├── LICENSE ├── MAINTAINERS.md ├── Makefile ├── README.md ├── alarms.tf ├── main.tf ├── outputs.tf ├── tests ├── .gitignore ├── .rspec ├── spec │ └── spec_helper.rb └── terraform │ ├── .gitignore │ ├── test-mysql-56.tf │ ├── test-mysql-57-autoscaling.tf │ ├── test-mysql-57.tf │ ├── test-postgres.tf │ └── vpc.tf └── variables.tf /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | ## Maintenance 2 | 3 | Maintainers: 4 | - `104corp` -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | .PHONY: default 3 | 4 | # 5 | default: help 6 | 7 | help: 8 | @echo 'Use "make " to build terraform module.' 9 | 10 | doc: 11 | @echo 'Build docs to README ...' 12 | terraform-docs markdown . > README.md 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AWS Aurora Serverless Terraform module 2 | 3 | ![Build Status](https://travis-ci.com/104corp/terraform-aws-aurora-serverless.svg?branch=master) ![LicenseBadge](https://img.shields.io/github/license/104corp/terraform-aws-aurora-serverless.svg) 4 | 5 | AWS Aurora DB Cluster for Serverless Terraform Module. 6 | 7 | Gives you: 8 | 9 | - A DB subnet group 10 | - An Aurora DB cluster 11 | - Optionally RDS 'Enhanced Monitoring' + associated required IAM role/policy (by simply setting the `monitoring_interval` param to > `0` 12 | - Optionally sensible alarms to SNS (high CPU, high connections, slow replication) 13 | 14 | ## Terraform version 15 | 16 | Terraform version 0.10.3 or newer is required for this module to work. 17 | 18 | ## Contributing 19 | 20 | Ensure any variables you add have a type and a description. 21 | This README is generated with [terraform-docs](https://github.com/segmentio/terraform-docs): 22 | 23 | `terraform-docs md . > README.md` 24 | 25 | ## Usage examples 26 | 27 | *It is recommended you always create a parameter group, even if it exactly matches the defaults.* 28 | Changing the parameter group in use requires a restart of the DB cluster, modifying parameters within a group 29 | may not (depending on the parameter being altered) 30 | 31 | ### Aurora 1.x (MySQL 5.6) 32 | 33 | ```hcl 34 | resource "aws_sns_topic" "db_alarms_56" { 35 | name = "aurora-db-alarms-56" 36 | } 37 | 38 | module "aurora_db_56" { 39 | source = "../.." 40 | name = "test-aurora-db-56" 41 | envname = "test56" 42 | envtype = "test" 43 | subnets = ["${module.vpc.private_subnets}"] 44 | azs = ["${module.vpc.availability_zones}"] 45 | security_groups = ["${aws_security_group.allow_all.id}"] 46 | username = "root" 47 | password = "changeme" 48 | backup_retention_period = "5" 49 | final_snapshot_identifier = "final-db-snapshot-prod" 50 | storage_encrypted = "true" 51 | apply_immediately = "true" 52 | monitoring_interval = "10" 53 | cw_alarms = true 54 | cw_sns_topic = "${aws_sns_topic.db_alarms_56.id}" 55 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_56_parameter_group.id}" 56 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_56_parameter_group.id}" 57 | } 58 | 59 | resource "aws_db_parameter_group" "aurora_db_56_parameter_group" { 60 | name = "test-aurora-db-56-parameter-group" 61 | family = "aurora5.6" 62 | description = "test-aurora-db-56-parameter-group" 63 | } 64 | 65 | resource "aws_rds_cluster_parameter_group" "aurora_cluster_56_parameter_group" { 66 | name = "test-aurora-56-cluster-parameter-group" 67 | family = "aurora5.6" 68 | description = "test-aurora-56-cluster-parameter-group" 69 | } 70 | ``` 71 | 72 | ### Aurora 2.x (MySQL 5.7) 73 | 74 | ```hcl 75 | resource "aws_sns_topic" "db_alarms" { 76 | name = "aurora-db-alarms" 77 | } 78 | 79 | module "aurora_db_57" { 80 | source = "../.." 81 | engine_version = "5.7.12" 82 | name = "test-aurora-db-57" 83 | envname = "test-57" 84 | envtype = "test" 85 | subnets = ["${module.vpc.private_subnets}"] 86 | azs = ["${module.vpc.availability_zones}"] 87 | security_groups = ["${aws_security_group.allow_all.id}"] 88 | username = "root" 89 | password = "changeme" 90 | backup_retention_period = "5" 91 | final_snapshot_identifier = "final-db-snapshot-prod" 92 | storage_encrypted = "true" 93 | apply_immediately = "true" 94 | monitoring_interval = "10" 95 | cw_alarms = true 96 | cw_sns_topic = "${aws_sns_topic.db_alarms.id}" 97 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_57_parameter_group.id}" 98 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_57_cluster_parameter_group.id}" 99 | } 100 | 101 | resource "aws_db_parameter_group" "aurora_db_57_parameter_group" { 102 | name = "test-aurora-db-57-parameter-group" 103 | family = "aurora-mysql5.7" 104 | description = "test-aurora-db-57-parameter-group" 105 | } 106 | 107 | resource "aws_rds_cluster_parameter_group" "aurora_57_cluster_parameter_group" { 108 | name = "test-aurora-57-cluster-parameter-group" 109 | family = "aurora-mysql5.7" 110 | description = "test-aurora-57-cluster-parameter-group" 111 | } 112 | ``` 113 | 114 | ### Aurora PostgreSQL 115 | 116 | ```hcl 117 | resource "aws_sns_topic" "db_alarms_postgres96" { 118 | name = "aurora-db-alarms-postgres96" 119 | } 120 | 121 | module "aurora_db_postgres96" { 122 | source = "../.." 