├── .deepsource.toml ├── .editorconfig ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── aurora-mysql-serverless │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── aurora-mysql │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── aurora-postgres-serverless │ ├── example.tf │ ├── outputs.tf │ └── versions.tf └── aurora-postgres │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | 3 | [[analyzers]] 4 | name = "terraform" -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | # Uses editorconfig to maintain consistent coding styles 3 | 4 | # top-most EditorConfig file 5 | root = true 6 | 7 | # Unix-style newlines with a newline ending every file 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | indent_style = space 13 | insert_final_newline = true 14 | max_line_length = 80 15 | trim_trailing_whitespace = true 16 | 17 | [*.{tf,tfvars}] 18 | indent_size = 2 19 | indent_style = space 20 | 21 | [*.md] 22 | max_line_length = 0 23 | trim_trailing_whitespace = false 24 | 25 | [Makefile] 26 | tab_width = 2 27 | indent_style = tab 28 | 29 | [COMMIT_EDITMSG] 30 | max_line_length = 0 31 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | 9 | - package-ecosystem: "github-actions" 10 | directory: "/" 11 | schedule: 12 | interval: "daily" 13 | open-pull-requests-limit: 3 14 | assignees: 15 | - "clouddrove-ci" 16 | reviewers: 17 | - "approvers" 18 | 19 | - package-ecosystem: "terraform" # See documentation for possible values 20 | directory: "/" # Location of package manifests 21 | schedule: 22 | interval: "weekly" 23 | # Add assignees 24 | assignees: 25 | - "clouddrove-ci" 26 | # Add reviewer 27 | reviewers: 28 | - "approvers" 29 | # Allow up to 3 open pull requests for pip dependencies 30 | open-pull-requests-limit: 3 31 | 32 | - package-ecosystem: "terraform" # See documentation for possible values 33 | directory: "/examples/aurora-mysql-serverless" # Location of package manifests 34 | schedule: 35 | interval: "weekly" 36 | # Add assignees 37 | assignees: 38 | - "clouddrove-ci" 39 | # Add reviewer 40 | reviewers: 41 | - "approvers" 42 | # Allow up to 3 open pull requests for pip dependencies 43 | open-pull-requests-limit: 3 44 | 45 | - package-ecosystem: "terraform" # See documentation for possible values 46 | directory: "/examples/aurora-mysql" # Location of package manifests 47 | schedule: 48 | interval: "weekly" 49 | # Add assignees 50 | assignees: 51 | - "clouddrove-ci" 52 | # Add reviewer 53 | reviewers: 54 | - "approvers" 55 | # Allow up to 3 open pull requests for pip dependencies 56 | open-pull-requests-limit: 3 57 | 58 | - package-ecosystem: "terraform" # See documentation for possible values 59 | directory: "/examples/aurora-postgres-serverless" # Location of package manifests 60 | schedule: 61 | interval: "weekly" 62 | # Add assignees 63 | assignees: 64 | - "clouddrove-ci" 65 | # Add reviewer 66 | reviewers: 67 | - "approvers" 68 | # Allow up to 3 open pull requests for pip dependencies 69 | open-pull-requests-limit: 3 70 | 71 | - package-ecosystem: "terraform" # See documentation for possible values 72 | directory: "/examples/aurora-postgres" # Location of package manifests 73 | schedule: 74 | interval: "weekly" 75 | # Add assignees 76 | assignees: 77 | - "clouddrove-ci" 78 | # Add reviewer 79 | reviewers: 80 | - "approvers" 81 | # Allow up to 3 open pull requests for pip dependencies 82 | open-pull-requests-limit: 3 83 | -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | name: Auto Assign PRs 2 | 3 | on: 4 | pull_request: 5 | types: [opened, reopened] 6 | 7 | workflow_dispatch: 8 | jobs: 9 | assign-pr: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 11 | secrets: 12 | GITHUB: ${{ secrets.GITHUB }} 13 | with: 14 | assignees: 'clouddrove-ci' 15 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'tf-checks-aaurora-postgres-serverless-example / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | name: changelog 2 | permissions: write-all 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | workflow_dispatch: 8 | jobs: 9 | call-workflow-changelog: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 11 | secrets: inherit 12 | with: 13 | branch: 'master' 14 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: Readme Workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | - 'docs/**' 9 | workflow_dispatch: 10 | jobs: 11 | README: 12 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 13 | secrets: 14 | TOKEN : ${{ secrets.GITHUB }} 15 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} 16 | -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | name: tf-checks 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-checks-aurora-mysql-serverless-example: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 10 | with: 11 | working_directory: './examples/aurora-mysql/' 12 | tf-checks-aurora-postgres-serverless-example: 13 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 14 | with: 15 | working_directory: './examples/aurora-mysql-serverless/' 16 | tf-checks-aurora-postgres-example: 17 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 18 | with: 19 | working_directory: './examples/aurora-postgres/' 20 | tf-checks-aaurora-postgres-serverless-example: 21 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 22 | with: 23 | working_directory: './examples/aurora-postgres-serverless/' 24 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | name: tf-lint 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-lint: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 10 | secrets: 11 | GITHUB: ${{ secrets.GITHUB }} 12 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | name: tfsec 2 | permissions: write-all 3 | on: 4 | pull_request: 5 | workflow_dispatch: 6 | jobs: 7 | tfsec: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 9 | secrets: inherit 10 | with: 11 | working_directory: '.' 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *~ 3 | 4 | # temporary files which can be created if a process still has a handle open of a deleted file 5 | .fuse_hidden* 6 | 7 | # KDE directory preferences 8 | .directory 9 | 10 | # Linux trash folder which might appear on any partition or disk 11 | .Trash-* 12 | 13 | # .nfs files are created when an open file is removed but is still being accessed 14 | .nfs* 15 | ### Eclipse template 16 | 17 | .metadata 18 | bin/ 19 | tmp/ 20 | *.tmp 21 | *.bak 22 | *.swp 23 | *~.nib 24 | local.properties 25 | .settings/ 26 | .loadpath 27 | .recommenders 28 | 29 | # External tool builders 30 | .externalToolBuilders/ 31 | 32 | # Locally stored "Eclipse launch configurations" 33 | *.launch 34 | 35 | # PyDev specific (Python IDE for Eclipse) 36 | *.pydevproject 37 | 38 | # CDT-specific (C/C++ Development Tooling) 39 | .cproject 40 | 41 | # Java annotation processor (APT) 42 | .factorypath 43 | 44 | # PDT-specific (PHP Development Tools) 45 | .buildpath 46 | 47 | # sbteclipse plugin 48 | .target 49 | 50 | # Tern plugin 51 | .tern-project 52 | 53 | # TeXlipse plugin 54 | .texlipse 55 | 56 | # STS (Spring Tool Suite) 57 | .springBeans 58 | 59 | # Code Recommenders 60 | .recommenders/ 61 | 62 | # Scala IDE specific (Scala & Java development for Eclipse) 63 | .cache-main 64 | .scala_dependencies 65 | .worksheet 66 | ### Windows template 67 | # Windows thumbnail cache files 68 | Thumbs.db 69 | ehthumbs.db 70 | ehthumbs_vista.db 71 | 72 | # Dump file 73 | *.stackdump 74 | 75 | # Folder config file 76 | [Dd]esktop.ini 77 | 78 | # Recycle Bin used on file shares 79 | $RECYCLE.BIN/ 80 | 81 | # Windows Installer files 82 | *.cab 83 | *.msi 84 | *.msm 85 | *.msp 86 | 87 | # Windows shortcuts 88 | *.lnk 89 | ### Ansible template 90 | *.retry 91 | ### macOS template 92 | # General 93 | .DS_Store 94 | .AppleDouble 95 | .LSOverride 96 | 97 | # Icon must end with two \r 98 | Icon 99 | 100 | # Thumbnails 101 | ._* 102 | 103 | # Files that might appear in the root of a volume 104 | .DocumentRevisions-V100 105 | .fseventsd 106 | .Spotlight-V100 107 | .TemporaryItems 108 | .Trashes 109 | .VolumeIcon.icns 110 | .com.apple.timemachine.donotpresent 111 | 112 | # Directories potentially created on remote AFP share 113 | .AppleDB 114 | .AppleDesktop 115 | Network Trash Folder 116 | Temporary Items 117 | .apdisk 118 | ### Archives template 119 | # It's better to unpack these files and commit the raw source because 120 | # git has its own built in compression methods. 