Skip to content

Latest commit

 

History

History
190 lines (165 loc) · 20.3 KB

README.md

File metadata and controls

190 lines (165 loc) · 20.3 KB

AWS RDS Aurora Terraform module

Terraform module which creates RDS Aurora resources on AWS.

These types of resources are supported:

Available features

  • Autoscaling of replicas
  • Enhanced Monitoring
  • Optional cloudwatch alarms

Usage

module "db" {
  source                          = "terraform-aws-modules/rds-aurora/aws"
  name                            = "test-aurora-db-postgres96"
  engine                          = "aurora-postgresql"
  engine_version                  = "9.6.3"
  vpc_id                          = "vpc-12345678"
  subnet_ids                      = ["subnet-12345678", "subnet-87654321"]
  azs                             = ["eu-west-1a", "eu-west-1b"]
  replica_count                   = 1
  allowed_security_groups         = ["sg-12345678"]
  instance_type                   = "db.r4.large"
  db_parameter_group_name         = "default"
  db_cluster_parameter_group_name = "default"

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Examples

  • PostgreSQL: A simple example with VPC and PostgreSQL cluster.
  • MySQL: A simple example with VPC and MySQL cluster.
  • Production: A production ready PostgreSQL cluster with enhanced monitoring, autoscaling and cloudwatch alarms.

Documentation generation

Documentation should be modified within main.tf and generated using terraform-docs. Generate them like so:

go get github.com/segmentio/terraform-docs
terraform-docs md ./ | cat -s | perl -e "print reverse(<>)" | tail -n +2 | perl -e "print reverse(<>)" >> README.md

Requirements

Name Version
aws >= 3.63.0

Providers

Name Version
aws >= 3.63.0
random n/a

Modules

No modules.

Resources

Name Type
aws_appautoscaling_policy.autoscaling_read_replica_count resource
aws_appautoscaling_target.read_replica_count resource
aws_cloudwatch_log_group.this resource
aws_cloudwatch_metric_alarm.aurora_replica_lag resource
aws_cloudwatch_metric_alarm.cpu_utilization_reader resource
aws_cloudwatch_metric_alarm.cpu_utilization_writer resource
aws_cloudwatch_metric_alarm.database_connections_reader resource
aws_cloudwatch_metric_alarm.database_connections_writer resource
aws_cloudwatch_metric_alarm.disk_queue_depth resource
aws_cloudwatch_metric_alarm.freeable_memory_reader resource
aws_cloudwatch_metric_alarm.freeable_memory_writer resource
aws_cloudwatch_metric_alarm.swap_usage_reader resource
aws_cloudwatch_metric_alarm.swap_usage_writer resource
aws_db_subnet_group.main resource
aws_iam_role.rds_enhanced_monitoring resource
aws_iam_role_policy_attachment.rds_enhanced_monitoring resource
aws_rds_cluster.main resource
aws_rds_cluster_instance.data_reader resource
aws_rds_cluster_instance.instance resource
aws_route53_record.data_reader resource
aws_route53_record.default resource
aws_route53_record.reader resource
aws_security_group.main resource
aws_security_group_rule.default_ingress resource
aws_ssm_parameter.superuser_name resource
aws_ssm_parameter.superuser_password resource
random_id.master_password resource
random_id.snapshot_identifier resource
aws_iam_policy_document.monitoring_rds_assume_role data source