123 | engine = "aurora-postgresql" 124 | engine_version = "9.6.3" 125 | name = "test-aurora-db-postgres96" 126 | envname = "test-pg96" 127 | envtype = "test" 128 | subnets = ["${module.vpc.private_subnets}"] 129 | azs = ["${module.vpc.availability_zones}"] 130 | security_groups = ["${aws_security_group.allow_all.id}"] 131 | username = "root" 132 | password = "changeme" 133 | backup_retention_period = "5" 134 | final_snapshot_identifier = "final-db-snapshot-prod" 135 | storage_encrypted = "true" 136 | apply_immediately = "true" 137 | monitoring_interval = "10" 138 | cw_alarms = true 139 | cw_sns_topic = "${aws_sns_topic.db_alarms_postgres96.id}" 140 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_postgres96_parameter_group.id}" 141 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_postgres96_parameter_group.id}" 142 | } 143 | 144 | resource "aws_db_parameter_group" "aurora_db_postgres96_parameter_group" { 145 | name = "test-aurora-db-postgres96-parameter-group" 146 | family = "aurora-postgresql9.6" 147 | description = "test-aurora-db-postgres96-parameter-group" 148 | } 149 | 150 | resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres96_parameter_group" { 151 | name = "test-aurora-postgres96-cluster-parameter-group" 152 | family = "aurora-postgresql9.6" 153 | description = "test-aurora-postgres96-cluster-parameter-group" 154 | } 155 | ``` 156 | 157 | ## Development 158 | 159 | Terraform modules on the Terraform Module Registry are open projects, and community contributions are essential for keeping them great. Please follow our guidelines when contributing changes. 160 | 161 | For more information, see our [module contribution guide](https://registry.terraform.io/modules/104corp/aurora-serverless/aws/). 162 | 163 | ## Contributors 164 | 165 | To see who's already involved, see the list of [contributors](https://github.com/104corp/terraform-aws-aurora-serverless/graphs/contributors). 166 | 167 | ## Inputs 168 | 169 | | Name | Description | Type | Default | Required | 170 | |------|-------------|:----:|:-----:|:-----:| 171 | | apply\_immediately | Determines whether or not any DB modifications are applied immediately, or during the maintenance window | string | `"false"` | no | 172 | | auto\_minor\_version\_upgrade | Determines whether minor engine upgrades will be performed automatically in the maintenance window | string | `"true"` | no | 173 | | auto\_pause | When to perform DB auto pause | string | `"true"` | no | 174 | | azs | List of AZs to use | list | n/a | yes | 175 | | backup\_retention\_period | How long to keep backups for (in days) | string | `"7"` | no | 176 | | cw\_alarms | Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified | string | `"false"` | no | 177 | | cw\_eval\_period\_connections | Evaluation period for the DB connections alarms | string | `"1"` | no | 178 | | cw\_eval\_period\_cpu | Evaluation period for the DB CPU alarms | string | `"2"` | no | 179 | | cw\_eval\_period\_replica\_lag | Evaluation period for the DB replica lag alarm | string | `"5"` | no | 180 | | cw\_max\_conns | Connection count beyond which to trigger a CloudWatch alarm | string | `"500"` | no | 181 | | cw\_max\_cpu | CPU threshold above which to alarm | string | `"85"` | no | 182 | | cw\_max\_replica\_lag | Maximum Aurora replica lag in milliseconds above which to alarm | string | `"2000"` | no | 183 | | cw\_sns\_topic | An SNS topic to publish CloudWatch alarms to | string | `"false"` | no | 184 | | database\_name | Master DB name | string | `""` | no | 185 | | db\_cluster\_parameter\_group\_name | The name of a DB Cluster parameter group to use | string | `"default.aurora5.6"` | no | 186 | | db\_parameter\_group\_name | The name of a DB parameter group to use | string | `"default.aurora5.6"` | no | 187 | | enabled | Whether the database resources should be created | string | `"true"` | no | 188 | | engine\_version | Aurora database engine version. | string | `"5.6.10a"` | no | 189 | | envname | Environment name (eg,test, stage or prod) | string | n/a | yes | 190 | | envtype | Environment type (eg,prod or nonprod) | string | n/a | yes | 191 | | final\_snapshot\_identifier | The name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. | string | `"final"` | no | 192 | | iam\_database\_authentication\_enabled | Whether to enable IAM database authentication for the RDS Cluster | string | `"false"` | no | 193 | | identifier\_prefix | Prefix for cluster identifier | string | `""` | no | 194 | | max\_capacity | The max capacity for database | string | `"8"` | no | 195 | | min\_capacity | The min capacity for database | string | `"2"` | no | 196 | | monitoring\_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | string | `"0"` | no | 197 | | name | Name given to DB subnet group | string | n/a | yes | 198 | | password | Master DB password | string | n/a | yes | 199 | | performance\_insights\_enabled | Whether to enable Performance Insights | string | `"false"` | no | 200 | | port | The port on which to accept connections | string | `"3306"` | no | 201 | | preferred\_backup\_window | When to perform DB backups | string | `"02:00-03:00"` | no | 202 | | preferred\_maintenance\_window | When to perform DB maintenance | string | `"sun:05:00-sun:06:00"` | no | 203 | | publicly\_accessible | Whether the DB should have a public IP address | string | `"false"` | no | 204 | | security\_groups | VPC Security Group IDs | list | n/a | yes | 205 | | skip\_final\_snapshot | Should a final snapshot be created on cluster destroy | string | `"false"` | no | 206 | | snapshot\_identifier | DB snapshot to create this database from | string | `""` | no | 207 | | storage\_encrypted | Specifies whether the underlying storage layer should be encrypted | string | `"true"` | no | 208 | | subnets | List of subnet IDs to use | list | n/a | yes | 209 | | username | Master DB username | string | `"root"` | no | 210 | | tags | Tags for the created resources | map | `{envname="${var.envname}", envtype="${var.envtype}"}` | no | 211 | 212 | ## Outputs 213 | 214 | | Name | Description | 215 | |------|-------------| 216 | | cluster\_endpoint | The 'writer' endpoint for the cluster | 217 | | cluster\_identifier | The ID of the RDS Cluster | 218 | | reader\_endpoint | A read-only endpoint for the Aurora cluster, automatically load-balanced across replicas | 219 | 220 | -------------------------------------------------------------------------------- /alarms.tf: -------------------------------------------------------------------------------- 1 | resource "aws_cloudwatch_metric_alarm" "alarm_rds_DatabaseConnections_writer" { 2 | count = "${var.enabled && var.cw_alarms ? 1 : 0}" 3 | alarm_name = "${aws_rds_cluster.default.id}-alarm-rds-writer-DatabaseConnections" 4 | comparison_operator = "GreaterThanOrEqualToThreshold" 5 | evaluation_periods = "${var.cw_eval_period_connections}" 6 | metric_name = "DatabaseConnections" 7 | namespace = "AWS/RDS" 8 | period = "60" 9 | statistic = "Sum" 10 | threshold = "${var.cw_max_conns}" 11 | alarm_description = "RDS Maximum connection Alarm for ${aws_rds_cluster.default.id} writer" 12 | alarm_actions = ["${var.cw_sns_topic}"] 13 | ok_actions = ["${var.cw_sns_topic}"] 14 | 15 | dimensions { 16 | DBClusterIdentifier = "${aws_rds_cluster.default.id}" 17 | Role = "WRITER" 18 | } 19 | } 20 | 21 | resource "aws_cloudwatch_metric_alarm" "alarm_rds_CPU_writer" { 22 | count = "${var.enabled && var.cw_alarms ? 1 : 0}" 23 | alarm_name = "${aws_rds_cluster.default.id}-alarm-rds-writer-CPU" 24 | comparison_operator = "GreaterThanOrEqualToThreshold" 25 | evaluation_periods = "${var.cw_eval_period_cpu}" 26 | metric_name = "CPUUtilization" 27 | namespace = "AWS/RDS" 28 | period = "60" 29 | statistic = "Maximum" 30 | threshold = "${var.cw_max_cpu}" 31 | alarm_description = "RDS CPU Alarm for ${aws_rds_cluster.default.id} writer" 32 | alarm_actions = ["${var.cw_sns_topic}"] 33 | ok_actions = ["${var.cw_sns_topic}"] 34 | 35 | dimensions { 36 | DBClusterIdentifier = "${aws_rds_cluster.default.id}" 37 | Role = "WRITER" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * # AWS Aurora Serverless Terraform module 3 | * 4 | * ![Build Status](https://travis-ci.com/104corp/terraform-aws-aurora-serverless.svg?branch=master) ![LicenseBadge](https://img.shields.io/github/license/104corp/terraform-aws-aurora-serverless.svg) 5 | * 6 | * AWS Aurora DB Cluster for Serverless Terraform Module. 7 | * 8 | * Gives you: 9 | * 10 | * - A DB subnet group 11 | * - An Aurora DB cluster 12 | * - Optionally RDS 'Enhanced Monitoring' + associated required IAM role/policy (by simply setting the `monitoring_interval` param to > `0` 13 | * - Optionally sensible alarms to SNS (high CPU, high connections, slow replication) 14 | * 15 | * ## Terraform version 16 | * 17 | * Terraform version 0.10.3 or newer is required for this module to work. 18 | * 19 | * ## Contributing 20 | * 21 | * Ensure any variables you add have a type and a description. 22 | * This README is generated with [terraform-docs](https://github.com/segmentio/terraform-docs): 23 | * 24 | * `terraform-docs md . > README.md` 25 | * 26 | * ## Usage examples 27 | * 28 | * *It is recommended you always create a parameter group, even if it exactly matches the defaults.* 29 | * Changing the parameter group in use requires a restart of the DB cluster, modifying parameters within a group 30 | * may not (depending on the parameter being altered) 31 | * 32 | * ### Aurora 1.x (MySQL 5.6) 33 | * 34 | * ```hcl 35 | * resource "aws_sns_topic" "db_alarms_56" { 36 | * name = "aurora-db-alarms-56" 37 | * } 38 | * 39 | * module "aurora_db_56" { 40 | * source = "../.." 