<
This module has a few dependencies:
This Terraform module creates an AWS DB along with additional configuration options.
For detailed examples on how to use this module, please refer to the Examples directory within this repository.
Your Name Replace MIT and slovink with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
If you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at concat@slovink.com.
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At https://slovink.com/ we offer expert guidance, implementation support and services to help organisations accelerate their journey to the slovi. Our services include docker and container orchestration, slov migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
At [slovink][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.
module "mariadb" {
source = "https://github.com/slovink/terraform-aws-db.git?ref=v1.0.0"
name = "mariadb"
environment = "test"
label_order = ["environment", "name"]
engine = "MariaDB"
engine_version = "10.6.10"
instance_class = "db.m5.large"
engine_name = "MariaDB"
allocated_storage = 50
db_name = "test"
username = "user"
password = "esfsgcGdfawAhdxtfjm!"
port = "3306"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
vpc_id = module.vpc.id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [3306]
family = "mariadb10.6"
backup_retention_period = 0
enabled_cloudwatch_logs_exports = ["audit", "general"]
subnet_ids = module.private_subnets.public_subnet_id
publicly_accessible = true
major_engine_version = "10.6"
deletion_protection = false
ssm_parameter_endpoint_enabled = true
}module "mysql" {
source = "https://github.com/slovink/terraform-aws-db.git?ref=v1.0.0"
name = "mysql"
environment = "test"
label_order = ["environment", "name"]
engine = "mysql"
engine_version = "8.0.28"
instance_class = "db.m6i.xlarge."
allocated_storage = 5
vpc_id = module.vpc.id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [3306]
db_name = "test"
username = "user"
password = "esfsgcGdfawAhdxtfjm!"
port = "3306"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
backup_retention_period = 7
enabled_cloudwatch_logs_exports = ["audit", "general"]
subnet_ids = module.subnets.public_subnet_id
publicly_accessible = true
family = "mysql8.0"
major_engine_version = "8.0"
deletion_protection = false
parameters = [
{
name = "character_set_client"
value = "utf8"
},
{
name = "character_set_server"
value = "utf8"
}
]
options = [
{
option_name = "MARIADB_AUDIT_PLUGIN"
option_settings = [
{
name = "SERVER_AUDIT_EVENTS"
value = "CONNECT"
},
{
name = "SERVER_AUDIT_FILE_ROTATIONS"
value = "37"
},
]
},
]
ssm_parameter_endpoint_enabled = true
}module "oracle" {
source = "https://github.com/slovink/terraform-aws-db.git?ref=v1.0.0"
name = "oracle"
environment = "test"
label_order = ["environment", "name"]
engine = "oracle-ee"
engine_version = "19"
instance_class = "db.t3.medium"
engine_name = "oracle-ee"
allocated_storage = 50
storage_encrypted = true
family = "oracle-ee-19"
db_name = "test"
username = "admin"
password = "esfsgcGdfawAhdxtfjm!"
port = "1521"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
vpc_id = module.vpc.id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [1521]
backup_retention_period = 0
enabled_cloudwatch_logs_exports = ["audit"]
subnet_ids = module.private_subnets.public_subnet_id
publicly_accessible = true
major_engine_version = "19"
deletion_protection = false
iam_database_authentication_enabled = false
ssm_parameter_endpoint_enabled = true
}module "postgresql" {
source = "https://github.com/slovink/terraform-aws-db.git?ref=v1.0.0"
name = "postgresql"
environment = "test"
label_order = ["environment", "name"]
engine = "postgres"
engine_version = "14.6"
instance_class = "db.t3.medium"
allocated_storage = 50
engine_name = "postgres"
storage_encrypted = true
family = "postgres14"
db_name = "test"
username = "dbname"
password = "esfsgcGdfawAhdxtfjm!"
