Terraform module which creates RDS Aurora resources on AWS.
- Autoscaling of read-replicas (based on CPU utilization)
- Enhanced Monitoring
module "db" {
source = "terraform-aws-modules/rds-aurora/aws"
version = "~> 3.0"
name = "test-aurora-db-postgres96"
engine = "aurora-postgresql"
engine_version = "11.9"
instance_type = "db.r5.large"
vpc_id = "vpc-12345678"
subnets = ["subnet-12345678", "subnet-87654321"]
replica_count = 1
allowed_security_groups = ["sg-12345678"]
allowed_cidr_blocks = ["10.20.0.0/20"]
storage_encrypted = true
apply_immediately = true
monitoring_interval = 10
db_parameter_group_name = "default"
db_cluster_parameter_group_name = "default"
enabled_cloudwatch_logs_exports = ["postgresql"]
tags = {
Environment = "dev"
Terraform = "true"
}
}
Sometimes you need to have a way to create RDS Aurora resources conditionally but Terraform does not allow to use count
inside module
block, so the solution is to specify argument create_cluster
.
# This RDS cluster will not be created
module "db" {
source = "terraform-aws-modules/rds-aurora/aws"
version = "~> 3.0"
create_cluster = false
# ... omitted
}
- Autoscaling: A PostgreSQL cluster with enhanced monitoring and autoscaling enabled
- Custom Instance Settings: A PostgreSQL cluster with multiple replics configured using custom settings
- MySQL: A simple MySQL cluster
- PostgreSQL: A simple PostgreSQL cluster
- S3 Import: A MySQL cluster created from a Percona Xtrabackup stored in S3
- Serverless: Serverless PostgreSQL and MySQL clusters
Terraform documentation is generated automatically using pre-commit hooks. Follow installation instructions here.
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 3.30 |
random | >= 2.2 |
Name | Version |
---|---|
aws | >= 3.30 |
random | >= 2.2 |
No modules.
Name | Type |
---|---|
aws_appautoscaling_policy.autoscaling_read_replica_count | resource |
aws_appautoscaling_target.read_replica_count | resource |
aws_db_subnet_group.this | resource |
aws_iam_role.rds_enhanced_monitoring | resource |
aws_iam_role_policy_attachment.rds_enhanced_monitoring | resource |
aws_rds_cluster.this | resource |
aws_rds_cluster_instance.this | resource |
aws_security_group.this | resource |
aws_security_group_rule.cidr_ingress | resource |
aws_security_group_rule.default_ingress | resource |
random_id.snapshot_identifier | resource |
random_password.master_password | resource |
aws_iam_policy_document.monitoring_rds_assume_role | data source |
aws_partition.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_major_version_upgrade | Determines whether major engine upgrades are allowed when changing engine version | bool |
false |
no |
allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(string) |
[] |
no |
allowed_security_groups | A list of Security Group ID's to allow access to | list(string) |
[] |
no |
apply_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | bool |
false |
no |
auto_minor_version_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | bool |
true |
no |
backtrack_window | The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | number |
0 |
no |
backup_retention_period | How long to keep backups for (in days) | number |
7 |
no |
ca_cert_identifier | The identifier of the CA certificate for the DB instance | string |
"rds-ca-2019" |
no |
cluster_tags | A map of tags to add to only the RDS cluster. Used for AWS Instance Scheduler tagging | map(string) |
{} |
no |
copy_tags_to_snapshot | Copy all Cluster tags to snapshots | bool |
false |
no |
create_cluster | Whether cluster should be created (it affects almost all resources) | bool |
true |
no |
create_monitoring_role | Whether to create the IAM role for RDS enhanced monitoring | bool |
true |
no |
create_random_password | Whether to create random password for RDS primary cluster | bool |
true |
no |
create_security_group | Whether to create security group for RDS cluster | bool |
true |
no |
database_name | Name for an automatically created database on cluster creation | string |
"" |
no |
db_cluster_parameter_group_name | The name of a DB Cluster parameter group to use | string |
null |
no |
db_parameter_group_name | The name of a DB parameter group to use | string |
null |
no |
db_subnet_group_name | The existing subnet group name to use | string |
"" |
no |
deletion_protection | If the DB instance should have deletion protection enabled | bool |
false |
no |
enable_http_endpoint | Whether or not to enable the Data API for a serverless Aurora database engine | bool |
false |
no |
enabled_cloudwatch_logs_exports | List of log types to export to cloudwatch - audit , error , general , slowquery , postgresql |
list(string) |
[] |
no |
engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | string |
"aurora" |
no |
engine_mode | The database engine mode. Valid values: global, parallelquery, provisioned, serverless, multimaster | string |
"provisioned" |
no |
engine_version | Aurora database engine version | string |
"5.6.10a" |
no |
final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | string |
"final" |
no |
global_cluster_identifier | The global cluster identifier specified on aws_rds_global_cluster | string |
"" |
no |
iam_database_authentication_enabled | Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported | bool |
false |
no |
iam_role_description | Description of the role | string |
null |
no |
iam_role_force_detach_policies | Whether to force detaching any policies the role has before destroying it | bool |
null |
no |
iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the IAM role | list(string) |
null |
no |
iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the role | number |
null |
no |
iam_role_name | Friendly name of the role | string |
null |
no |
iam_role_path | Path to the role | string |
null |
no |
iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the role | string |
null |
no |
iam_role_use_name_prefix | Whether to use iam_role_name as is or create a unique name beginning with the iam_role_name as the prefix |
bool |
false |
no |
iam_roles | A List of ARNs for the IAM roles to associate to the RDS Cluster | list(string) |
[] |
no |
instance_type | Instance type to use at master instance. If instance_type_replica is not set it will use the same type for replica instances | string |
"" |
no |
instance_type_replica | Instance type to use at replica instance | string |
null |
no |
instances_parameters | Customized instance settings. Supported keys: instance_name , instance_type , instance_promotion_tier , publicly_accessible |
list(map(string)) |
[] |
no |
is_primary_cluster | Whether to create a primary cluster (set to false to be a part of a Global database) | bool |
true |
no |
kms_key_id | The ARN for the KMS encryption key if one is set to the cluster | string |
"" |
no |
monitoring_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | number |
0 |
no |
monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string |
"" |
no |
name | Name used across resources created | string |
"" |
no |
password | Master DB password. Note - when specifying a value here, 'create_random_password' should be set to false |
string |
"" |
no |
performance_insights_enabled | Specifies whether Performance Insights is enabled or not | bool |
false |
no |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string |
"" |
no |
port | The port on which to accept connections | string |
"" |
no |
predefined_metric_type | The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections | string |
"RDSReaderAverageCPUUtilization" |
no |
preferred_backup_window | When to perform DB backups | string |
"02:00-03:00" |
no |
preferred_maintenance_window | When to perform DB maintenance | string |
"sun:05:00-sun:06:00" |
no |
publicly_accessible | Whether the DB should have a public IP address | bool |
false |
no |
replica_count | Number of reader nodes to create. If replica_scale_enable is true , the value of replica_scale_min is used instead. |
number |
1 |
no |
replica_scale_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4.large's default max_connections | number |
700 |
no |
replica_scale_cpu | CPU threshold which will initiate autoscaling | number |
70 |
no |
replica_scale_enabled | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | bool |
false |
no |
replica_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number |
300 |
no |
replica_scale_max | Maximum number of read replicas permitted when autoscaling is enabled | number |
0 |
no |
replica_scale_min | Minimum number of read replicas permitted when autoscaling is enabled | number |
2 |
no |
replica_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number |
300 |
no |
replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string |
"" |
no |
s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) |
null |
no |
scaling_configuration | Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless |
map(string) |
{} |
no |
security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string |
"Managed by Terraform" |
no |
security_group_tags | Additional tags for the security group | map(string) |
{} |
no |
skip_final_snapshot | Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. | bool |
false |
no |
snapshot_identifier | DB snapshot to create this database from | string |
null |
no |
source_region | The source region for an encrypted replica DB cluster | string |
"" |
no |
storage_encrypted | Specifies whether the underlying storage layer should be encrypted | bool |
true |
no |
subnets | List of subnet IDs used by database subnet group created | list(string) |
[] |
no |
tags | A map of tags to add to all resources. | map(string) |
{} |
no |
username | Master DB username | string |
"root" |
no |
vpc_id | VPC ID | string |
"" |
no |
vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) |
[] |
no |
Name | Description |
---|---|
enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
enhanced_monitoring_iam_role_name | The name of the enhanced monitoring role |
enhanced_monitoring_iam_role_unique_id | Stable and unique string identifying the enhanced monitoring role |
rds_cluster_arn | The ID of the cluster |
rds_cluster_database_name | Name for an automatically created database on cluster creation |
rds_cluster_endpoint | The cluster endpoint |
rds_cluster_engine_version | The cluster engine version |
rds_cluster_hosted_zone_id | Route53 hosted zone id of the created cluster |
rds_cluster_id | The ID of the cluster |
rds_cluster_instance_endpoints | A list of all cluster instance endpoints |
rds_cluster_instance_ids | A list of all cluster instance ids |
rds_cluster_master_password | The master password |
rds_cluster_master_username | The master username |
rds_cluster_port | The port |
rds_cluster_reader_endpoint | The cluster reader endpoint |
rds_cluster_resource_id | The Resource ID of the cluster |
security_group_id | The security group ID of the cluster |
Currently maintained by Anton Babenko and these awesome contributors.
Apache 2 Licensed. See LICENSE for full details.