module "aurora" {
source = "git::ssh://git@github.com/oozou/terraform-aws-aurora.git?ref=<selected_tag>"
/* -------------------------------- GENERICS -------------------------------- */
prefix = "oozou"
name = "test"
environment = "devops"
tags = {
"Workspace" = "local"
}
/* ------------------------------- RDS CLUSTER ------------------------------ */
is_create_db_subnet_group = true
db_subnet_group_ids = ["<subnet_id>"]
engine = "aurora-postgresql"
engine_mode = "provisioned"
engine_version = "13.6"
database_name = "<db_name>"
master_username = "postgres"
is_create_random_password = true
backup_retention_period = 14
preferred_backup_window = "18:00-20:00"
preferred_maintenance_window = "fri:21:00-fri:22:00"
is_apply_immediately = true
enabled_cloudwatch_logs_exports = ["postgresql"]
/* ---------------------------- CLUSTER INSTANCE ---------------------------- */
instances = {
one = {
identifier_prefix = "writer"
instance_class = "db.r6g.xlarge"
}
two = {
identifier_prefix = "reader"
instance_class = "db.r6g.xlarge"
}
three = {
identifier_prefix = "reader"
instance_class = "db.r6g.xlarge"
}
four = {
identifier_prefix = "reader"
instance_class = "db.r6g.xlarge"
}
}
publicly_accessible = false
monitoring_interval = 60
auto_minor_version_upgrade = true
performance_insights_enabled = true
endpoints = {
reader = {
identifier = "reader"
type = "READER"
}
}
/* -------------------------------- AUTOSCALE ------------------------------- */
is_autoscaling_enabled = true
autoscaling_max_capacity = 3
autoscaling_min_capacity = 1
predefined_metric_type = "RDSReaderAverageCPUUtilization"
autoscaling_scale_in_cooldown = 180
autoscaling_scale_out_cooldown = 90
autoscaling_target_cpu = 70
/* -------------------------------- SECURITY -------------------------------- */
is_create_security_group = true
vpc_id = "<vpc_id>"
security_group_ingress_rules = {
allow_all = {
cidr_blocks = ["0.0.0.0/0", "1.1.1.1/32"]
}
allow_vpn_in_client_network = {
cidr_blocks = ["172.16.0.0/24"]
}
allow_from_sg = {
source_security_group_id = "sg-06835c3466ef09115"
}
}
security_group_egress_rules = {
anywhere = {
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
allow_to_sg = {
source_security_group_id = "sg-06835c3466ef09115"
}
}
is_storage_encrypted = true
kms_key_id = null
/* ----------------------------- PARAMETER GROUP ---------------------------- */
is_create_db_parameter_group = true
is_create_db_cluster_parameter_group = true
db_cluster_parameters = [{
apply_method = "immediate"
name = "timezone"
value = "Asia/Bangkok"
}]
}| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 3.63 |
| random | >= 2.2 |
| Name | Version |
|---|---|
| aws | 4.14.0 |
| random | 3.1.3 |
No modules.
| Name | Type |
|---|---|
| aws_appautoscaling_policy.this | resource |
| aws_appautoscaling_target.this | resource |
| aws_db_parameter_group.this | resource |
| aws_db_subnet_group.this | resource |
| aws_iam_role.rds_enhanced_monitoring | resource |
| aws_iam_role_policy_attachment.rds_enhanced_monitoring | resource |
| aws_rds_cluster.this | resource |
| aws_rds_cluster_endpoint.this | resource |
| aws_rds_cluster_instance.this | resource |
| aws_rds_cluster_parameter_group.this | resource |
| aws_rds_cluster_role_association.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.egress | resource |
| aws_security_group_rule.ingress | resource |
| random_id.snapshot_identifier | resource |
| random_password.master_password | resource |
| aws_iam_policy_document.monitoring_rds_assume_role | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default true |
bool |
true |
no |
| autoscaling_max_capacity | Maximum number of read replicas permitted when autoscaling is enabled | number |
1 |
no |
| autoscaling_min_capacity | Minimum number of read replicas permitted when autoscaling is enabled | number |
1 |
no |
| autoscaling_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number |
300 |
no |
| autoscaling_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number |
300 |
no |
| autoscaling_target_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections | number |
700 |
no |
| autoscaling_target_cpu | CPU threshold which will initiate autoscaling | number |
70 |
no |
| availability_zones | (optional) describe your variable | list(string) |
null |
no |
| backup_retention_period | The days to retain backups for. Default 7 |
number |
7 |
no |
| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string |
null |
no |
| database_name | Name for an automatically created database on cluster creation | string |
null |
no |
| db_cluster_db_instance_parameter_group_name | Instance parameter group to associate with all instances of the DB cluster. The db_cluster_db_instance_parameter_group_name is only valid in combination with is_allow_major_version_upgrade |
string |
null |
no |
| db_cluster_parameter_group_name | Input existed cluster parameter group to associate with the cluster | string |
null |
no |
| db_cluster_parameters | A list of DB parameter maps to apply | list(object({ |
[] |
no |
| db_parameter_group_name | Input existed name of the DB parameter group to associate with instances | string |
null |
no |
| db_parameters | A list of DB parameter maps to apply | list(object({ |
[] |
no |
| db_subnet_group_ids | List of subnet IDs used by database subnet group created | list(string) |
n/a | yes |
| db_subnet_group_name | The name of the subnet group name (existing or created) | string |
"" |
no |
| deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false |
bool |
false |
no |
| enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql. For this module support only postgresql |
list(string) |
[] |
no |
| endpoints | Map of additional cluster endpoints and their attributes to be created | any |
{} |
no |
| engine | The name of the database engine to be used for this DB cluster. Valid Values: aurora, aurora-mysql, aurora-postgresql |
string |
n/a | yes |
| engine_mode | The database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless. Defaults to: provisioned |
string |
"provisioned" |
no |
| engine_version | The database engine version. Updating this argument results in an outage | string |
n/a | yes |
| environment | Environment name used as environment resources name. | string |
n/a | yes |
| iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool |
null |
no |
| iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | list(string) |
null |
no |
| iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number |
null |
no |
| iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string |
null |
no |
| iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) |
{} |
no |
| instance_class | Instance type to use at master instance. Note: if autoscaling_enabled is true, this will be the same instance class used on instances created by autoscaling |
string |
"" |
no |
| instances | Map of cluster instances and any specific/overriding attributes to be created | any |
{} |
no |
| is_allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to false |
bool |
false |
no |
| is_apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false |
bool |
false |
no |
| is_autoscaling_enabled | Determines whether autoscaling of the cluster read replicas is enabled | bool |
false |
no |
| is_copy_tags_to_snapshot | Copy all Cluster tags to snapshots |
bool |
true |
no |
| is_create_cluster | Whether cluster should be created (affects nearly all resources) | bool |
true |
no |
| is_create_db_cluster_parameter_group | Whether to create db cluster parameter group or not | bool |
true |
no |
| is_create_db_parameter_group | Whether to create db parameter group or not | bool |
true |
no |
| is_create_db_subnet_group | Determines whether to create the databae subnet group or use existing | bool |
true |
no |
| is_create_monitoring_role | Determines whether to create the IAM role for RDS enhanced monitoring | bool |
true |
no |
| is_create_random_password | Determines whether to create random password for RDS primary cluster | bool |
true |
no |
| is_create_security_group | Determines whether to create security group for RDS cluster | bool |
true |
no |
| is_iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool |
false |
no |
| is_instances_use_identifier_prefix | Determines whether cluster instance identifiers are used as prefixes | bool |
false |
no |
| is_skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool |
false |
no |
| is_storage_encrypted | Specifies whether the DB cluster is encrypted. The default is true |
bool |
false |
no |
| kms_key_id | The ARN for the KMS encryption key. When specifying kms_key_id, is_storage_encrypted needs to be set to true |
string |
null |
no |
| master_password | Password for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to false |
string |
"" |
no |
| master_username | Username for the master DB user | string |
"root" |
no |
| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disble. Default is 0 |
number |
0 |
no |
| monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string |
"" |
no |
| name | Name used across resources created | string |
n/a | yes |
| performance_insights_enabled | Specifies whether Performance Insights is enabled or not. Default false |
bool |
false |
no |
| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string |
null |
no |
| performance_insights_retention_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). Default to 7 |
number |
7 |
no |
| port | The port on which the DB accepts connections | number |
null |
no |
| predefined_metric_type | The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections |
string |
"RDSReaderAverageCPUUtilization" |
no |
| preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTC |
string |
"20:00-21:00" |
no |
| preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) | string |
"sat:22:00-sat:23:00" |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource. | string |
n/a | yes |
| publicly_accessible | Determines whether instances are publicly accessible. Default false | bool |
false |
no |
| random_password_length | Length of random password to create. Defaults to 10 |
number |
10 |
no |
| replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string |
null |
no |
| restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster | map(string) |
{} |
no |
| scaling_configuration | Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless |
map(string) |
{} |
no |
| security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string |
null |
no |
| security_group_egress_rules | A map of security group egress rule defintions to add to the security group created | any |
{} |
no |
| security_group_ingress_rules | Map of ingress and any specific/overriding attributes to be created | any |
{} |
no |
| snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string |
null |
no |
| tags | Tags to add more; default tags contian {terraform=true, environment=var.environment} | map(string) |
{} |
no |
| vpc_id | ID of the VPC where to create security group | string |
n/a | yes |
| vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) |
[] |
no |
| Name | Description |
|---|---|
| additional_cluster_endpoints | A map of additional cluster endpoints and their attributes |
| cluster_arn | Amazon Resource Name (ARN) of cluster |
| cluster_database_name | Name for an automatically created database on cluster creation |
| cluster_endpoint | Writer endpoint for the cluster |
| cluster_engine_version_actual | The running version of the cluster database |
| cluster_hosted_zone_id | The Route53 Hosted Zone ID of the endpoint |
| cluster_id | The RDS Cluster Identifier |
| cluster_instances | A map of cluster instances and their attributes |
| cluster_master_password | The database master password |
| cluster_master_username | The database master username |
| cluster_members | List of RDS Instances that are a part of this cluster |
| cluster_port | The database port |
| cluster_reader_endpoint | A read-only endpoint for the cluster, automatically load-balanced across replicas |
| cluster_resource_id | The RDS Cluster Resource ID |
| cluster_role_associations | A map of IAM roles associated with the cluster and their attributes |
| db_cluster_parameter_group_id | id of db cluster parameter group |
| db_parameter_group_id | id of db parameter group |
| db_subnet_group_name | The db subnet group name |
| enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the enhanced monitoring role |
| enhanced_monitoring_iam_role_name | The name of the enhanced monitoring role |
| enhanced_monitoring_iam_role_unique_id | Stable and unique string identifying the enhanced monitoring role |
| security_group_id | The security group ID of the cluster |