Terraform module which creates RDS Aurora resources on AWS.
These types of resources are supported:
- RDS Cluster
- RDS Cluster Instance
- DB Subnet Group
- Application AutoScaling Policy
- Application AutoScaling Target
- Autoscaling of replicas
- Enhanced Monitoring
- Optional cloudwatch alarms
module "db" {
source = "terraform-aws-modules/rds-aurora/aws"
name = "test-aurora-db-postgres96"
engine = "aurora-postgresql"
engine_version = "9.6.3"
vpc_id = "vpc-12345678"
subnet_ids = ["subnet-12345678", "subnet-87654321"]
azs = ["eu-west-1a", "eu-west-1b"]
replica_count = 1
allowed_security_groups = ["sg-12345678"]
instance_type = "db.r4.large"
db_parameter_group_name = "default"
db_cluster_parameter_group_name = "default"
tags = {
Environment = "dev"
Terraform = "true"
}
}
- PostgreSQL: A simple example with VPC and PostgreSQL cluster.
- MySQL: A simple example with VPC and MySQL cluster.
- Production: A production ready PostgreSQL cluster with enhanced monitoring, autoscaling and cloudwatch alarms.
Documentation should be modified within main.tf
and generated using terraform-docs.
Generate them like so:
go get github.com/segmentio/terraform-docs
terraform-docs md ./ | cat -s | perl -e "print reverse(<>)" | tail -n +2 | perl -e "print reverse(<>)" >> README.md
Name | Version |
---|---|
aws | >= 3.63.0 |
Name | Version |
---|---|
aws | >= 3.63.0 |
random | n/a |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_major_version_upgrade | Determines whether or not major version upgrades are permitted | bool |
false |
no |
allowed_security_groups | A list of Security Group ID's to allow access to. | list |
[] |
no |
apply_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | bool |
false |
no |
auto_minor_version_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | bool |
true |
no |
backup_retention_period | How long to keep backups for (in days) | number |
7 |
no |
ca_cert_identifier | The identifier of the CA certificate for the DB instances | string |
"" |
no |
cloudwatch_alarm_actions | Actions for cloudwatch alarms. e.g. an SNS topic | list(string) |
[] |
no |
cloudwatch_alarm_default_thresholds | Override default thresholds for CloudWatch alarms. See cloudwatch_alarm_default_thresholds in cloudwatch.tf for valid keys | map(string) |
{} |
no |
cloudwatch_create_alarms | Whether to enable CloudWatch alarms - requires cw_sns_topic is specified |
bool |
false |
no |
cloudwatch_log_group_retention_in_days | The number of days to retain CloudWatch logs for the DB instance | number |
1 |
no |
create_cloudwatch_log_group | Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports |
bool |
false |
no |
create_data_reader | Specifies if a data reader node is created. | bool |
false |
no |
create_resources | Whether to create the Aurora cluster and related resources | bool |
true |
no |
create_timeout | Timeout used for Cluster creation | string |
"120m" |
no |
data_reader_endpoint_suffix | Suffix for the Route53 record pointing to the cluster data reader endpoint. Only used if route53_zone_id is passed also | string |
"-data-reader" |
no |
data_reader_instance_type | Instance type to use for data reader node | string |
"db.r4.large" |
no |
data_reader_parameter_group_name | Data reader node db parameter group | string |
"" |
no |
data_reader_route53_prefix | If specified a data reader route53 record will be created | string |
"" |
no |
data_reader_route53_zone_id | If specified a data reader route53 record will be created | string |
"" |
no |
data_reader_tags | A map of tags to add to data reader resources. | map(string) |
{} |
no |
db_cluster_db_instance_parameter_group_name | Instance parameter group to associate with all instances of the DB cluster. The db_instance_parameter_group_name parameter is only valid in combination with the allow_major_version_upgrade parameter. | any |
null |
no |
db_cluster_parameter_group_name | The name of a DB Cluster parameter group to use | string |
"default.aurora5.6" |
no |
db_parameter_group_name | The name of a DB parameter group to use | string |
"default.aurora5.6" |
no |
delete_timeout | Timeout used for destroying cluster. This includes any cleanup task during the destroying process. | string |
