Skip to content
/ terraform-aws-rds-postgresql Public

Terraform module for simplified provisioning and management of AWS PostgreSQL

squareops.com
17 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

squareops/terraform-aws-rds-postgresql

BranchesTags

Repository files navigation

RDS PostgresQL

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This Terraform module provisions an Amazon RDS PostgreSQL database on AWS. Amazon RDS (Relational Database Service) is a managed database service that makes it easy to set up, operate, and scale a relational database in the cloud. This module focuses specifically on PostgreSQL database deployments.

Features

  1. Creates an Amazon RDS PostgreSQL database with customizable configurations.
  2. Supports various PostgreSQL versions and allows for easy updates.
  3. Configurable database instance class, storage capacity, and other PostgreSQL-specific settings.
  4. Provides options for enabling multi-AZ deployment for enhanced availability and disaster recovery.
  5. Allows customization of backup retention period and automated backups.
  6. Supports encryption at rest using AWS Key Management Service (KMS) for enhanced security.
  7. Enables fine-grained control over network access through security groups and VPC settings.
  8. Offers customizable tags for resource categorization and management.
  9. CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your RDS POstgresql status.
  10. Supports useful features to enable storage autoscaling and Replica configuration with desired number of replicas.

Usage Examples

module "rds-pg" {
  source                           = "squareops/rds-postgresql/aws"
  name                             = "postgresql"
  db_name                          = "proddb"
  vpc_id                           = "vpc-047eb8acfb73"
  multi_az                         = "true"
  subnet_ids                       = ["subnet-b39cfc", "subnet-090b8d8"]
  environment                      = "prod"
  storage_type                     = "gp3"
  replica_enable                   = false
  replica_count                    = 1
  kms_key_arn                      = "arn:aws:kms:region:2222222222:key/f8c8d802-a34b"
  storage_type                     = "gp3"
  engine_version                   = "15.2"
  instance_class                   = "db.m5.large"
  master_username                  = "pguser"
  allocated_storage                = "20"
  publicly_accessible              = false
  skip_final_snapshot              = true
  backup_window                    = "03:00-06:00"
  maintenance_window               = "Mon:00:00-Mon:03:00"
  major_engine_version             = "15.2"
  deletion_protection              = false
  allowed_security_groups          = ["sg-013cbf880"]
  final_snapshot_identifier_prefix = "final"
  cloudwatch_metric_alarms_enabled = true
  alarm_cpu_threshold_percent      = 70
  disk_free_storage_space          = "10000000" # in bytes
  slack_username                   = "John"
  slack_channel                    = "skaf-dev"
  slack_webhook_url                = "https://hooks/xxxxxxxx"
  custom_user_password             = "postgresqlpasswd"
}

Refer examples for more details.

IAM Permissions

The required IAM permissions to create resources from this module can be found here

Requirements

Name Version
terraform >= 0.13
aws 5.13.1

Providers

Name Version
archive n/a
aws 5.13.1
random n/a

Modules

Name Source Version
cw_sns_slack ./lambda n/a
db terraform-aws-modules/rds/aws 6.1.0
db_replica terraform-aws-modules/rds/aws 6.1.0
security_group_rds terraform-aws-modules/security-group/aws ~> 4

Resources

Name Type
aws_cloudwatch_metric_alarm.cache_cpu resource
aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low resource
aws_kms_ciphertext.slack_url resource
aws_kms_key.this resource
aws_lambda_permission.sns_lambda_slack_invoke resource
aws_secretsmanager_secret.secret_master_db resource
aws_secretsmanager_secret_version.rds_credentials resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
aws_sns_topic.slack_topic resource
aws_sns_topic_subscription.slack-endpoint resource
random_password.master resource
archive_file.lambdazip data source
aws_availability_zones.available data source
aws_region.current data source

