Azure Managed Database - PostgreSQL flexible

This module creates an Azure PostgreSQL Flexible server with databases, along with enabled logging and firewall rules.

A user is created for each database created in this module. This module does not allow users to create new objects in the public schema regarding vulnerability CVE-2018-1058.

Global versioning rule for Claranet Azure modules

Module version	Terraform version	OpenTofu version	AzureRM version
>= 8.x.x	Unverified	1.8.x	>= 4.0
>= 7.x.x	1.3.x		>= 3.0
>= 6.x.x	1.x		>= 3.0
>= 5.x.x	0.15.x		>= 2.0
>= 4.x.x	0.13.x / 0.14.x		>= 2.0
>= 3.x.x	0.12.x		>= 2.0
>= 2.x.x	0.12.x		< 2.0
< 2.x.x	0.11.x		< 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

module "postgresql_flexible" {
  source  = "claranet/db-postgresql-flexible/azurerm"
  version = "x.x.x"

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  tier               = "GeneralPurpose"
  size               = "D2s_v3"
  storage_mb         = 32768
  postgresql_version = 16

  allowed_cidrs = {
    "1" = "10.0.0.0/24"
    "2" = "12.34.56.78/32"
  }

  backup_retention_days        = 14
  geo_redundant_backup_enabled = true

  administrator_login = "azureadmin"

  databases = {
    mydatabase = {
      collation = "en_US.utf8"
      charset   = "UTF8"
    }
  }

  maintenance_window = {
    day_of_week  = 3
    start_hour   = 3
    start_minute = 0
  }

  logs_destinations_ids = [
    module.logs.id,
    module.logs.storage_account_id,
  ]

  extra_tags = {
    foo = "bar"
  }
}

provider "postgresql" {
  host      = module.postgresql_flexible.fqdn
  port      = 5432
  username  = module.postgresql_flexible.administrator_login
  password  = module.postgresql_flexible.administrator_password
  sslmode   = "require"
  superuser = false
}

module "postgresql_users" {
  source  = "claranet/users/postgresql"
  version = "x.x.x"

  for_each = module.postgresql_flexible.databases_names

  administrator_login = module.postgresql_flexible.administrator_login

  database = each.key
}

module "postgresql_configuration" {
  source  = "claranet/database-configuration/postgresql"
  version = "x.x.x"

  for_each = module.postgresql_flexible.databases_names

  administrator_login = module.postgresql_flexible.administrator_login

  database_admin_user = module.postgresql_users[each.key].user
  database            = each.key
  schema_name         = each.key
}

Providers

Name	Version
azurecaf	~> 1.2.28
azurerm	~> 4.0
random	>= 2.0

Modules

Name	Source	Version
diagnostics	claranet/diagnostic-settings/azurerm	~> 8.0.0

Resources

Name	Type
azurerm_postgresql_flexible_server.main	resource
azurerm_postgresql_flexible_server_configuration.main	resource
azurerm_postgresql_flexible_server_database.main	resource
azurerm_postgresql_flexible_server_firewall_rule.main	resource
random_password.administrator_password	resource
azurecaf_name.postgresql_flexible_server	data source