"120m" |
no |
deletion_protection | The database can't be deleted when this value is set to true. | bool |
true |
no |
enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql (PostgreSQL). | list(any) |
[] |
no |
engine | Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql | string |
"aurora" |
no |
engine_version | Aurora database engine version. | string |
"5.6.10a" |
no |
extra_security_groups | A list of Security Group IDs to add to the cluster | list |
[] |
no |
final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | string |
"final-" |
no |
identifier_prefix | Prefix for cluster and instance identifier | string |
"" |
no |
instance_type | Instance type to use | string |
"db.r4.large" |
no |
kms_key_id | The ARN for the KMS encryption key if one is set to the cluster. | string |
"" |
no |
monitoring_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | number |
0 |
no |
name | Name given resources | string |
n/a | yes |
password | Master DB password | string |
"" |
no |
performance_insights_enabled | Specifies whether Performance Insights is enabled or not. | string |
false |
no |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. | string |
"" |
no |
port | The port on which to accept connections | string |
"" |
no |
preferred_backup_window | When to perform DB backups for the cluster | string |
"02:00-03:00" |
no |
preferred_backup_window_instance | When to perform DB backups for instances | string |
"" |
no |
preferred_maintenance_window | When to perform DB maintenance for the cluster | string |
"sun:05:00-sun:06:00" |
no |
preferred_maintenance_window_instance | When to perform DB maintenance for instances | string |
"" |
no |
prefix_master_creds_ssm | SSM parameter prefix for master user credentials | string |
"/database-controller" |
no |
publicly_accessible | Whether the DB should have a public IP address | bool |
false |
no |
reader_endpoint_suffix | Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53_zone_id is passed also | string |
"-ro" |
no |
replica_autoscaling | Whether to enable autoscaling for RDS Aurora (MySQL) read replicas | string |
false |
no |
replica_count | Number of reader nodes to create. If replica_scale_enable is true , the value of replica_scale_min is used instead. |
number |
1 |
no |
replica_scale_cpu | CPU usage to trigger autoscaling at | string |
70 |
no |
replica_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | string |
300 |
no |
replica_scale_max | Maximum number of replicas to allow scaling for | string |
0 |
no |
replica_scale_min | Maximum number of replicas to allow scaling for | string |
1 |
no |
replica_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | string |
300 |
no |
route53_record_appendix | Will be appended to the route53 record. Only used if route53_zone_id is passed also | string |
".rds" |
no |
route53_record_ttl | TTL of route53 record. Only used if route53_zone_id is passed also | string |
60 |
no |
route53_zone_id | If specified a route53 record will be created | string |
"" |
no |
security_group_name_prefix | Prefix for security group name | string |
"aurora-" |
no |
skip_final_snapshot | Should a final snapshot be created on cluster destroy | bool |
false |
no |
snapshot_identifier | DB snapshot to create this database from | string |
"" |
no |
storage_encrypted | Specifies whether the underlying storage layer should be encrypted | bool |
false |
no |
store_master_creds_ssm | Whether to store master user and password in SSM | bool |
false |
no |
subnet_ids | List of subnet IDs to use | list(string) |
n/a | yes |
tags | A map of tags to add to all resources. | map(string) |
{} |
no |
update_timeout | Timeout used for Cluster modifications | string |
"120m" |
no |
username | Master DB username | string |
"root" |
no |
vpc_id | VPC ID | string |
n/a | yes |
Name | Description |
---|---|
cluster_endpoint | The cluster endpoint |
cluster_id | The ID of the cluster |
cluster_master_password | The master password |
cluster_master_username | The master username |
cluster_port | The port |
cluster_reader_endpoint | The cluster reader endpoint |