | | replica_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out |
number
|
300
| no | | replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica |
string
|
""
| no | | restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster. |
map(string)
|
{}
| no | | s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) |
map(string)
|
null
| no | | scaling_configuration | Map of nested attributes with scaling properties. Only valid when engine_mode is set to
serverless
|
map(string)
|
{}
| no | | security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description |
string
|
"Managed by Terraform"
| no | | security_group_tags | Additional tags for the security group |
map(string)
|
{}
| no | | skip_final_snapshot | Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. |
bool
|
false
| no | | snapshot_identifier | DB snapshot to create this database from |
string
|
null
| no | | source_region | The source region for an encrypted replica DB cluster |
string
|
""
| no | | storage_encrypted | Specifies whether the underlying storage layer should be encrypted |
bool
|
true
| no | | subnets | List of subnet IDs used by database subnet group created |
list(string)
|
[]
| no | | tags | A map of tags to add to all resources. |
map(string)
|
{}
| no | | username | Master DB username |
string
|
"root"
| no | | vpc_id | VPC ID |
string
|
""
| no | | vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module |
list(string)
|
[]
| no |

Outputs

| Name | Description | |------|-------------| | enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the enhanced monitoring role | | enhanced_monitoring_iam_role_name | The name of the enhanced monitoring role | | enhanced_monitoring_iam_role_unique_id | Stable and unique string identifying the enhanced monitoring role | | rds_cluster_arn | The ID of the cluster | | rds_cluster_database_name | Name for an automatically created database on cluster creation | | rds_cluster_endpoint | The cluster endpoint | | rds_cluster_engine_version | The cluster engine version | | rds_cluster_hosted_zone_id | Route53 hosted zone id of the created cluster | | rds_cluster_id | The ID of the cluster | | rds_cluster_instance_dbi_resource_ids | A list of all the region-unique, immutable identifiers for the DB instances | | rds_cluster_instance_endpoints | A list of all cluster instance endpoints | | rds_cluster_instance_ids | A list of all cluster instance ids | | rds_cluster_master_password | The master password | | rds_cluster_master_username | The master username | | rds_cluster_port | The port | | rds_cluster_reader_endpoint | The cluster reader endpoint | | rds_cluster_resource_id | The Resource ID of the cluster | | security_group_id | The security group ID of the cluster | <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.