Inputs

Name	Description	Type	Default	Required
administrator_login	PostgreSQL administrator login.	string	n/a	yes
administrator_password	PostgreSQL administrator password. Strong password definition in the documentation.	string	null	no
allowed_cidrs	Map of allowed CIDRs.	map(string)	n/a	yes
authentication	Authentication configuration for the PostgreSQL Flexible server.	object({ active_directory_auth_enabled = optional(bool) password_auth_enabled = optional(bool) tenant_id = optional(string) })	null	no
auto_grow_enabled	Enable auto grow for the PostgreSQL Flexible server.	bool	false	no
backup_retention_days	Backup retention days for the PostgreSQL Flexible server. Value should be between 7 and 35 days.	number	7	no
client_name	Client name/account used in naming.	string	n/a	yes
configurations	PostgreSQL configuration values to set on the PostgreSQL Flexible server.	map(string)	{}	no
custom_name	Custom server name.	string	""	no
databases	Map of databases configurations with database name as key and following available configuration option: * (optional) charset: Valid PostgreSQL charset : https://www.postgresql.org/docs/current/multibyte.html#CHARSET-TABLE * (optional) collation: Valid PostgreSQL collation : http://www.postgresql.cn/docs/13/collation.html - be careful about https://docs.microsoft.com/en-us/windows/win32/intl/locale-names?redirectedfrom=MSDN	map(object({ charset = optional(string, "UTF8") collation = optional(string, "en_US.utf8") }))	{}	no
default_tags_enabled	Option to enable or disable default tags.	bool	true	no
delegated_subnet_id	ID of the Subnet to create the PostgreSQL Flexible server. No resources to be deployed in it.	string	null	no
diagnostic_settings_custom_name	Custom name of the diagnostics settings, name will be 'default' if not set.	string	"default"	no
environment	Project environment.	string	n/a	yes
extra_tags	Map of custom tags.	map(string)	{}	no
geo_redundant_backup_enabled	Enable Geo Redundant Backup for the PostgreSQL Flexible server.	bool	false	no
location	Azure location.	string	n/a	yes
location_short	Short string for Azure location.	string	n/a	yes
logs_categories	Log categories to send to destinations.	list(string)	null	no
logs_destinations_ids	List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set. If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character.	list(string)	n/a	yes
logs_metrics_categories	Metrics categories to send to destinations.	list(string)	null	no
maintenance_window	Map of maintenance window configuration.	object({ day_of_week = optional(number, 0) start_hour = optional(number, 0) start_minute = optional(number, 0) })	null	no
name_prefix	Optional prefix for the generated name.	string	""	no
name_suffix	Optional suffix for the generated name.	string	""	no
postgresql_version	Version of PostgreSQL Flexible server. Possible values are in the documentation.	number	16	no
private_dns_zone_id	ID of the Private DNS Zone to create the PostgreSQL Flexible server.	string	null	no
public_network_access_enabled	Enable public network access for the PostgreSQL Flexible server.	bool	false	no
resource_group_name	Resource Group name.	string	n/a	yes
size	Size for PostgreSQL Flexible server SKU. See documentation.	string	"D2ds_v4"	no
stack	Project stack name.	string	n/a	yes
standby_zone	Specify the Availability Zone to enable high availability and create standby PostgreSQL Flexible server. null to disable high availability.	number	2	no
storage_mb	Storage allowed for PostgresSQL Flexible server. See documentation.	number	32768	no
tier	Tier for PostgreSQL Flexible server SKU. See documentation. Possible values are: GeneralPurpose, Burstable and MemoryOptimized.	string	"GeneralPurpose"	no
zone	Specify the Availability Zone for the PostgreSQL Flexible server.	number	1	no

Outputs

Name	Description
administrator_login	Administrator login for PostgreSQL Flexible server.
administrator_password	Administrator password for PostgreSQL Flexible server.
configurations	Map of all PostgreSQL configurations.
databases_ids	Map of databases IDs.
databases_names	Map of databases names.
firewall_rules_ids	Map of firewall rules IDs.
fqdn	FQDN of the PostgreSQL Flexible server.
id	ID of the Azure PostgreSQL Flexible server.
module_diagnostics	Diagnostics settings module outputs.
name	Name of the Azure PostgreSQL Flexible server.
resource	Azure PostgreSQL server resource object.
resource_configuration	Azure PostgreSQL configuration resource object.
resource_database	Azure PostgreSQL database resource object.
resource_firewall_rule	Azure PostgreSQL server firewall rule resource object.
terraform_module	Information about this Terraform module.

Related documentation

Microsoft Azure documentation: docs.microsoft.com/fr-fr/azure/postgresql/flexible-server/