Inputs

Name Description Type Default Required
allow_major_version_upgrade Determines whether or not major version upgrades are permitted bool false no
allowed_security_groups A list of Security Group ID's to allow access to. list [] no
apply_immediately Determines whether or not any DB modifications are applied immediately, or during the maintenance window bool false no
auto_minor_version_upgrade Determines whether minor engine upgrades will be performed automatically in the maintenance window bool true no
backup_retention_period How long to keep backups for (in days) number 7 no
ca_cert_identifier The identifier of the CA certificate for the DB instances string "" no
cloudwatch_alarm_actions Actions for cloudwatch alarms. e.g. an SNS topic list(string) [] no
cloudwatch_alarm_default_thresholds Override default thresholds for CloudWatch alarms. See cloudwatch_alarm_default_thresholds in cloudwatch.tf for valid keys map(string) {} no
cloudwatch_create_alarms Whether to enable CloudWatch alarms - requires cw_sns_topic is specified bool false no
cloudwatch_log_group_retention_in_days The number of days to retain CloudWatch logs for the DB instance number 1 no
create_cloudwatch_log_group Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports bool false no
create_data_reader Specifies if a data reader node is created. bool false no
create_resources Whether to create the Aurora cluster and related resources bool true no
create_timeout Timeout used for Cluster creation string "120m" no
data_reader_endpoint_suffix Suffix for the Route53 record pointing to the cluster data reader endpoint. Only used if route53_zone_id is passed also string "-data-reader" no
data_reader_instance_type Instance type to use for data reader node string "db.r4.large" no
data_reader_parameter_group_name Data reader node db parameter group string "" no
data_reader_route53_prefix If specified a data reader route53 record will be created string "" no
data_reader_route53_zone_id If specified a data reader route53 record will be created string "" no
data_reader_tags A map of tags to add to data reader resources. map(string) {} no
db_cluster_db_instance_parameter_group_name Instance parameter group to associate with all instances of the DB cluster. The db_instance_parameter_group_name parameter is only valid in combination with the allow_major_version_upgrade parameter. any null no
db_cluster_parameter_group_name The name of a DB Cluster parameter group to use string "default.aurora5.6" no
db_parameter_group_name The name of a DB parameter group to use string "default.aurora5.6" no
delete_timeout Timeout used for destroying cluster. This includes any cleanup task during the destroying process. string "120m" no
deletion_protection The database can't be deleted when this value is set to true. bool true no
enabled_cloudwatch_logs_exports Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql (PostgreSQL). list(any) [] no
engine Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql string "aurora" no
engine_version Aurora database engine version. string "5.6.10a" no
extra_security_groups A list of Security Group IDs to add to the cluster list [] no
final_snapshot_identifier_prefix The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. string "final-" no
identifier_prefix Prefix for cluster and instance identifier string "" no
instance_type Instance type to use string "db.r4.large" no
kms_key_id The ARN for the KMS encryption key if one is set to the cluster. string "" no
monitoring_interval The interval (seconds) between points when Enhanced Monitoring metrics are collected number 0 no
name Name given resources string n/a yes
password Master DB password string "" no
performance_insights_enabled Specifies whether Performance Insights is enabled or not. string false no
performance_insights_kms_key_id The ARN for the KMS key to encrypt Performance Insights data. string "" no
port The port on which to accept connections string "" no
preferred_backup_window When to perform DB backups for the cluster string "02:00-03:00" no
preferred_backup_window_instance When to perform DB backups for instances string "" no
preferred_maintenance_window When to perform DB maintenance for the cluster string "sun:05:00-sun:06:00" no
preferred_maintenance_window_instance When to perform DB maintenance for instances string "" no
prefix_master_creds_ssm SSM parameter prefix for master user credentials string "/database-controller" no
publicly_accessible Whether the DB should have a public IP address bool false no
reader_endpoint_suffix Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53_zone_id is passed also string "-ro" no
replica_autoscaling Whether to enable autoscaling for RDS Aurora (MySQL) read replicas string false no
replica_count Number of reader nodes to create. If replica_scale_enable is true, the value of replica_scale_min is used instead. number 1 no
replica_scale_cpu CPU usage to trigger autoscaling at string 70 no
replica_scale_in_cooldown Cooldown in seconds before allowing further scaling operations after a scale in string 300 no
replica_scale_max Maximum number of replicas to allow scaling for string 0 no
replica_scale_min Maximum number of replicas to allow scaling for string 1 no
replica_scale_out_cooldown Cooldown in seconds before allowing further scaling operations after a scale out string 300 no
route53_record_appendix Will be appended to the route53 record. Only used if route53_zone_id is passed also string ".rds" no
route53_record_ttl TTL of route53 record. Only used if route53_zone_id is passed also string 60 no
route53_zone_id If specified a route53 record will be created string "" no
security_group_name_prefix Prefix for security group name string "aurora-" no
skip_final_snapshot Should a final snapshot be created on cluster destroy bool false no
snapshot_identifier DB snapshot to create this database from string "" no
storage_encrypted Specifies whether the underlying storage layer should be encrypted bool false no
store_master_creds_ssm Whether to store master user and password in SSM bool false no
subnet_ids List of subnet IDs to use list(string) n/a yes
tags A map of tags to add to all resources. map(string) {} no
update_timeout Timeout used for Cluster modifications string "120m" no
username Master DB username string "root" no
vpc_id VPC ID string n/a yes

Outputs

Name Description
cluster_endpoint The cluster endpoint
cluster_id The ID of the cluster
cluster_master_password The master password
cluster_master_username The master username
cluster_port The port
cluster_reader_endpoint The cluster reader endpoint