121 | *.7z 122 | *.jar 123 | *.rar 124 | *.zip 125 | *.gz 126 | *.tgz 127 | *.bzip 128 | *.bz2 129 | *.xz 130 | *.lzma 131 | *.cab 132 | 133 | # Packing-only formats 134 | *.iso 135 | *.tar 136 | 137 | # Package management formats 138 | *.dmg 139 | *.xpi 140 | *.gem 141 | *.egg 142 | *.deb 143 | *.rpm 144 | *.msi 145 | *.msm 146 | *.msp 147 | ### JetBrains template 148 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm 149 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 150 | 151 | /.idea/ 152 | # User-specific stuff: 153 | .idea/**/workspace.xml 154 | .idea/**/tasks.xml 155 | .idea/dictionaries 156 | 157 | # Sensitive or high-churn files: 158 | .idea/**/dataSources/ 159 | .idea/**/dataSources.ids 160 | .idea/**/dataSources.xml 161 | .idea/**/dataSources.local.xml 162 | .idea/**/sqlDataSources.xml 163 | .idea/**/dynamic.xml 164 | .idea/**/uiDesigner.xml 165 | 166 | # Gradle: 167 | .idea/**/gradle.xml 168 | .idea/**/libraries 169 | 170 | # CMake 171 | cmake-build-debug/ 172 | 173 | # Mongo Explorer plugin: 174 | .idea/**/mongoSettings.xml 175 | 176 | ## File-based project format: 177 | *.iws 178 | 179 | ## Plugin-specific files: 180 | 181 | # IntelliJ 182 | out/ 183 | 184 | # mpeltonen/sbt-idea plugin 185 | .idea_modules/ 186 | # User-specific stuff: 187 | .idea/* 188 | # JIRA plugin 189 | atlassian-ide-plugin.xml 190 | 191 | # Cursive Clojure plugin 192 | .idea/replstate.xml 193 | 194 | # TFstste 195 | *.tfstate* 196 | 197 | deployment/_logs/ansible-log.json 198 | deployment/_logs/ansible-log.log 199 | deployment/_logs/facts/* 200 | deployment/_logs/retry/* 201 | _app/* 202 | ansible-log.json 203 | .terraform 204 | terraform.tfstate 205 | 206 | *.tfstate 207 | *.tfstate.backup 208 | *.iml 209 | *.terraform.lock.hcl 210 | *.lock.hcl 211 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | - id: tflint 9 | 10 | - repo: git://github.com/pre-commit/pre-commit-hooks 11 | rev: v4.0.1 # Use the ref you want to point at 12 | hooks: 13 | - id: end-of-file-fixer 14 | - id: trailing-whitespace 15 | - id: mixed-line-ending 16 | - id: check-byte-order-marker 17 | - id: check-executables-have-shebangs 18 | - id: check-merge-conflict 19 | - id: debug-statements 20 | - id: check-yaml 21 | - id: check-added-large-files 22 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.4.0] - 2023-07-18 8 | ### :sparkles: New Features 9 | - [`84949a9`](https://github.com/clouddrove/terraform-aws-aurora/commit/84949a9c5c6ddffc49b1d8b2c902d2aa706889e9) - auto changelog action added *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 10 | - [`736437d`](https://github.com/clouddrove/terraform-aws-aurora/commit/736437d214a9f2cc6396ee948ec8f14f7d83f47f) - added dependabot.yml file *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 11 | - [`98c68d7`](https://github.com/clouddrove/terraform-aws-aurora/commit/98c68d71eb948d99614c721836fbf7eb2de1dad9) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* 12 | - [`47813c4`](https://github.com/clouddrove/terraform-aws-aurora/commit/47813c4bbb15c8c4b6380d11ea9d3504b35a536e) - added new resources *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 13 | - [`921d6c2`](https://github.com/clouddrove/terraform-aws-aurora/commit/921d6c2daf95cd2fa029c02536736d3396c42de8) - added new resources *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 14 | 15 | ### :bug: Bug Fixes 16 | - [`7135d78`](https://github.com/clouddrove/terraform-aws-aurora/commit/7135d780eac61408d7620d046a54e29438607299) - added versions.tf and updated vpc tag *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 17 | 18 | 19 | ## [1.3.0] - 2023-02-20 20 | 21 | ## [1.0.3] - 2022-07-21 22 | ### :bug: Bug Fixes 23 | - [`3407df3`](https://github.com/clouddrove/terraform-aws-aurora/commit/3407df34f1c393091334bbb2a055e5ab1847870b) - use terraform letast version 24 | 25 | ## [1.0.2] - 2022-05-18 26 | ### :bug: Bug Fixes 27 | - [`0604b49`](https://github.com/clouddrove/terraform-aws-aurora/commit/0604b498e7ea922b6dffbd6a40da71bf0575c39c) - update aurora versions 28 | 29 | ## [1.0.1] - 2022-05-16 30 | ### :bug: Bug Fixes 31 | - [`bf15cd5`](https://github.com/clouddrove/terraform-aws-aurora/commit/bf15cd563fad1b70861d1837ad19446c55305892) - Fix. versions 32 | 33 | ## [0.15.1] - 2021-08-23 34 | ### :bug: Bug Fixes 35 | - [`e61e3c2`](https://github.com/clouddrove/terraform-aws-aurora/commit/e61e3c2897ecb2dd02f150b55b0683b179649a54) - update instance_type 36 | - [`d168d3c`](https://github.com/clouddrove/terraform-aws-aurora/commit/d168d3c735956c85e019b5d09bd4a8921f246ab3) - update new version 37 | - [`7afada8`](https://github.com/clouddrove/terraform-aws-aurora/commit/7afada8c0276434535c81fa92a8c821e61f80fde) - enable cloudwatch logs 38 | 39 | ## [0.15.0] - 2021-07-09 40 | ### :sparkles: New Features 41 | - [`1155fcc`](https://github.com/clouddrove/terraform-aws-aurora/commit/1155fccfaa4898dee1714f75fc86c5f4b7024ec4) - Add backtrack_window parameter to RDS Aurora Cluster resource. 