41 | * name = "test-aurora-db-56" 42 | * envname = "test56" 43 | * envtype = "test" 44 | * subnets = ["${module.vpc.private_subnets}"] 45 | * azs = ["${module.vpc.availability_zones}"] 46 | * security_groups = ["${aws_security_group.allow_all.id}"] 47 | * username = "root" 48 | * password = "changeme" 49 | * backup_retention_period = "5" 50 | * final_snapshot_identifier = "final-db-snapshot-prod" 51 | * storage_encrypted = "true" 52 | * apply_immediately = "true" 53 | * monitoring_interval = "10" 54 | * cw_alarms = true 55 | * cw_sns_topic = "${aws_sns_topic.db_alarms_56.id}" 56 | * db_parameter_group_name = "${aws_db_parameter_group.aurora_db_56_parameter_group.id}" 57 | * db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_56_parameter_group.id}" 58 | * } 59 | * 60 | * resource "aws_db_parameter_group" "aurora_db_56_parameter_group" { 61 | * name = "test-aurora-db-56-parameter-group" 62 | * family = "aurora5.6" 63 | * description = "test-aurora-db-56-parameter-group" 64 | * } 65 | * 66 | * resource "aws_rds_cluster_parameter_group" "aurora_cluster_56_parameter_group" { 67 | * name = "test-aurora-56-cluster-parameter-group" 68 | * family = "aurora5.6" 69 | * description = "test-aurora-56-cluster-parameter-group" 70 | * } 71 | * ``` 72 | * 73 | * ### Aurora 2.x (MySQL 5.7) 74 | * 75 | * ```hcl 76 | * resource "aws_sns_topic" "db_alarms" { 77 | * name = "aurora-db-alarms" 78 | * } 79 | * 80 | * module "aurora_db_57" { 81 | * source = "../.." 82 | * engine_version = "5.7.12" 83 | * name = "test-aurora-db-57" 84 | * envname = "test-57" 85 | * envtype = "test" 86 | * subnets = ["${module.vpc.private_subnets}"] 87 | * azs = ["${module.vpc.availability_zones}"] 88 | * security_groups = ["${aws_security_group.allow_all.id}"] 89 | * username = "root" 90 | * password = "changeme" 91 | * backup_retention_period = "5" 92 | * final_snapshot_identifier = "final-db-snapshot-prod" 93 | * storage_encrypted = "true" 94 | * apply_immediately = "true" 95 | * monitoring_interval = "10" 96 | * cw_alarms = true 97 | * cw_sns_topic = "${aws_sns_topic.db_alarms.id}" 98 | * db_parameter_group_name = "${aws_db_parameter_group.aurora_db_57_parameter_group.id}" 99 | * db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_57_cluster_parameter_group.id}" 100 | * } 101 | * 102 | * resource "aws_db_parameter_group" "aurora_db_57_parameter_group" { 103 | * name = "test-aurora-db-57-parameter-group" 104 | * family = "aurora-mysql5.7" 105 | * description = "test-aurora-db-57-parameter-group" 106 | * } 107 | * 108 | * resource "aws_rds_cluster_parameter_group" "aurora_57_cluster_parameter_group" { 109 | * name = "test-aurora-57-cluster-parameter-group" 110 | * family = "aurora-mysql5.7" 111 | * description = "test-aurora-57-cluster-parameter-group" 112 | * } 113 | * ``` 114 | * 115 | * ### Aurora PostgreSQL 116 | * 117 | * ```hcl 118 | * resource "aws_sns_topic" "db_alarms_postgres96" { 119 | * name = "aurora-db-alarms-postgres96" 120 | * } 121 | * 122 | * module "aurora_db_postgres96" { 123 | * source = "../.." 124 | * engine = "aurora-postgresql" 125 | * engine_version = "9.6.3" 126 | * name = "test-aurora-db-postgres96" 127 | * envname = "test-pg96" 128 | * envtype = "test" 129 | * subnets = ["${module.vpc.private_subnets}"] 130 | * azs = ["${module.vpc.availability_zones}"] 131 | * security_groups = ["${aws_security_group.allow_all.id}"] 132 | * username = "root" 133 | * password = "changeme" 134 | * backup_retention_period = "5" 135 | * final_snapshot_identifier = "final-db-snapshot-prod" 136 | * storage_encrypted = "true" 137 | * apply_immediately = "true" 138 | * monitoring_interval = "10" 139 | * cw_alarms = true 140 | * cw_sns_topic = "${aws_sns_topic.db_alarms_postgres96.id}" 141 | * db_parameter_group_name = "${aws_db_parameter_group.aurora_db_postgres96_parameter_group.id}" 142 | * db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_postgres96_parameter_group.id}" 143 | * } 144 | * 145 | * resource "aws_db_parameter_group" "aurora_db_postgres96_parameter_group" { 146 | * name = "test-aurora-db-postgres96-parameter-group" 147 | * family = "aurora-postgresql9.6" 148 | * description = "test-aurora-db-postgres96-parameter-group" 149 | * } 150 | * 151 | * resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres96_parameter_group" { 152 | * name = "test-aurora-postgres96-cluster-parameter-group" 153 | * family = "aurora-postgresql9.6" 154 | * description = "test-aurora-postgres96-cluster-parameter-group" 155 | * } 156 | * ``` 157 | * 158 | * 159 | * ## Development 160 | * 161 | * Terraform modules on the Terraform Module Registry are open projects, and community contributions are essential for keeping them great. Please follow our guidelines when contributing changes. 162 | * 163 | * For more information, see our [module contribution guide](https://registry.terraform.io/modules/104corp/aurora-serverless/aws/). 