Skip to content

Latest commit

 

History

History
256 lines (222 loc) · 61 KB

README.md

File metadata and controls

256 lines (222 loc) · 61 KB

Terraform AWS Neptune Module

Terraform module that creates AWS Neptune resources.

Features

  • Create and manage AWS Neptune clusters, instances & snapshots.
  • Create and manage Neptune cluster parameter groups.
  • Define Neptune subnet groups for cluster deployment.
  • Set up Neptune event subscriptions for monitoring.
  • Create custom cluster endpoints with various configurations.
  • Create Global clusters and read-only replicas in secondary regions.

Usage

Neptune serverless has some limitations. Please see the limitations before jumping into Neptune Serverless.

Neptune serverless requires that the engine_version attribute must be 1.2.0.1 or above. Also, you need to provide a cluster parameter group compatible with the family neptune1.2. In the examples below, the default cluster parameter group is used.

Standard configuration

# main.tf

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.1.3"

  apply_immediately                      = true
  backup_retention_period                = 5
  cluster_identifier                     = "neptune-db-dev-use2"
  copy_tags_to_snapshot                  = true
  create_neptune_cluster                 = true
  create_neptune_cluster_parameter_group = true
  create_neptune_instance                = true
  create_neptune_subnet_group            = true
  enable_serverless                      = false
  engine_version                         = "1.2.0.0"
  iam_database_authentication_enabled    = true
  kms_key_arn                            = data.aws_kms_key.default.arn
  max_capacity                           = 128
  min_capacity                           = 2.5
  preferred_backup_window                = "07:00-09:00"
  preferred_maintenance_window           = "sun:06:00-sun:10:00"
  skip_final_snapshot                    = true
  subnet_ids                             = data.aws_subnets.db.ids
  instance_class                         = "db.r5.large"

  neptune_cluster_parameters = {
    parameter1 = {
      key   = "neptune_enable_audit_log"
      value = "1"
    }
  }

  neptune_db_parameters = {
    parameter1 = {
      key   = "neptune_query_timeout"
      value = "25"
    }
  }

  event_subscriptions = {
    "subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1"
    "subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
  }

  tags = {
    Name        = "neptune-db-dev-use2"
    Environment = "dev"
  }
}

Advanced endpoint configuration

module "neptune" {
  source  = "dstrates/neptune/aws"
  version = "0.1.3"

  # Standard configuration
  # ...
  # ...

  create_neptune_cluster_endpoint     = true

  neptune_cluster_endpoints           = {
    "endpoint1" = {
      endpoint_type    = "READER"
      static_members   = ["instance-1", "instance-2"]
      excluded_members = []
      tags             = {
        Name = "Endpoint 1"
      }
    },
    "endpoint2" = {
      endpoint_type    = "WRITER"
      static_members   = []
      excluded_members = ["instance-3"]
      tags             = {
        Name = "Endpoint 2"
      }
    }
  }

  # ... (other variables as needed)
}

Examples

Requirements

Name Version
terraform >= 1.0
aws >= 5.25
random >= 3.6.0

Providers

Name Version
aws 5.81.0
random 3.6.3

Modules

No modules.