42 | 43 | ## [0.14.1] - 2021-05-15 44 | ### :bug: Bug Fixes 45 | - [`98a5001`](https://github.com/clouddrove/terraform-aws-aurora/commit/98a50010c83aea51ce0e7e448f8e6e38e873ed3c) - Enable-monitoring-interval 46 | - [`c794321`](https://github.com/clouddrove/terraform-aws-aurora/commit/c79432101b410896044ec30dfbf13585f65b1a63) - iam_database_authentication_enabled 47 | 48 | ## [0.14.0] - 2021-04-27 49 | ### :bug: Bug Fixes 50 | - [`025c0a0`](https://github.com/clouddrove/terraform-aws-aurora/commit/025c0a00896bacbd7c4c51a6188f8161861d94ff) - enable-deletion-protection 51 | 52 | ## [0.12.6.1] - 2021-03-25 53 | 54 | ## [0.13.0] - 2020-10-26 55 | ### :bug: Bug Fixes 56 | - [`bf60188`](https://github.com/clouddrove/terraform-aws-aurora/commit/bf60188ab62708824081265d1c71007f48f06c72) - Mark serverless postgres as such 57 | - [`97d6417`](https://github.com/clouddrove/terraform-aws-aurora/commit/97d64178c5942921af8e3693c7a2245b38029ec4) - Upgrade terraform version to 0.14 and update 58 | 59 | ## [0.12.6] - 2020-06-19 60 | ### :bug: Bug Fixes 61 | - [`50ecda4`](https://github.com/clouddrove/terraform-aws-aurora/commit/50ecda4a576ecfb8f9a0bbc795bf52cd73c9e5f3) - Adding explicit to parameter group names 62 | - [`dc0b0bd`](https://github.com/clouddrove/terraform-aws-aurora/commit/dc0b0bde64ddba885da8b18c7ce09a63dee7fe5e) - upgraded and updated 63 | 64 | ## [0.12.5] - 2020-04-06 65 | ### :bug: Bug Fixes 66 | - [`48bfcd5`](https://github.com/clouddrove/terraform-aws-aurora/commit/48bfcd53769221e58a3e6925bdc3810bbc0065cc) - Updated Files 67 | - [`b5660c1`](https://github.com/clouddrove/terraform-aws-aurora/commit/b5660c15eacd53d10a0093cd466982efc72db464) - Initial Slave Commit 68 | 69 | ## [0.12.4] - 2020-03-30 70 | ### :bug: Bug Fixes 71 | - [`787af5b`](https://github.com/clouddrove/terraform-aws-aurora/commit/787af5bce358a912470862a4e9b7dd7d3df0aeca) - enable cloudwatch logs 72 | 73 | ## [0.12.3] - 2020-01-25 74 | ### :bug: Bug Fixes 75 | - [`1bb1dd2`](https://github.com/clouddrove/terraform-aws-aurora/commit/1bb1dd270c14b1b31e1af97d6267225f538212f4) - fix labels managedby variables 76 | 77 | ## [0.12.2] - 2019-12-29 78 | ### :bug: Bug Fixes 79 | - [`ced40d4`](https://github.com/clouddrove/terraform-aws-aurora/commit/ced40d4fd978f875456a78ff6796d9a8ebf2d5a2) - add bool option 80 | 81 | ## [0.12.1] - 2019-11-14 82 | ### :bug: Bug Fixes 83 | - [`cb495df`](https://github.com/clouddrove/terraform-aws-aurora/commit/cb495dff78ba09263984e097dff6ff44c358ebd3) - github action 84 | 85 | ## [0.12.0] - 2019-08-20 86 | ### :bug: Bug Fixes 87 | - [`1c55781`](https://github.com/clouddrove/terraform-aws-aurora/commit/1c55781e6185e6b1ab3c7f0d26ec341e1816b8bd) - change tags 88 | 89 | ## [0.11.0] - 2019-08-20 90 | ### :bug: Bug Fixes 91 | - [`78a5434`](https://github.com/clouddrove/terraform-aws-aurora/commit/78a5434d725c13bca7cafa48c0cfa42a773e61f9) - update output.tf file 92 | 93 | [0.11.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.11.0...master 94 | [0.12.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.0...master 95 | [0.12.1]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.1...master 96 | [0.12.2]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.2...master 97 | [0.12.3]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.3...master 98 | [0.12.4]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.4...master 99 | [0.12.5]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.5...master 100 | [0.12.6]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.12.6...master 101 | [0.13.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.13.0...master 102 | [0.12.6.1]: https://github.com/clouddrove/terraform-aws-aurora/releases/tag/0.12.6.1 103 | [0.14.