164 | * 165 | * ## Contributors 166 | * 167 | * To see who's already involved, see the list of [contributors](https://github.com/104corp/terraform-aws-aurora-serverless/graphs/contributors). 168 | */ 169 | 170 | // Create DB Cluster 171 | resource "aws_rds_cluster" "default" { 172 | count = "${var.enabled ? 1 : 0}" 173 | cluster_identifier = "${var.identifier_prefix != "" ? format("%s-cluster", var.identifier_prefix) : format("%s-aurora-cluster", var.envname)}" 174 | availability_zones = ["${var.azs}"] 175 | 176 | engine = "aurora" 177 | engine_version = "${var.engine_version}" 178 | engine_mode = "serverless" 179 | 180 | database_name = "${var.database_name}" 181 | master_username = "${var.username}" 182 | master_password = "${var.password}" 183 | final_snapshot_identifier = "${var.final_snapshot_identifier}-${random_id.server.hex}" 184 | skip_final_snapshot = "${var.skip_final_snapshot}" 185 | backup_retention_period = "${var.backup_retention_period}" 186 | preferred_backup_window = "${var.preferred_backup_window}" 187 | preferred_maintenance_window = "${var.preferred_maintenance_window}" 188 | port = "${var.port}" 189 | db_subnet_group_name = "${aws_db_subnet_group.main.name}" 190 | vpc_security_group_ids = ["${var.security_groups}"] 191 | snapshot_identifier = "${var.snapshot_identifier}" 192 | storage_encrypted = "${var.storage_encrypted}" 193 | apply_immediately = "${var.apply_immediately}" 194 | db_cluster_parameter_group_name = "${var.db_cluster_parameter_group_name}" 195 | iam_database_authentication_enabled = "${var.iam_database_authentication_enabled}" 196 | 197 | scaling_configuration { 198 | auto_pause = "${var.auto_pause}" 199 | max_capacity = "${var.max_capacity}" 200 | min_capacity = "${var.min_capacity}" 201 | } 202 | 203 | lifecycle { 204 | create_before_destroy = true 205 | } 206 | 207 | tags = "${local.tags}" 208 | } 209 | 210 | // DB Subnet Group creation 211 | resource "aws_db_subnet_group" "main" { 212 | count = "${var.enabled ? 1 : 0}" 213 | name = "${var.name}" 214 | description = "Group of DB subnets" 215 | subnet_ids = ["${var.subnets}"] 216 | 217 | tags = "${local.tags}" 218 | } 219 | 220 | // Geneate an ID when an environment is initialised 221 | resource "random_id" "server" { 222 | count = "${var.enabled ? 1 : 0}" 223 | 224 | keepers = { 225 | id = "${aws_db_subnet_group.main.name}" 226 | } 227 | 228 | byte_length = 8 229 | } 230 | 231 | // IAM Role + Policy attach for Enhanced Monitoring 232 | data "aws_iam_policy_document" "monitoring-rds-assume-role-policy" { 233 | count = "${var.enabled ? 1 : 0}" 234 | 235 | statement { 236 | actions = ["sts:AssumeRole"] 237 | 238 | principals { 239 | type = "Service" 240 | identifiers = ["monitoring.rds.amazonaws.com"] 241 | } 242 | } 243 | } 244 | 245 | resource "aws_iam_role" "rds-enhanced-monitoring" { 246 | count = "${var.enabled && var.monitoring_interval > 0 ? 1 : 0}" 247 | name_prefix = "rds-enhanced-mon-${var.envname}-" 248 | assume_role_policy = "${data.aws_iam_policy_document.monitoring-rds-assume-role-policy.json}" 249 | } 250 | 251 | resource "aws_iam_role_policy_attachment" "rds-enhanced-monitoring-policy-attach" { 252 | count = "${var.enabled && var.monitoring_interval > 0 ? 1 : 0}" 253 | role = "${aws_iam_role.rds-enhanced-monitoring.name}" 254 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" 255 | } 256 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | // The 'writer' endpoint for the cluster 2 | output "cluster_endpoint" { 3 | value = "${join("", aws_rds_cluster.default.*.endpoint)}" 4 | } 5 | 6 | // A read-only endpoint for the Aurora cluster, automatically load-balanced across replicas 7 | output "reader_endpoint" { 8 | value = "${join("", aws_rds_cluster.default.*.reader_endpoint)}" 9 | } 10 | 11 | // The ID of the RDS Cluster 12 | output "cluster_identifier" { 13 | value = "${join("", aws_rds_cluster.default.*.id)}" 14 | } 15 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | terraform.tfstate* 3 | -------------------------------------------------------------------------------- /tests/.rspec: -------------------------------------------------------------------------------- 1 | --color 2 | --require spec_helper 3 | -------------------------------------------------------------------------------- /tests/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['AWS_PROFILE'] = ENV['AWS_DEFAULT_PROFILE'] 2 | 3 | Dir.chdir('terraform') { 4 | system('terraform get') or raise 'Terraform get failed' 5 | system('terraform apply') or raise 'Terraform apply failed' 6 | $terraform_output = JSON.parse(`terraform output --json`) 7 | } 8 | -------------------------------------------------------------------------------- /tests/terraform/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform* 2 | -------------------------------------------------------------------------------- /tests/terraform/test-mysql-56.