Resources

Name Type
aws_iam_role.this resource
aws_iam_role_policy_attachment.this resource
aws_neptune_cluster.this resource
aws_neptune_cluster_endpoint.this resource
aws_neptune_cluster_instance.primary resource
aws_neptune_cluster_instance.read_replicas resource
aws_neptune_cluster_parameter_group.this resource
aws_neptune_cluster_snapshot.this resource
aws_neptune_event_subscription.this resource
aws_neptune_global_cluster.this resource
aws_neptune_parameter_group.this resource
aws_neptune_subnet_group.this resource
aws_security_group.this resource
random_id.snapshot_suffix resource
aws_caller_identity.current data source
aws_iam_policy_document.this data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
allow_major_version_upgrade (Optional) Specifies whether upgrades between different major versions are allowed. You must set it to true when providing an engine_version parameter that uses a different major version than the DB cluster's current version. bool false no
apply_immediately Specifies whether cluster modifications are applied immediately bool true no
availability_zones (Optional) A list of EC2 Availability Zones that instances in the Neptune cluster can be created in. list(string) null no
backup_retention_period The number of days to retain backups for number 7 no
cluster_identifier The cluster identifier. Required if create_neptune_cluster is true. string null no
cluster_identifier_prefix (Optional) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier. string null no
copy_tags_to_snapshot (Optional) If set to true, tags are copied to any snapshot of the DB cluster that is created. bool null no
create_neptune_cluster Whether or not to create a Neptune cluster bool true no
create_neptune_cluster_endpoint Whether or not to create Neptune cluster endpoints. bool false no
create_neptune_cluster_parameter_group Whether or not to create a Neptune cluster parameter group bool true no
create_neptune_cluster_snapshot Whether or not to create a Neptune cluster snapshot bool true no
create_neptune_global_cluster Whether or not to create a Neptune global cluster bool false no
create_neptune_iam_role Whether or not to create and attach a Neptune IAM role bool true no
create_neptune_instance Whether or not to create Neptune instances bool true no
create_neptune_parameter_group Whether or not to create a Neptune DB parameter group bool true no
create_neptune_security_group Whether or not to create a Neptune security group bool true no
create_neptune_subnet_group Whether or not to create a Neptune subnet group bool true no
create_timeout Timeout for creating the Neptune cluster snapshot string "20m" no
db_cluster_identifier The DB Cluster Identifier from which to take the snapshot string null no
db_cluster_snapshot_identifier The Identifier for the snapshot string null no
deletion_protection (Optional) A value that indicates whether the DB cluster has deletion protection enabled bool false no
enable_cloudwatch_logs_exports (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit and slowquery. list(string) null no
enable_serverless Whether or not to create a Serverless Neptune cluster bool true no
engine_version The database engine version string "1.2.0.1" no
event_subscriptions Map of Neptune event subscriptions with names and SNS topic ARNs

