git config --global core.hooksPath ./githooks # enables git hooks globallyCase 1. Create Security group and create RDS
data "aws_vpc" "main" {
id = "vpc-04c3b2abe39cd8a6a"
}
module "rds" {
source = "dasmeta/modules/aws//modules/rds"
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7.26"
instance_class = "db.t2.micro"
identifier = "db"
db_name = "db"
db_username = "root"
db_password = "some-password"
parameter_group_name = "default.mysql5.7"
vpc_id = "${data.aws_vpc.main.id}"
subnet_ids = ["subnet-04ad8ad2fdec889ec","subnet-0ea0a01c1bea0a0c9"]
create_security_group = true
ingress_with_cidr_blocks = [
{
description = "3306 from VPC"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = "${data.aws_vpc.main.cidr_block}"
}]
egress_with_cidr_blocks = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks ="[0.0.0.0/0]"
}]
}
Case 2. Create RDS
module "rds" {
source = "dasmeta/modules/aws//modules/rds"
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7.26"
instance_class = "db.t2.micro"
identifier = "db"
db_name = "db"
db_username = "root"
db_password = "some-password"
parameter_group_name = "default.mysql5.7"
vpc_id = "vpc-04c3b2abe39cd8a6a"
subnet_ids = ["subnet-04ad8ad2fdec889ec","subnet-0ea0a01c1bea0a0c9"]
create_security_group = false
// vpc_security_group_ids = ["sg-062742ac7a7f8c7a7"]
}
No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| Name | Source | Version |
|---|---|---|
| cloudwatch_metric_filters | dasmeta/monitoring/aws//modules/cloudwatch-log-based-metrics | 1.13.2 |
| cw_alerts | dasmeta/monitoring/aws//modules/alerts | 1.3.5 |
| db | terraform-aws-modules/rds/aws | ~> 6.1 |
| security_group | terraform-aws-modules/security-group/aws | 4.7.0 |
| Name | Type |
|---|---|
| aws_db_instance.database | data source |
| aws_ec2_instance_type.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alarms | n/a | object({ |
n/a | yes |
| allocated_storage | The allocated storage in gigabytes | number |
20 |
no |
| apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool |
false |
no |
| backup_retention_period | The days to retain backups for | number |
35 |
no |
| backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window | string |
"03:00-06:00" |
no |
| cloudwatch_log_group_retention_in_days | The number of days to retain CloudWatch logs for the DB instance | number |
30 |
no |
| create_cloudwatch_log_group | Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports | bool |
true |
no |
| create_db_option_group | Create a database option group | bool |
false |
no |
| create_db_parameter_group | Whether to create a database parameter group | bool |
false |
no |
| create_db_subnet_group | Whether to create a database subnet group | bool |
true |
no |
| create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | bool |
false |
no |
| create_security_group | n/a | bool |
false |
no |
| db_instance_tags | Additional tags for the DB instance | map(any) |
{} |
no |
| db_name | The DB name to create. If omitted, no database is created initially | string |
n/a | yes |
| db_option_group_tags | Additional tags for the DB option group | map(any) |
{} |
no |
| db_parameter_group_tags | n/a | map(any) |
{} |
no |
| db_password | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | string |
n/a | yes |
| db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string |
null |
no |
| db_subnet_group_tags | Additional tags for the DB parameter group | map(any) |
{} |
no |
| db_subnet_group_use_name_prefix | Determines whether to use subnet_group_name as is or create a unique name beginning with the subnet_group_name as the prefix |
bool |
false |
no |
| db_username | Username for the master DB user | string |
n/a | yes |
| deletion_protection | The database can't be deleted when this value is set to true | bool |
false |
no |
| egress_with_cidr_blocks | n/a | list(map(string)) |
[] |
no |
| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL) | list(string) |
[] |
no |
| engine | The database engine to use | string |
"mysql" |
no |
| engine_version | The engine version to use | string |
"5.7.26" |
no |
| iam_database_authentication_enabled | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | bool |
true |
no |
| identifier | Specifies the identifier of the CA certificate for the DB instance | string |
n/a | yes |
| ingress_with_cidr_blocks | n/a | list(map(string)) |
[] |
no |
| instance_class | The instance type of the RDS instance | string |
"db.t3.micro" |
no |
| maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | string |
"Mon:00:00-Mon:03:00" |
no |
| major_engine_version | Specifies the major version of the engine that this option group should be associated with | string |
"5.7" |
no |
| manage_master_user_password | Set to true to allow RDS to manage the master user password in Secrets Manager | bool |
false |
no |
| max_allocated_storage | Specifies the value for Storage Autoscaling | number |
100 |
no |
| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60 | number |
0 |
no |
| monitoring_role_name | Name of the IAM role which will be created when create_monitoring_role is enabled | string |
null |
no |
| multi_az | Specifies if the RDS instance is multi-AZ | bool |
true |
no |
| options | A list of Options to apply | list(any) |
[ |
no |
| parameter_group_name | Name of the DB parameter group to associate or create | string |
"default.mysql5.7" |
no |
| parameters | A list of DB parameters (map) to apply | list(map(any)) |
[] |
no |
| port | The port on which the DB accepts connections | number |
null |
no |
| security_group_description | n/a | string |
"MySQL security group" |
no |
| security_group_name | n/a | string |
"db_security_group" |
no |
| skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted | bool |
false |
no |
| slow_queries | n/a | object({ |
{ |
no |
| storage_encrypted | Specifies whether the DB instance is encrypted | bool |
false |
no |
| storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not | string |
"gp2" |
no |
| subnet_ids | A list of VPC subnet IDs | list(string) |
n/a | yes |
| tags | A mapping of tags to assign to all resources | map(any) |
{} |
no |
| vpc_id | n/a | string |
"" |
no |
| vpc_security_group_ids | List of VPC security groups to associate | list(string) |
[] |
no |
| Name | Description |
|---|---|
| db_instance_address | The address of the RDS instance |
| db_instance_arn | The ARN of the RDS instance |
| db_instance_cloudwatch_log_groups | Map of CloudWatch log groups created and their attributes |
| db_instance_endpoint | The connection endpoint |
| db_instance_port | The database port |
| db_password | DB password |
| db_username | DB username |