Skip to content

qapital/terraform-aws-rds-aurora

 
 

Repository files navigation

AWS RDS Aurora Terraform module

Terraform module which creates RDS Aurora resources on AWS.

Available features

  • Autoscaling of read-replicas (based on CPU utilization)
  • Enhanced Monitoring

Usage

module "db" {
  source  = "terraform-aws-modules/rds-aurora/aws"
  version = "~> 3.0"

  name           = "test-aurora-db-postgres96"
  engine         = "aurora-postgresql"
  engine_version = "11.9"
  instance_type  = "db.r5.large"

  vpc_id  = "vpc-12345678"
  subnets = ["subnet-12345678", "subnet-87654321"]

  replica_count           = 1
  allowed_security_groups = ["sg-12345678"]
  allowed_cidr_blocks     = ["10.20.0.0/20"]

  storage_encrypted   = true
  apply_immediately   = true
  monitoring_interval = 10

  db_parameter_group_name         = "default"
  db_cluster_parameter_group_name = "default"

  enabled_cloudwatch_logs_exports = ["postgresql"]

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Conditional creation

Sometimes you need to have a way to create RDS Aurora resources conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_cluster.

# This RDS cluster will not be created
module "db" {
  source  = "terraform-aws-modules/rds-aurora/aws"
  version = "~> 3.0"

  create_cluster = false
  # ... omitted
}

Examples

  • Autoscaling: A PostgreSQL cluster with enhanced monitoring and autoscaling enabled
  • Custom Instance Settings: A PostgreSQL cluster with multiple replics configured using custom settings
  • MySQL: A simple MySQL cluster
  • PostgreSQL: A simple PostgreSQL cluster
  • S3 Import: A MySQL cluster created from a Percona Xtrabackup stored in S3
  • Serverless: Serverless PostgreSQL and MySQL clusters

Documentation

Terraform documentation is generated automatically using pre-commit hooks. Follow installation instructions here.

Requirements

Name Version
terraform >= 0.13
aws >= 3.30
random >= 2.2

Providers

Name Version
aws >= 3.30
random >= 2.2

Modules

No modules.

Resources

Name Type
aws_appautoscaling_policy.autoscaling_read_replica_count resource
aws_appautoscaling_target.read_replica_count resource
aws_db_subnet_group.this resource
aws_iam_role.rds_enhanced_monitoring resource
aws_iam_role_policy_attachment.rds_enhanced_monitoring resource
aws_rds_cluster.this resource
aws_rds_cluster_instance.this resource
aws_security_group.this resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
random_id.snapshot_identifier resource
random_password.master_password resource
aws_iam_policy_document.monitoring_rds_assume_role data source
aws_partition.current data source