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.14.0...master 104 | [0.14.1]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.14.1...master 105 | [0.15.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.15.0...master 106 | [0.15.1]: https://github.com/clouddrove/terraform-aws-aurora/compare/0.15.1...master 107 | [1.0.1]: https://github.com/clouddrove/terraform-aws-aurora/compare/1.0.1...master 108 | [1.0.2]: https://github.com/clouddrove/terraform-aws-aurora/compare/1.0.2...master 109 | [1.0.3]: https://github.com/clouddrove/terraform-aws-aurora/compare/1.0.3...master 110 | [1.3.0]: https://github.com/clouddrove/terraform-aws-aurora/releases/tag/1.3.0 111 | [1.4.0]: https://github.com/clouddrove/terraform-aws-aurora/compare/1.3.0...1.4.0 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website] 3 |

4 | Terraform AWS Aurora 5 |

6 | 7 |

8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |

10 | 11 | 12 |

13 | 14 | 15 | Latest Release 16 | 17 | 18 | tfsec 19 | 20 | 21 | Licence 22 | 23 | 24 | Changelog 25 | 26 | 27 | 28 |

29 |

30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |

45 |
46 | 47 | 48 | We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. 49 | 50 | 51 | This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. 52 | 53 | 54 | 55 | 56 | ## Prerequisites and Providers 57 | 58 | This table contains both Prerequisites and Providers: 59 | 60 | | Description | Name | Version | 61 | |:-------------:|:-------------------------------------------:|:---------:| 62 | | **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.6 | 63 | | **Provider** | [aws](https://aws.amazon.com/) | >= 5.31.0 | 64 | 65 | 66 | 67 | 68 | 69 | ## Examples 70 | 71 | **IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-aurora/releases). 72 | 73 | 📌 For additional usage examples, check the complete list under [`examples/`](./examples) directory. 74 | 75 | 76 | 77 | ## Inputs and Outputs 78 | 79 | Refer to complete documentation: [here](docs/io.md) 80 | 81 | 82 | 93 | 94 | 95 | ## Module Dependencies 96 | 97 | This module has dependencies on: 98 | - [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. 99 | 100 | 101 | ## 📑 Changelog 102 | 103 | Refer [here](CHANGELOG.md). 104 | 105 | 106 | 107 | 108 | ## ✨ Contributors 109 | 110 | Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 111 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): 119 | 120 | - **Fork the Repository:** Create a new branch for your feature or bug fix. 121 | - **Coding Standards:** You know the drill. 122 | - **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. 123 | - **Thorough Testing:** Test your changes thoroughly before submitting a pull request. 124 | - **Documentation Updates:** Include relevant documentation updates if your changes impact it. 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | ## Feedback 139 | Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-aurora/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 140 | 141 | Show some love with a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-aurora)! if our work has brightened your day! – your feedback fuels our journey! 142 | 143 | 144 | ## :rocket: Our Accomplishment 145 | 146 | We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. 147 | 148 | - [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. 149 | 150 | - [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 151 | 152 | - [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. 153 | 154 | 155 | 156 | 157 | ## Join Our Slack Community 158 | 159 | Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. 160 | Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. 161 | 162 | 🌐💬What you'll get after joining this Slack community: 163 | 164 | - 🚀 Encouragement to upgrade your best version. 165 | - 🌈 Learning companionship with our DevOps squad. 166 | - 🌱 Relentless growth with daily updates on new advancements in technologies. 167 | 168 | Join our tech elites [Join Now][slack] 🚀 169 | 170 | 171 | ## Explore Our Blogs 172 | 173 | Click [here][blog] :books: :star2: 174 | 175 | ## Tap into our capabilities 176 | We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 177 | 178 | At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com). 179 | 180 |

We are The Cloud Experts!