port = "5432"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = false
vpc_id = module.vpc.id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [5432]
backup_retention_period = 0
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
subnet_ids = module.private_subnets.public_subnet_id
publicly_accessible = true
major_engine_version = "14"
deletion_protection = false
ssm_parameter_endpoint_enabled = true
}module "mysql" {
source = "https://github.com/slovink/terraform-aws-db.git?ref=v1.0.0"
name = "rds"
environment = "test"
label_order = ["environment", "name"]
enabled = true
engine = "mysql"
engine_version = "8.0"
instance_class = "db.t4g.large"
replica_instance_class = "db.t4g.large"
allocated_storage = 20
identifier = ""
snapshot_identifier = ""
kms_key_id = ""
enabled_read_replica = true
enabled_replica = true
db_name = "replica"
username = "replica_mysql"
password = "clkjvnsdikjhdsijfsdli"
port = 3306
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
multi_az = true
vpc_id = module.vpc.id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [3306]
backup_retention_period = 1
enabled_cloudwatch_logs_exports = ["general"]
subnet_ids = module.subnets.public_subnet_id
publicly_accessible = false
family = "mysql8.0"
major_engine_version = "8.0"
auto_minor_version_upgrade = false
deletion_protection = false
ssm_parameter_endpoint_enabled = true
}-
name: A name for your db. -
engine: The database engine to use. -
engine_version: The engine version to use. -
instance_class: The instance type of the RDS instance. -
engine_name: The name of the database to create when the DB instance is created. -
allocated_storage: The allocated storage in gibibytes. -
db_name: The name of the database to create when the DB instance is created. -
username: Username for the master DB user. -
passwoed: Password for the master DB user. -
port:The port on which the DB accepts connections. -
maintenance_window: The window to perform maintenance in. -
backup_window: The daily time range (in UTC) during which automated backups are created if they are enabled. -
multi_az: Specifies if the RDS instance is multi-AZ -
enabled_cloudwatch_logs_exports: Set of log types to enable for exporting to CloudWatch logs. -
major_engine_version: Specifies the major version of the engine that this option group should be associated with. -
allocated_storage: The allocated storage in gibibytes. -
multi_az: Specifies if the RDS instance is multi-AZ -
backup_retention_period: The days to retain backups for. -
identifier: The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier. -
snapshot_identifier: Specifies whether or not to create this database from a snapshot. -
For security group settings, you can configure the ingress and egress rules using variables like:
-
db_instance_arn: The ARN of the RDS instance. -
db_instance_availability_zone: The availability zone of the RDS instance. -
db_instance_endpoint: The connection endpoint. -
db_instance_engine: The database engine. -
db_instance_id: The RDS instance ID. -
db_instance_address: db_instance_address. -
db_instance_hosted_zone_id: The canonical hosted zone ID of the DB instance. -
db_instance_status: The RDS instance status -
db_instance_name: The database name -
master_db_instance_resource_id: The RDS Resource ID of this instance. -
master_db_instance_username: The master username for the database. -
master_db_instance_password: The database password. -
master_db_instance_port: The database port. -
master_db_subnet_group_id: The db subnet group name. -
master_db_instance_cloudwatch_log_groups: Map of CloudWatch log groups created and their attributes. -
Other relevant security group outputs (modify as needed).
For detailed examples on how to use this module, please refer to the 'example' directory within this repository.
Your Name Replace '[License Name]' and '[Your Name]' with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >= 1.6.4, < 1.7.0 |
| aws | >= 5.13.1 |
| random | >= 3.5.1 |
| tls | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 5.13.1 |
| random | >= 3.5.1 |
| Name | Source | Version |
|---|---|---|
| labels | git@github.com:slovink/terraform-aws-labels.git | 1.0.0 |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_db_instance.read | resource |
| aws_db_instance.this | resource |
| aws_db_option_group.this | resource |
| aws_db_parameter_group.this | resource |
| aws_db_subnet_group.this | resource |
| aws_iam_role.enhanced_monitoring | resource |
| aws_iam_role_policy_attachment.enhanced_monitoring | resource |
| aws_kms_alias.default | resource |
| aws_kms_key.default | resource |
| aws_security_group.default | resource |
| aws_security_group_rule.egress | resource |
| aws_security_group_rule.egress_ipv6 | resource |
| aws_security_group_rule.ingress | resource |
| aws_ssm_parameter.secret-endpoint | resource |
| random_id.password | resource |
| random_id.snapshot_identifier | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.default | data source |
| aws_iam_policy_document.enhanced_monitoring | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"alias/rds11" |
no |
| allocated_storage | The allocated storage in gigabytes | string |
null |
no |
| allow_major_version_upgrade | Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible | bool |
false |
no |
| allowed_ip | List of allowed ip. | list(any) |
[] |
no |
| allowed_ports | List of allowed ingress ports | list(any) |
[] |
no |
| apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool |
false |
no |
| auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window | bool |
true |
no |
| availability_zone | The Availability Zone of the RDS instance | string |
null |
no |
| backup_retention_period | The days to retain backups for | number |
null |
no |
| backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window | string |
null |
no |
| blue_green_update | Enables low-downtime updates using RDS Blue/Green deployments. | map(string) |
{} |
no |
| ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string |
null |
no |
| character_set_name | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | string |
null |
no |
| cloudwatch_log_group_retention_in_days | The number of days to retain CloudWatch logs for the DB instance | number |
7 |
no |
| cloudwatch_log_group_tags | Additional tags for the cloudwatch log group | map(any) |
{} |
no |
| copy_tags_to_snapshot | On delete, copy all Instance tags to the final snapshot | bool |
true |
no |
| custom_iam_instance_profile | RDS custom iam instance profile | string |
null |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. | string |
"SYMMETRIC_DEFAULT" |
no |
| db_instance_read_tags | Additional tags for the DB instance | map(any) |
{} |
no |
| db_instance_this_tags | Additional tags for the DB instance | map(any) |
{} |
no |
| db_name | The DB name to create. If omitted, no database is created initially | string |
null |
no |
| db_option_group_tags | Additional tags for the DB option group | map(any) |
{} |
no |
| db_parameter_group_tags | Additional tags for the DB parameter group | map(any) |
{} |
no |
| db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string |
"" |
no |
| db_subnet_group_tags | Additional tags for the DB subnet group | map(any) |
{} |
no |
| delete_automated_backups | Specifies whether to remove automated backups immediately after the DB instance is deleted | bool |
true |
no |
| deletion_protection | The database can't be deleted when this value is set to true. | bool |
true |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource. | number |
7 |
no |
| delimiter | Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| domain | The ID of the Directory Service Active Directory domain to create the instance in | string |
null |
no |
| domain_iam_role_name | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | string |
null |
no |
| egress_rule | Enable to create egress rule | bool |
true |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | string |
true |
no |
| enable_security_group | Enable default Security Group with only Egress traffic allowed. | bool |
true |
no |
| enabled | Whether to create this resource or not? | bool |
true |
no |
| enabled_cloudwatch_log_group | Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports |
bool |
false |
no |
| enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) |
[] |
no |
| enabled_db_subnet_group | A list of enabled db subnet group | bool |
true |
no |
| enabled_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | bool |
false |
no |
| enabled_read_replica | A list of enabled read replica | bool |
true |
no |
| enabled_replica | A list of enabled replica | bool |
false |
no |
| engine | The database engine to use | string |
"mysql" |
no |
| engine_name | Specifies the name of the engine that this option group should be associated with | string |
"mysql" |
no |
| engine_version | The engine version to use | string |
null |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| family | The family of the DB parameter group | string |
null |
no |
| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool |
true |
no |
| identifier | The name of the RDS instance | string |
"" |
no |
| instance_class | The instance type of the RDS instance | string |
null |
no |
| iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' or gp3. See notes for limitations regarding this variable for gp3 |
number |
null |
no |
| is_enabled | Specifies whether the key is enabled. | bool |
true |
no |
| is_external | enable to udated existing security Group | bool |
false |
no |
| key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string |
"ENCRYPT_DECRYPT" |
no |
| kms_description | The description of the key as viewed in AWS console. | string |
"Parameter Store KMS master key" |
no |
| kms_key_enabled | Specifies whether the kms is enabled or disabled. | bool |
true |
no |
| kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used | string |
"" |
no |
| kms_multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool |
false |
no |
| label_order | Label order, e.g. name,application. |
list(any) |
[ |
no |
| license_model | License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 | string |
null |
no |
| maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | string |
null |
no |
| major_engine_version | Specifies the major version of the engine that this option group should be associated with | string |
null |
no |
| managedby | ManagedBy, eg 'slovink'. | string |
"slovink" |
no |
| max_allocated_storage | Specifies the value for Storage Autoscaling | number |
0 |
no |
| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | number |
0 |
no |
| monitoring_role_description | Description of the monitoring IAM role | string |
null |
no |
| monitoring_role_name | Name of the IAM role which will be created when create_monitoring_role is enabled. | string |
"rds-monitoring-role" |
no |