Inputs

Name Description Type Default Required
additional_tags A map of additional tags to apply to the AWS resources map(string) 
{
  "automation": "true"
}
 no
alarm_actions Alarm action list list(string) [] no
alarm_cpu_threshold_percent CPU threshold alarm level number 75 no
allocated_storage The allocated storage capacity for the database in gibibytes (GiB) number 20 no
allowed_cidr_blocks A list of CIDR blocks that are allowed to access the database list(any) [] no
allowed_security_groups A list of Security Group IDs to allow access to the database list(any) [] no
apply_immediately Specifies whether any cluster modifications are applied immediately or during the next maintenance window bool false no
backup_retention_period The number of days to retain backups for number 5 no
backup_window The preferred window for taking automated backups of the database string "03:00-06:00" no
cloudwatch_metric_alarms_enabled Boolean flag to enable/disable CloudWatch metrics alarms bool false no
create_db_subnet_group Whether to create a database subnet group bool true no
create_security_group Whether to create a security group for the database bool true no
custom_user_password Custom password for the RDS master user string "" no
cw_sns_topic_arn The username to use when sending notifications to Slack. string "" no
db_name The name of the automatically created database on cluster creation string "" no
deletion_protection Specifies whether accidental deletion protection is enabled bool true no
disk_free_storage_space Alarm threshold for the 'lowFreeStorageSpace' alarm string "10000000000" no
enable_ssl_connection Whether to enable SSL connection to the database bool false no
enable_storage_autoscaling Whether enable storage autoscaling or not bool true no
engine The name of the database engine to be used for this DB cluster string "postgres" no
engine_version The database engine version. Updating this argument results in an outage string "" no
environment Select enviroment type: dev, demo, prod string "" no
family The version of the Postgresql DB family being created string "postgres15" no
final_snapshot_identifier_prefix The prefix name for the final snapshot on cluster destroy string "final" no
instance_class The instance type for the database string "db.m5.large" no
kms_key_arn The ARN for the KMS encryption key. Set this to the destination KMS ARN when creating an encrypted replica. If storage_encrypted is set to true and kms_key_id is not specified, the default KMS key created in your account will be used string null no
maintenance_window The preferred window for performing database maintenance string "Mon:00:00-Mon:03:00" no
major_engine_version The major engine version for the database. Updating this argument results in an outage string "" no
manage_master_user_password Whether to manage the master user password of the RDS primary cluster automatically bool false no
master_username The username for the RDS primary cluster string "" no
max_allocated_storage The Maximum storage capacity for the database value after autoscaling number null no
multi_az Enable multi-AZ for disaster recovery bool false no
name The name of the RDS instance string "" no
ok_actions The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) list(string) [] no
performance_insights_enabled Specifies whether Performance Insights are enabled bool false no
performance_insights_retention_period The amount of time in days to retain Performance Insights data. Valid values are 7, 731 (2 years) or a multiple of 31 number 7 no
port The port number for the database number 5432 no
publicly_accessible Specifies whether the RDS instance is publicly accessible over the internet bool false no
random_password_length The length of the randomly generated password for the RDS primary cluster (default: 16) number 16 no
replica_count The number of replica instance number 1 no
replica_enable Whether enable replica DB bool false no
replicate_source_db Specifies that this resource is a replicate database, and uses the specified value as the source database identifier string null no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB instance is deleted. If set to true, no DB snapshot is created. If set to false, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier bool true no
slack_channel The Slack channel where notifications will be posted. string "" no
slack_notification_enabled Whether to enable/disable slack notification. bool false no
slack_username The username to use when sending notifications to Slack. string "" no
slack_webhook_url The Slack Webhook URL where notifications will be sent. string "" no
snapshot_identifier Specifies whether to create the database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05 string null no
storage_encrypted Specifies whether to enable database encryption bool true no
storage_type The storage type for the database storage like gp2,gp3,io1 string "gp2" no
subnet_ids A list of subnet IDs used by the database subnet group list(any) [] no
vpc_id The ID of the VPC where the RDS cluster will be deployed string "" no

Outputs

Name Description
db_instance_endpoint Connection endpoint of the RDS instance.
db_instance_name Name of the database instance
db_instance_password Password for accessing the database.
db_instance_username Master username for accessing the database.
db_parameter_group_id ID of the parameter group associated with the RDS instance.
db_subnet_group_id ID of the subnet group associated with the RDS instance.
master_credential_secret_arn The ARN of the master user secret (Only available when manage_master_user_password is set to true)
rds_dedicated_security_group ID of the security group associated with the RDS instance.
replica_db_instance_endpoint Connection endpoint of the RDS instance.
replica_db_instance_name Name of the replica database s

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.

About

Terraform module for simplified provisioning and management of AWS PostgreSQL

squareops.com

Topics

aws database terraform postgresql postgresql-cluster rds postgresql-backup

Resources

Readme
Activity
Custom properties

Stars

17 stars

Watchers

1 watching

Forks

12 forks
Report repository

Releases 5

v1.1.2 Latest
Aug 30, 2024
+ 4 releases

Packages

No packages published

Contributors 9

Languages