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "db_alarms_56" { 2 | name = "aurora-db-alarms-56" 3 | } 4 | 5 | module "aurora_db_56" { 6 | source = "../.." 7 | name = "test-aurora-db-56" 8 | envname = "test56" 9 | envtype = "test" 10 | subnets = ["${module.vpc.private_subnets}"] 11 | azs = ["${module.vpc.availability_zones}"] 12 | replica_count = "1" 13 | security_groups = ["${aws_security_group.allow_all.id}"] 14 | instance_type = "db.t2.medium" 15 | username = "root" 16 | password = "changeme" 17 | backup_retention_period = "5" 18 | final_snapshot_identifier = "final-db-snapshot-prod" 19 | storage_encrypted = "true" 20 | apply_immediately = "true" 21 | monitoring_interval = "10" 22 | cw_alarms = true 23 | cw_sns_topic = "${aws_sns_topic.db_alarms_56.id}" 24 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_56_parameter_group.id}" 25 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_56_parameter_group.id}" 26 | iam_database_authentication_enabled = "true" 27 | } 28 | 29 | resource "aws_db_parameter_group" "aurora_db_56_parameter_group" { 30 | name = "test-aurora-db-56-parameter-group" 31 | family = "aurora5.6" 32 | description = "test-aurora-db-56-parameter-group" 33 | } 34 | 35 | resource "aws_rds_cluster_parameter_group" "aurora_cluster_56_parameter_group" { 36 | name = "test-aurora-56-cluster-parameter-group" 37 | family = "aurora5.6" 38 | description = "test-aurora-56-cluster-parameter-group" 39 | } 40 | -------------------------------------------------------------------------------- /tests/terraform/test-mysql-57-autoscaling.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "db_alarms_57_autoscaling" { 2 | name = "aurora-db-alarms-57-autoscaling" 3 | } 4 | 5 | module "aurora_db_57_autoscaling" { 6 | source = "../.." 7 | engine = "aurora-mysql" 8 | engine_version = "5.7.12" 9 | name = "aurora-my57-asg" 10 | envname = "test-57-asg" 11 | envtype = "test" 12 | subnets = ["${module.vpc.private_subnets}"] 13 | azs = ["${module.vpc.availability_zones}"] 14 | security_groups = ["${aws_security_group.allow_all.id}"] 15 | instance_type = "db.t2.medium" 16 | username = "root" 17 | password = "changeme" 18 | backup_retention_period = "5" 19 | final_snapshot_identifier = "final-db-snapshot-prod" 20 | storage_encrypted = "true" 21 | apply_immediately = "true" 22 | monitoring_interval = "10" 23 | cw_alarms = true 24 | cw_sns_topic = "${aws_sns_topic.db_alarms_57_autoscaling.id}" 25 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_57_autoscaling_parameter_group.id}" 26 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_57_autoscaling_cluster_parameter_group.id}" 27 | replica_scale_enabled = true 28 | replica_scale_min = "1" 29 | replica_scale_max = "1" 30 | replica_scale_cpu = "70" 31 | replica_scale_in_cooldown = "300" 32 | replica_scale_out_cooldown = "300" 33 | iam_database_authentication_enabled = "true" 34 | } 35 | 36 | resource "aws_db_parameter_group" "aurora_db_57_autoscaling_parameter_group" { 37 | name = "test-aurora-db-57-autoscaling-parameter-group" 38 | family = "aurora-mysql5.7" 39 | description = "test-aurora-db-57-autoscaling-parameter-group" 40 | } 41 | 42 | resource "aws_rds_cluster_parameter_group" "aurora_57_autoscaling_cluster_parameter_group" { 43 | name = "test-aurora-57-autoscaling-cluster-parameter-group" 44 | family = "aurora-mysql5.7" 45 | description = "test-aurora-57-autoscaling-cluster-parameter-group" 46 | } 47 | -------------------------------------------------------------------------------- /tests/terraform/test-mysql-57.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "db_alarms" { 2 | name = "aurora-db-alarms" 3 | } 4 | 5 | module "aurora_db_57" { 6 | source = "../.." 7 | engine = "aurora-mysql" 8 | engine_version = "5.7.12" 9 | name = "test-aurora-db-57" 10 | envname = "test-57" 11 | envtype = "test" 12 | subnets = ["${module.vpc.private_subnets}"] 13 | azs = ["${module.vpc.availability_zones}"] 14 | replica_count = "1" 15 | security_groups = ["${aws_security_group.allow_all.id}"] 16 | instance_type = "db.t2.medium" 17 | username = "root" 18 | password = "changeme" 19 | backup_retention_period = "5" 20 | final_snapshot_identifier = "final-db-snapshot-prod" 21 | storage_encrypted = "true" 22 | apply_immediately = "true" 23 | monitoring_interval = "10" 24 | cw_alarms = true 25 | cw_sns_topic = "${aws_sns_topic.db_alarms.id}" 26 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_57_parameter_group.id}" 27 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_57_cluster_parameter_group.id}" 28 | iam_database_authentication_enabled = "true" 29 | } 30 | 31 | resource "aws_db_parameter_group" "aurora_db_57_parameter_group" { 32 | name = "test-aurora-db-57-parameter-group" 33 | family = "aurora-mysql5.7" 34 | description = "test-aurora-db-57-parameter-group" 35 | } 36 | 37 | resource "aws_rds_cluster_parameter_group" "aurora_57_cluster_parameter_group" { 38 | name = "test-aurora-57-cluster-parameter-group" 39 | family = "aurora-mysql5.7" 40 | description = "test-aurora-57-cluster-parameter-group" 41 | } 42 | -------------------------------------------------------------------------------- /tests/terraform/test-postgres.tf: -------------------------------------------------------------------------------- 1 | resource "aws_sns_topic" "db_alarms_postgres96" { 2 | name = "aurora-db-alarms-postgres96" 3 | } 4 | 5 | module "aurora_db_postgres96" { 6 | source = "../.." 