Inputs

Name Description Type Default Required
allow_major_version_upgrade Determines whether major engine upgrades are allowed when changing engine version bool false no
allowed_cidr_blocks A list of CIDR blocks which are allowed to access the database list(string) [] no
allowed_security_groups A list of Security Group ID's to allow access to list(string) [] no
apply_immediately Determines whether or not any DB modifications are applied immediately, or during the maintenance window bool false no
auto_minor_version_upgrade Determines whether minor engine upgrades will be performed automatically in the maintenance window bool true no
backtrack_window The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) number 0 no
backup_retention_period How long to keep backups for (in days) number 7 no
ca_cert_identifier The identifier of the CA certificate for the DB instance string "rds-ca-2019" no
cluster_tags A map of tags to add to only the RDS cluster. Used for AWS Instance Scheduler tagging map(string) {} no
copy_tags_to_snapshot Copy all Cluster tags to snapshots bool false no
create_cluster Whether cluster should be created (it affects almost all resources) bool true no
create_monitoring_role Whether to create the IAM role for RDS enhanced monitoring bool true no
create_random_password Whether to create random password for RDS primary cluster bool true no
create_security_group Whether to create security group for RDS cluster bool true no
database_name Name for an automatically created database on cluster creation string "" no
db_cluster_parameter_group_name The name of a DB Cluster parameter group to use string null no
db_parameter_group_name The name of a DB parameter group to use string null no
db_subnet_group_name The existing subnet group name to use string "" no
deletion_protection If the DB instance should have deletion protection enabled bool false no
enable_http_endpoint Whether or not to enable the Data API for a serverless Aurora database engine bool false no
enabled_cloudwatch_logs_exports List of log types to export to cloudwatch - audit, error, general, slowquery, postgresql list(string) [] no
engine Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql string "aurora" no
engine_mode The database engine mode. Valid values: global, parallelquery, provisioned, serverless, multimaster string "provisioned" no
engine_version Aurora database engine version string "5.6.10a" no
final_snapshot_identifier_prefix The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. string "final" no
global_cluster_identifier The global cluster identifier specified on aws_rds_global_cluster string "" no
iam_database_authentication_enabled Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported bool false no
iam_role_description Description of the role string null no
iam_role_force_detach_policies Whether to force detaching any policies the role has before destroying it bool null no
iam_role_managed_policy_arns Set of exclusive IAM managed policy ARNs to attach to the IAM role list(string) null no
iam_role_max_session_duration Maximum session duration (in seconds) that you want to set for the role number null no
iam_role_name Friendly name of the role string null no
iam_role_path Path to the role string null no
iam_role_permissions_boundary The ARN of the policy that is used to set the permissions boundary for the role string null no
iam_role_use_name_prefix Whether to use iam_role_name as is or create a unique name beginning with the iam_role_name as the prefix bool false no
iam_roles A List of ARNs for the IAM roles to associate to the RDS Cluster list(string) [] no
instance_type Instance type to use at master instance. If instance_type_replica is not set it will use the same type for replica instances string "" no
instance_type_replica Instance type to use at replica instance string null no
instances_parameters Customized instance settings. Supported keys: instance_name, instance_type, instance_promotion_tier, publicly_accessible list(map(string)) [] no
is_primary_cluster Whether to create a primary cluster (set to false to be a part of a Global database) bool true no
kms_key_id The ARN for the KMS encryption key if one is set to the cluster string "" no
monitoring_interval The interval (seconds) between points when Enhanced Monitoring metrics are collected number 0 no
monitoring_role_arn IAM role used by RDS to send enhanced monitoring metrics to CloudWatch string "" no
name Name used across resources created string "" no
password Master DB password. Note - when specifying a value here, 'create_random_password' should be set to false string "" no
performance_insights_enabled Specifies whether Performance Insights is enabled or not bool false no
performance_insights_kms_key_id The ARN for the KMS key to encrypt Performance Insights data string "" no
port The port on which to accept connections string "" no
predefined_metric_type The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections string "RDSReaderAverageCPUUtilization" no
preferred_backup_window When to perform DB backups string "02:00-03:00" no
preferred_maintenance_window When to perform DB maintenance string "sun:05:00-sun:06:00" no
publicly_accessible Whether the DB should have a public IP address bool false no
replica_count Number of reader nodes to create. If replica_scale_enable is true, the value of replica_scale_min is used instead. number 1 no
replica_scale_connections Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4.large's default max_connections number 700 no
replica_scale_cpu CPU threshold which will initiate autoscaling number 70 no
replica_scale_enabled Whether to enable autoscaling for RDS Aurora (MySQL) read replicas bool false no
replica_scale_in_cooldown Cooldown in seconds before allowing further scaling operations after a scale in number 300 no
replica_scale_max Maximum number of read replicas permitted when autoscaling is enabled number 0 no
replica_scale_min Minimum number of read replicas permitted when autoscaling is enabled number 2 no
replica_scale_out_cooldown Cooldown in seconds before allowing further scaling operations after a scale out number 300 no
replication_source_identifier ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica string "" no
s3_import Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) map(string) null no
scaling_configuration Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless map(string) {} no
security_group_description The description of the security group. If value is set to empty string it will contain cluster name in the description string "Managed by Terraform" no
security_group_tags Additional tags for the security group map(string) {} no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. bool false no
snapshot_identifier DB snapshot to create this database from string null no
source_region The source region for an encrypted replica DB cluster string "" no
storage_encrypted Specifies whether the underlying storage layer should be encrypted bool true no
subnets List of subnet IDs used by database subnet group created list(string) [] no
tags A map of tags to add to all resources. map(string) {} no
username Master DB username string "root" no
vpc_id VPC ID string "" no
vpc_security_group_ids List of VPC security groups to associate to the cluster in addition to the SG we create in this module list(string) [] no

Outputs

Name Description
enhanced_monitoring_iam_role_arn The Amazon Resource Name (ARN) specifying the enhanced monitoring role
enhanced_monitoring_iam_role_name The name of the enhanced monitoring role
enhanced_monitoring_iam_role_unique_id Stable and unique string identifying the enhanced monitoring role
rds_cluster_arn The ID of the cluster
rds_cluster_database_name Name for an automatically created database on cluster creation
rds_cluster_endpoint The cluster endpoint
rds_cluster_engine_version The cluster engine version
rds_cluster_hosted_zone_id Route53 hosted zone id of the created cluster
rds_cluster_id The ID of the cluster
rds_cluster_instance_endpoints A list of all cluster instance endpoints
rds_cluster_instance_ids A list of all cluster instance ids
rds_cluster_master_password The master password
rds_cluster_master_username The master username
rds_cluster_port The port
rds_cluster_reader_endpoint The cluster reader endpoint
rds_cluster_resource_id The Resource ID of the cluster
security_group_id The security group ID of the cluster

Authors

Currently maintained by Anton Babenko and these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

Packages

No packages published

Languages

  • HCL 99.5%
  • Makefile 0.5%