Example:
{
"subscription1" = "arn:aws:sns:us-east-1:123456789012:topic1",
"subscription2" = "arn:aws:sns:us-east-1:123456789012:topic2"
}
map(string) null no
final_snapshot_identifier (Optional) The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made. string null no
global_cluster_deletion_protection (Optional) Whether or not the global cluster should have deletion protection enabled. Default: false. bool false no
global_cluster_engine (Optional) Name of the database engine to be used for the global cluster. Valid values: neptune. string null no
global_cluster_engine_version (Optional) Engine version of the global database. Must be compatible with Neptune global cluster versions. string null no
global_cluster_identifier (Optional) The global cluster identifier specified on aws_neptune_global_cluster. string null no
global_cluster_source_db_cluster_identifier (Optional) Amazon Resource Name (ARN) to use as the primary DB Cluster of the Global Cluster on creation. Terraform cannot perform drift detection of this value. string null no
global_cluster_storage_encrypted (Optional) Specifies whether the global cluster is encrypted. The default is false unless the source DB cluster is encrypted. bool null no
iam_database_authentication_enabled Specifies whether IAM database authentication is enabled bool true no
iam_roles (Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster list(string) null no
instance_class The instance class to use for the Neptune instances (e.g., db.r5.large, db.serverless). string "db.serverless" no
kms_key_arn (Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true. string null no
max_capacity The maximum Neptune Capacity Units (NCUs) for the cluster number 128 no
min_capacity The minimum Neptune Capacity Units (NCUs) for the cluster number 2.5 no
neptune_cluster_endpoints A map of Neptune cluster endpoints to create.
map(object({
endpoint_type = string
static_members = list(string)
excluded_members = list(string)
tags = map(string)
}))
{} no
neptune_cluster_instance_tags Tags for the Neptune cluster instances map(string) {} no
neptune_cluster_parameter_group_tags Tags for the Neptune cluster parameter group map(string) {} no
neptune_cluster_parameters A map of Neptune cluster parameter settings
map(object({
key = string
value = string
}))
{
"parameter1": {
"key": "neptune_enable_audit_log",
"value": "1"
}
}
no
neptune_db_parameters A map of Neptune DB parameter settings
map(object({
key = string
value = string
}))
{
"parameter1": {
"key": "neptune_query_timeout",
"value": "25"
}
}
no
neptune_event_subscription_tags Tags for the Neptune event subscription map(string) {} no
neptune_family The family of the neptune cluster and parameter group. string "neptune1.2" no
neptune_parameter_group_tags Tags for the Neptune parameter group map(string) {} no
neptune_port Network port for the Neptune DB Cluster number 8182 no
neptune_role_description Description for the Neptune IAM role string null no
neptune_role_name Name for the Neptune IAM role string "iam-role-neptune" no
neptune_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the Neptune IAM role string null no
neptune_security_group_tags Tags for the Neptune security group map(string) {} no
neptune_subnet_cidrs A list of subnet CIDRs where the Neptune cluster is situated list(string)
[
"10.0.0.0/8"
]
no
neptune_subnet_group_tags Tags for the Neptune subnet group map(string) {} no
port (Optional) The port on which the Neptune accepts connections. number 8182 no
preferred_backup_window The daily time range during which automated backups are created string "07:00-09:00" no
preferred_maintenance_window (Optional) The weekly time range during which system maintenance can occur, in UTC, e.g., 'wed:04:00-wed:04:30'. string null no
read_replica_count Number of read replicas to create. number 0 no
replication_source_identifier (Optional) ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica. string null no
skip_final_snapshot Determines whether a final Neptune snapshot is created before deletion bool true no
snapshot_identifier (Optional) Specifies whether or not to create this cluster from a snapshot. string null no
storage_encrypted (Optional) Specifies whether the Neptune cluster is encrypted. bool true no
storage_type (Optional) Storage type associated with the cluster (standard or iopt1). Default: standard string "standard" no
subnet_ids A list of subnet IDs to associate with the Neptune cluster list(string) null no
tags A map of tags to assign to the Neptune cluster map(string) {} no
vpc_id The VPC ID for the Neptune cluster and security group string null no
vpc_security_group_ids (Optional) List of VPC security groups to associate with the Cluster list(string) null no

Outputs

Name Description
neptune_cluster_arn ARN of the Neptune cluster
neptune_cluster_endpoint The DNS endpoint of the Neptune cluster instance
neptune_cluster_endpoint_ids IDs of the Neptune cluster endpoints
neptune_cluster_id ID of the Neptune cluster
neptune_cluster_members List of Neptune Instances that are a part of this cluster
neptune_cluster_reader_endpoint The reader endpoint of the Neptune cluster
neptune_cluster_resource_id The resource ID of the Neptune cluster
neptune_cluster_snapshot_identifier The Identifier for the DB Cluster Snapshot
neptune_db_parameter_group_id ID of the Neptune DB parameter group
neptune_event_subscription_ids IDs of the Neptune event subscriptions
neptune_global_cluster_arn ARN of the Neptune global cluster
neptune_global_cluster_id ID of the Neptune global cluster
neptune_global_cluster_members A set of objects containing global cluster members
neptune_global_cluster_resource_id AWS Region-unique, immutable identifier for the global database cluster
neptune_iam_role_arn ARN of the IAM role for Neptune
neptune_parameter_group_id ID of the Neptune cluster parameter group
neptune_primary_instance_id ID of the primary Neptune cluster instance
neptune_read_replica_ids IDs of the Neptune read replica instances
neptune_security_group_id ID of the Neptune security group
neptune_subnet_group_id ID of the Neptune subnet group