| monitoring_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the monitoring IAM role | string |
null |
no |
| multi_az | Specifies if the RDS instance is multi-AZ | bool |
false |
no |
| mysql_iam_role_tags | Additional tags for the mysql iam role | map(any) |
{} |
no |
| name | Name (e.g. app or cluster). |
string |
"" |
no |
| network_type | The type of network stack | string |
null |
no |
| option_group_description | The description of the option group | string |
null |
no |
| options | A list of Options to apply | any |
[] |
no |
| parameters | A list of DB parameter maps to apply | list(map(string)) |
[] |
no |
| password | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | string |
null |
no |
| performance_insights_enabled | Specifies whether Performance Insights are enabled | bool |
false |
no |
| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. | string |
null |
no |
| performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number |
7 |
no |
| port | The port on which the DB accepts connections | string |
null |
no |
| protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| publicly_accessible | Bool to control if instance is publicly accessible | bool |
false |
no |
| replica_instance_class | The instance type of the RDS instance | string |
"" |
no |
| replica_mode | Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified | string |
null |
no |
| replicate_source_db | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. | string |
null |
no |
| repository | Terraform current module repo | string |
"gir@github.com:slovink/terraform-aws-s3" |
no |
| restore_to_point_in_time | Restore to a point in time (MySQL is NOT supported) | map(string) |
null |
no |
| s3_import | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) |
null |
no |
| sg_description | The security group description. | string |
"Instance default security group (only egress access is allowed)." |
no |
| sg_egress_description | Description of the egress and ingress rule | string |
"Description of the rule." |
no |
| sg_egress_ipv6_description | Description of the egress_ipv6 rule | string |
"Description of the rule." |
no |
| sg_ids | of the security group id. | list(any) |
[] |
no |
| sg_ingress_description | Description of the ingress rule | string |
"Description of the ingress rule use elasticache." |
no |
| skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted | bool |
true |
no |
| snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | string |
"" |
no |
| ssm_parameter_description | SSM Parameters can be imported using. | string |
"Description of the parameter." |
no |
| ssm_parameter_endpoint_enabled | Name of the parameter. | bool |
false |
no |
| ssm_parameter_type | Type of the parameter. | string |
"SecureString" |
no |
| storage_encrypted | Specifies whether the DB instance is encrypted | bool |
true |
no |
| storage_throughput | Storage throughput value for the DB instance. This setting applies only to the gp3 storage type. See notes for limitations regarding this variable for gp3 |
number |
null |
no |
| storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), 'gp3' (new generation of general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. If you specify 'io1' or 'gp3' , you must also include a value for the 'iops' parameter | string |
null |
no |
| subnet_ids | A list of VPC Subnet IDs to launch in. | list(string) |
[] |
no |
| timeouts | Define maximum timeout for deletion of aws_db_option_group resource |
map(string) |
{} |
no |
| timezone | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | string |
null |
no |
| use_identifier_prefix | Determines whether to use identifier as is or create a unique identifier beginning with identifier as the specified prefix |
bool |
false |
no |
| username | Username for the master DB user | string |
null |
no |
| vpc_id | The ID of the VPC that the instance security group belongs to. | string |
"" |
no |
| Name | Description |
|---|---|
| db_instance_address | The address of the RDS instance |
| db_instance_arn | The ARN of the RDS instance |
| db_instance_availability_zone | The availability zone of the RDS instance |
| db_instance_ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance |
| db_instance_cloudwatch_log_groups | Map of CloudWatch log groups created and their attributes |
| db_instance_domain | The ID of the Directory Service Active Directory domain the instance is joined to |
| db_instance_domain_iam_role_name | The name of the IAM role to be used when making API calls to the Directory Service. |
| db_instance_endpoint | The connection endpoint |
| db_instance_engine | The database engine |
| db_instance_hosted_zone_id | The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record) |
| db_instance_id | The RDS instance ID |
| db_instance_name | The database name |
| db_instance_password | The master password |
| db_instance_port | n/a |
| db_instance_resource_id | The RDS Resource ID of this instance |
| db_instance_status | The RDS instance status |
| db_instance_username | The master username for the database |
| db_parameter_group_arn | The ARN of the db parameter group |
| db_parameter_group_id | The db parameter group id |
| db_subnet_group_id | The db subnet group name |
| db_subnet_group_name | The db subnet group name |
| enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the monitoring role |
| enhanced_monitoring_iam_role_name | The name of the monitoring role |