7 | engine = "aurora-postgresql" 8 | engine_version = "9.6.6" 9 | name = "test-aurora-db-postgres96" 10 | envname = "test-pg96" 11 | envtype = "test" 12 | subnets = ["${module.vpc.private_subnets}"] 13 | azs = ["${module.vpc.availability_zones}"] 14 | replica_count = "1" 15 | security_groups = ["${aws_security_group.allow_all.id}"] 16 | instance_type = "db.r4.large" 17 | username = "root" 18 | password = "changeme" 19 | backup_retention_period = "5" 20 | final_snapshot_identifier = "final-db-snapshot-prod" 21 | storage_encrypted = "true" 22 | apply_immediately = "true" 23 | monitoring_interval = "10" 24 | cw_alarms = true 25 | cw_sns_topic = "${aws_sns_topic.db_alarms_postgres96.id}" 26 | db_parameter_group_name = "${aws_db_parameter_group.aurora_db_postgres96_parameter_group.id}" 27 | db_cluster_parameter_group_name = "${aws_rds_cluster_parameter_group.aurora_cluster_postgres96_parameter_group.id}" 28 | iam_database_authentication_enabled = "false" 29 | } 30 | 31 | resource "aws_db_parameter_group" "aurora_db_postgres96_parameter_group" { 32 | name = "test-aurora-db-postgres96-parameter-group" 33 | family = "aurora-postgresql9.6" 34 | description = "test-aurora-db-postgres96-parameter-group" 35 | } 36 | 37 | resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres96_parameter_group" { 38 | name = "test-aurora-postgres96-cluster-parameter-group" 39 | family = "aurora-postgresql9.6" 40 | description = "test-aurora-postgres96-cluster-parameter-group" 41 | } 42 | -------------------------------------------------------------------------------- /tests/terraform/vpc.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "allow_all" { 2 | name = "allow_all" 3 | description = "Allow all HTTP/HTTPS traffic" 4 | vpc_id = "${module.vpc.vpc_id}" 5 | 6 | ingress { 7 | from_port = 0 8 | to_port = 0 9 | protocol = "icmp" 10 | cidr_blocks = ["0.0.0.0/0"] 11 | } 12 | 13 | ingress { 14 | from_port = 3306 15 | to_port = 3306 16 | protocol = "tcp" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | 20 | egress { 21 | from_port = 0 22 | to_port = 0 23 | protocol = "-1" 24 | cidr_blocks = ["0.0.0.0/0"] 25 | } 26 | } 27 | 28 | module "vpc" { 29 | source = "git::ssh://git@gogs.bashton.net/Bashton-Terraform-Modules/tf-aws-vpc-natgw.git" 30 | name = "test-aurora" 31 | ipv4_cidr = "10.0.0.0/16" 32 | public_ipv4_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 33 | private_ipv4_subnets = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"] 34 | azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] 35 | } 36 | 37 | output "vpc_id" { 38 | value = "${module.vpc.vpc_id}" 39 | } 40 | 41 | output "vpc_private_subnet_ids" { 42 | value = ["${module.vpc.private_subnets}"] 43 | } 44 | 45 | output "vpc_public_subnet_ids" { 46 | value = ["${module.vpc.public_subnets}"] 47 | } 48 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = "string" 3 | description = "Name given to DB subnet group" 4 | } 5 | 6 | variable "subnets" { 7 | type = "list" 8 | description = "List of subnet IDs to use" 9 | } 10 | 11 | variable "envname" { 12 | type = "string" 13 | description = "Environment name (eg,test, stage or prod)" 14 | } 15 | 16 | variable "envtype" { 17 | type = "string" 18 | description = "Environment type (eg,prod or nonprod)" 19 | } 20 | 21 | variable "identifier_prefix" { 22 | type = "string" 23 | default = "" 24 | description = "Prefix for cluster identifier" 25 | } 26 | 27 | variable "azs" { 28 | type = "list" 29 | description = "List of AZs to use" 30 | } 31 | 32 | variable "security_groups" { 33 | type = "list" 34 | description = "VPC Security Group IDs" 35 | } 36 | 37 | variable "publicly_accessible" { 38 | type = "string" 39 | default = "false" 40 | description = "Whether the DB should have a public IP address" 41 | } 42 | 43 | variable "database_name" { 44 | type = "string" 45 | default = "" 46 | description = "Master DB name" 47 | } 48 | 49 | variable "username" { 50 | default = "root" 51 | description = "Master DB username" 52 | } 53 | 54 | variable "password" { 55 | type = "string" 56 | description = "Master DB password" 57 | } 58 | 59 | variable "final_snapshot_identifier" { 60 | type = "string" 61 | default = "final" 62 | description = "The name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too." 63 | } 64 | 65 | variable "skip_final_snapshot" { 66 | type = "string" 67 | default = "false" 68 | description = "Should a final snapshot be created on cluster destroy" 69 | } 70 | 71 | variable "backup_retention_period" { 72 | type = "string" 73 | default = "7" 74 | description = "How long to keep backups for (in days)" 75 | } 76 | 77 | variable "preferred_backup_window" { 78 | type = "string" 79 | default = "02:00-03:00" 80 | description = "When to perform DB backups" 81 | } 82 | 83 | variable "preferred_maintenance_window" { 84 | type = "string" 85 | default = "sun:05:00-sun:06:00" 86 | description = "When to perform DB maintenance" 87 | } 88 | 89 | variable "auto_pause" { 90 | type = "string" 91 | default = "true" 92 | description = "When to perform DB auto pause" 93 | } 94 | 95 | variable "max_capacity" { 96 | type = "string" 97 | default = "8" 98 | description = "The max capacity for database" 99 | } 100 | 101 | variable "min_capacity" { 102 | type = "string" 103 | default = "2" 104 | description = "The min capacity for database" 105 | } 106 | 107 | variable "port" { 108 | type = "string" 109 | default = "3306" 110 | description = "The port on which to accept connections" 111 | } 112 | 113 | variable "apply_immediately" { 114 | type = "string" 115 | default = "false" 116 | description = "Determines whether or not any DB modifications are applied immediately, or during the maintenance window" 117 | } 118 | 119 | variable "monitoring_interval" { 120 | type = "string" 121 | default = 0 122 | description = "The interval (seconds) between points when Enhanced Monitoring metrics are collected" 123 | } 124 | 125 | variable "auto_minor_version_upgrade" { 126 | type = "string" 127 | default = "true" 128 | description = "Determines whether minor engine upgrades will be performed automatically in the maintenance window" 129 | } 130 | 131 | variable "db_parameter_group_name" { 132 | type = "string" 133 | default = "default.aurora5.6" 134 | description = "The name of a DB parameter group to use" 135 | } 136 | 137 | variable "db_cluster_parameter_group_name" { 138 | type = "string" 139 | default = "default.aurora5.6" 140 | description = "The name of a DB Cluster parameter group to use" 141 | } 142 | 143 | variable "snapshot_identifier" { 144 | type = "string" 145 | default = "" 146 | description = "DB snapshot to create this database from" 147 | } 148 | 149 | variable "storage_encrypted" { 150 | type = "string" 151 | default = "true" 152 | description = "Specifies whether the underlying storage layer should be encrypted" 153 | } 154 | 155 | variable "cw_alarms" { 156 | type = "string" 157 | default = false 158 | description = "Whether to enable CloudWatch alarms - requires `cw_sns_topic` is specified" 159 | } 160 | 161 | variable "cw_sns_topic" { 162 | type = "string" 163 | default = "false" 164 | description = "An SNS topic to publish CloudWatch alarms to" 165 | } 166 | 167 | variable "cw_max_conns" { 168 | type = "string" 169 | default = "500" 170 | description = "Connection count beyond which to trigger a CloudWatch alarm" 171 | } 172 | 173 | variable "cw_max_cpu" { 174 | type = "string" 175 | default = "85" 176 | description = "CPU threshold above which to alarm" 177 | } 178 | 179 | variable "cw_max_replica_lag" { 180 | type = "string" 181 | default = "2000" 182 | description = "Maximum Aurora replica lag in milliseconds above which to alarm" 183 | } 184 | 185 | variable "cw_eval_period_connections" { 186 | type = "string" 187 | default = "1" 188 | description = "Evaluation period for the DB connections alarms" 189 | } 190 | 191 | variable "cw_eval_period_cpu" { 192 | type = "string" 193 | default = "2" 194 | description = "Evaluation period for the DB CPU alarms" 195 | } 196 | 197 | variable "cw_eval_period_replica_lag" { 198 | type = "string" 199 | default = "5" 200 | description = "Evaluation period for the DB replica lag alarm" 201 | } 202 | 203 | variable "engine_version" { 204 | type = "string" 205 | default = "5.6.10a" 206 | description = "Aurora database engine version." 207 | } 208 | 209 | variable "performance_insights_enabled" { 210 | type = "string" 211 | default = false 212 | description = "Whether to enable Performance Insights" 213 | } 214 | 215 | variable "iam_database_authentication_enabled" { 216 | type = "string" 217 | default = false 218 | description = "Whether to enable IAM database authentication for the RDS Cluster" 219 | } 220 | 221 | variable "enabled" { 222 | type = "string" 223 | default = true 224 | description = "Whether the database resources should be created" 225 | } 226 | 227 | variable "tags" { 228 | type = "map" 229 | default = {} 230 | description = "A set of tags to attach to the created resources" 231 | } 232 | 233 | locals { 234 | default_tags = { 235 | "envname" = "${var.envname}" 236 | "envtype" = "${var.envtype}" 237 | } 238 | 239 | tags = "${merge(var.tags, local.default_tags)}" 240 | } 241 | --------------------------------------------------------------------------------