181 |
182 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name : Terraform AWS Aurora 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-aurora 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-aurora.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-aurora/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-aurora/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-aurora/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.6" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.31.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | # description of this project 47 | description: |- 48 | Terraform module which creates RDS Aurora database resources on AWS and can create different type of databases. Currently it supports Postgres and MySQL. 49 | 50 | # How to use this project 51 | usage : |- 52 | Here are some examples of how you can use this module in your inventory structure: 53 | 54 | ### Aurora MySQL 55 | ```hcl 56 | module "aurora" { 57 | source = "clouddrove/aurora/aws" 58 | version = "1.3.0" 59 | 60 | name = "mysql" 61 | environment = "test" 62 | engine = "aurora-mysql" 63 | engine_version = "8.0" 64 | master_username = "root" 65 | database_name = "test-db" 66 | sg_ids = [] 67 | allowed_ports = [3306] 68 | allowed_ip = [module.vpc.vpc_cidr_block, "0.0.0.0/0"] 69 | instances = { 70 | 1 = { 71 | instance_class = "db.r5.large" 72 | publicly_accessible = true 73 | } 74 | 2 = { 75 | identifier = "mysql-static-1" 76 | instance_class = "db.r5.2xlarge" 77 | } 78 | 3 = { 79 | identifier = "mysql-excluded-1" 80 | instance_class = "db.r5.xlarge" 81 | promotion_tier = 15 82 | } 83 | } 84 | 85 | vpc_id = module.vpc.vpc_id 86 | db_subnet_group_name = "mysql-aurora" 87 | security_group_rules = { 88 | vpc_ingress = { 89 | cidr_blocks = module.subnets.public_subnet_id 90 | } 91 | } 92 | 93 | apply_immediately = true 94 | skip_final_snapshot = true 95 | subnets = module.subnets.public_subnet_id 96 | 97 | create_db_cluster_parameter_group = true 98 | db_cluster_parameter_group_name = "aurora-mysql" 99 | db_cluster_parameter_group_family = "aurora-mysql8.0" 100 | db_cluster_parameter_group_description = "mysql aurora example cluster parameter group" 101 | db_cluster_parameter_group_parameters = [ 102 | { 103 | name = "connect_timeout" 104 | value = 120 105 | apply_method = "immediate" 106 | }, { 107 | name = "innodb_lock_wait_timeout" 108 | value = 300 109 | apply_method = "immediate" 110 | }, { 111 | name = "log_output" 112 | value = "FILE" 113 | apply_method = "immediate" 114 | }, { 115 | name = "max_allowed_packet" 116 | value = "67108864" 117 | apply_method = "immediate" 118 | }, { 119 | name = "aurora_parallel_query" 120 | value = "OFF" 121 | apply_method = "pending-reboot" 122 | }, { 123 | name = "binlog_format" 124 | value = "ROW" 125 | apply_method = "pending-reboot" 126 | }, { 127 | name = "log_bin_trust_function_creators" 128 | value = 1 129 | apply_method = "immediate" 130 | }, { 131 | name = "require_secure_transport" 132 | value = "ON" 133 | apply_method = "immediate" 134 | }, { 135 | name = "tls_version" 136 | value = "TLSv1.2" 137 | apply_method = "pending-reboot" 138 | } 139 | ] 140 | 141 | create_db_parameter_group = true 142 | db_parameter_group_name = "aurora-mysql" 143 | db_parameter_group_family = "aurora-mysql8.0" 144 | db_parameter_group_description = "mysql aurora example DB parameter group" 145 | db_parameter_group_parameters = [ 146 | { 147 | name = "connect_timeout" 148 | value = 60 149 | apply_method = "immediate" 150 | }, { 151 | name = "general_log" 152 | value = 0 153 | apply_method = "immediate" 154 | }, { 155 | name = "innodb_lock_wait_timeout" 156 | value = 300 157 | apply_method = "immediate" 158 | }, { 159 | name = "log_output" 160 | value = "FILE" 161 | apply_method = "pending-reboot" 162 | }, { 163 | name = "long_query_time" 164 | value = 5 165 | apply_method = "immediate" 166 | }, { 167 | name = "max_connections" 168 | value = 2000 169 | apply_method = "immediate" 170 | }, { 171 | name = "slow_query_log" 172 | value = 1 173 | apply_method = "immediate" 174 | }, { 175 | name = "log_bin_trust_function_creators" 176 | value = 1 177 | apply_method = "immediate" 178 | } 179 | ] 180 | 181 | enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"] 182 | 183 | } 184 | 185 | ``` 186 | ### Aurora Postgres 187 | ```hcl 188 | module "postgres" { 189 | source = "clouddrove/aurora/aws" 190 | name = "postgresql" 191 | environment = "test" 192 | engine = "aurora-postgresql" 193 | engine_version = "14.7" 194 | master_username = "root" 195 | storage_type = "aurora-iopt1" 196 | sg_ids = [] 197 | allowed_ports = [5432] 198 | subnets = module.public_subnets.public_subnet_id 199 | allowed_ip = [module.vpc.vpc_cidr_block, "0.0.0.0/0"] 200 | instances = { 201 | 1 = { 202 | instance_class = "db.r5.2xlarge" 203 | publicly_accessible = true 204 | } 205 | 2 = { 206 | identifier = "static-member-1" 207 | instance_class = "db.r5.2xlarge" 208 | } 209 | 3 = { 210 | identifier = "excluded-member-1" 211 | instance_class = "db.r5.large" 212 | promotion_tier = 15 213 | } 214 | } 215 | 216 | endpoints = { 217 | static = { 218 | identifier = "static-custom-endpt" 219 | type = "ANY" 220 | static_members = ["static-member-1"] 221 | tags = { Endpoint = "static-members" } 222 | } 223 | excluded = { 224 | identifier = "excluded-custom-endpt" 225 | type = "READER" 226 | excluded_members = ["excluded-member-1"] 227 | tags = { Endpoint = "excluded-members" } 228 | } 229 | } 230 | 231 | vpc_id = module.vpc.vpc_id 232 | db_subnet_group_name = "aurora-postgre" 233 | database_name = "postgres" 234 | security_group_rules = { 235 | vpc_ingress = { 236 | cidr_blocks = module.public_subnets.public_subnet_id 237 | } 238 | egress_example = { 239 | cidr_blocks = ["10.33.0.0/28"] 240 | description = "Egress to corporate printer closet" 241 | } 242 | } 243 | 244 | apply_immediately = true 245 | skip_final_snapshot = true 246 | 247 | create_db_cluster_parameter_group = true 248 | db_cluster_parameter_group_name = "aurora-postgre" 249 | db_cluster_parameter_group_family = "aurora-postgresql14" 250 | db_cluster_parameter_group_description = "aurora postgres example cluster parameter group" 251 | db_cluster_parameter_group_parameters = [ 252 | { 253 | name = "log_min_duration_statement" 254 | value = 4000 255 | apply_method = "immediate" 256 | }, { 257 | name = "rds.force_ssl" 258 | value = 1 259 | apply_method = "immediate" 260 | } 261 | ] 262 | create_db_parameter_group = true 263 | db_parameter_group_name = "aurora-postgre" 264 | db_parameter_group_family = "aurora-postgresql14" 265 | db_parameter_group_description = "postgres aurora example DB parameter group" 266 | db_parameter_group_parameters = [ 267 | { 268 | name = "log_min_duration_statement" 269 | value = 4000 270 | apply_method = "immediate" 271 | } 272 | ] 273 | 274 | enabled_cloudwatch_logs_exports = ["postgresql"] 275 | create_cloudwatch_log_group = true 276 | 277 | } 278 | ``` 279 | ### Aurora Serverless MySQL 280 | ```hcl 281 | module "aurora" { 282 | source = "clouddrove/aurora/aws" 283 | version = "1.3.0" 284 | name = "mysql" 285 | environment = "test" 286 | engine = "aurora-mysql" 287 | engine_mode = "provisioned" 288 | engine_version = "8.0" 289 | master_username = "root" 290 | database_name = "test-db" 291 | sg_ids = [] 292 | allowed_ports = [3306] 293 | allowed_ip = [module.vpc.vpc_cidr_block, "0.0.0.0/0"] 294 | vpc_id = module.vpc.vpc_id 295 | db_subnet_group_name = "mysql-aurora-serverless" 296 | subnets = module.subnets.public_subnet_id 297 | security_group_rules = { 298 | vpc_ingress = { 299 | cidr_blocks = module.subnets.public_subnet_id 300 | } 301 | } 302 | 303 | monitoring_interval = 60 304 | 305 | apply_immediately = true 306 | skip_final_snapshot = true 307 | 308 | serverlessv2_scaling_configuration = { 309 | min_capacity = 2 310 | max_capacity = 10 311 | } 312 | 313 | instance_class = "db.serverless" 314 | instances = { 315 | one = {} 316 | two = {} 317 | } 318 | 319 | } 320 | 321 | ``` 322 | ### Aurora Serverless Postgres 323 | ```hcl 324 | module "postgres" { 325 | source = "clouddrove/aurora/aws" 326 | version = "1.3.0" 327 | name = "postgresql" 328 | environment = "test" 329 | engine = "aurora-postgresql" 330 | engine_mode = "provisioned" 331 | engine_version = "14.5" 332 | master_username = "root" 333 | database_name = "postgres" 334 | 335 | 336 | vpc_id = module.vpc.vpc_id 337 | subnets = module.subnets.public_subnet_id 338 | sg_ids = [] 339 | allowed_ports = [5432] 340 | db_subnet_group_name = "auror-postgres-serverless" 341 | allowed_ip = [module.vpc.vpc_cidr_block, "0.0.0.0/0"] 342 | security_group_rules = { 343 | vpc_ingress = { 344 | cidr_blocks = module.subnets.public_subnet_id 345 | } 346 | } 347 | 348 | monitoring_interval = 60 349 | 350 | apply_immediately = true 351 | skip_final_snapshot = true 352 | 353 | serverlessv2_scaling_configuration = { 354 | min_capacity = 2 355 | max_capacity = 10 356 | } 357 | 358 | instance_class = "db.serverless" 359 | instances = { 360 | one = {} 361 | two = {} 362 | } 363 | 364 | } 365 | ``` 366 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | allocated\_storage | The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (This setting is required to create a Multi-AZ DB cluster) | `number` | `null` | no | 6 | | allow\_major\_version\_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to `false` | `bool` | `false` | no | 7 | | allowed\_ip | List of allowed ip. | `list(any)` | `[]` | no | 8 | | allowed\_ports | List of allowed ingress ports | `list(any)` | `[]` | no | 9 | | apply\_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` | `bool` | `null` | no | 10 | | auth | n/a | `any` | `{}` | no | 11 | | auto\_minor\_version\_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true` | `bool` | `null` | no | 12 | | autoscaling\_enabled | Determines whether autoscaling of the cluster read replicas is enabled | `bool` | `false` | no | 13 | | autoscaling\_max\_capacity | Maximum number of read replicas permitted when autoscaling is enabled | `number` | `2` | no | 14 | | autoscaling\_min\_capacity | Minimum number of read replicas permitted when autoscaling is enabled | `number` | `0` | no | 15 | | autoscaling\_policy\_name | Autoscaling policy name | `string` | `"target-metric"` | no | 16 | | autoscaling\_scale\_in\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | `number` | `300` | no | 17 | | autoscaling\_scale\_out\_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | `number` | `300` | no | 18 | | autoscaling\_target\_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max\_connections | `number` | `700` | no | 19 | | autoscaling\_target\_cpu | CPU threshold which will initiate autoscaling | `number` | `70` | no | 20 | | availability\_zones | List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply | `list(string)` | `null` | no | 21 | | backtrack\_window | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | `number` | `null` | no | 22 | | backup\_retention\_period | The days to retain backups for. Default `7` | `number` | `7` | no | 23 | | ca\_cert\_identifier | The identifier of the CA certificate for the DB instance | `string` | `null` | no | 24 | | cidr\_blocks | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | 25 | | cluster\_members | List of RDS Instances that are a part of this cluster | `list(string)` | `null` | no | 26 | | cluster\_tags | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | `map(string)` | `{}` | no | 27 | | cluster\_timeouts | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no | 28 | | connection\_borrow\_timeout | (Optional) The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. | `number` | `null` | no | 29 | | copy\_tags\_to\_snapshot | Copy all Cluster `tags` to snapshots | `bool` | `null` | no | 30 | | create | Whether cluster should be created (affects nearly all resources) | `bool` | `true` | no | 31 | | create\_db\_cluster\_parameter\_group | Determines whether a cluster parameter should be created or use existing | `bool` | `false` | no | 32 | | create\_db\_parameter\_group | Determines whether a DB parameter should be created or use existing | `bool` | `false` | no | 33 | | create\_db\_proxy | (Optional) Set this to true to create RDS Proxy. | `bool` | `false` | no | 34 | | create\_monitoring\_role | Determines whether to create the IAM role for RDS enhanced monitoring | `bool` | `true` | no | 35 | | database\_name | Name for an automatically created database on cluster creation | `string` | `""` | no | 36 | | db\_cluster\_db\_instance\_parameter\_group\_name | Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade` | `string` | `null` | no | 37 | | db\_cluster\_instance\_class | The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines | `string` | `null` | no | 38 | | db\_cluster\_parameter\_group\_description | The description of the DB cluster parameter group. Defaults to "Managed by Terraform" | `string` | `null` | no | 39 | | db\_cluster\_parameter\_group\_family | The family of the DB cluster parameter group | `string` | `""` | no | 40 | | db\_cluster\_parameter\_group\_name | The name of the DB cluster parameter group | `string` | `null` | no | 41 | | db\_cluster\_parameter\_group\_parameters | A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other | `list(map(string))` | `[]` | no | 42 | | db\_parameter\_group\_description | The description of the DB parameter group. Defaults to "Managed by Terraform" | `string` | `null` | no | 43 | | db\_parameter\_group\_family | The family of the DB parameter group | `string` | `""` | no | 44 | | db\_parameter\_group\_name | The name of the DB parameter group | `string` | `null` | no | 45 | | db\_parameter\_group\_parameters | A list of DB parameters to apply. Note that parameters may differ from a family to an other | `list(map(string))` | `[]` | no | 46 | | debug\_logging | (Optional) Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs. | `bool` | `false` | no | 47 | | deletion\_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | `bool` | `null` | no | 48 | | egress\_protocol | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `number` | `-1` | no | 49 | | egress\_rule | Enable to create egress rule | `bool` | `true` | no | 50 | | enable | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | 51 | | enable\_default\_proxy\_iam\_role | (OPTIONAL) Set this to false to pass your own IAM Role for RDS Proxy. | `bool` | `true` | no | 52 | | enable\_global\_write\_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster | `bool` | `null` | no | 53 | | enable\_http\_endpoint | Enable HTTP endpoint (data API). Only valid when engine\_mode is set to `serverless` | `bool` | `null` | no | 54 | | enable\_security\_group | Enable default Security Group with only Egress traffic allowed. | `bool` | `true` | no | 55 | | enabled\_cloudwatch\_logs\_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` | `list(string)` | `[]` | no | 56 | | enabled\_subnet\_group | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | 57 | | endpoints | Map of additional cluster endpoints and their attributes to be created | `any` | `{}` | no | 58 | | engine | The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql` | `string` | `null` | no | 59 | | engine\_family | (Required, Forces new resource) The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, specify SQLSERVER. Valid values are MYSQL, POSTGRESQL, and SQLSERVER. | `string` | `"POSTGRESQL"` | no | 60 | | engine\_mode | The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned` | `string` | `"provisioned"` | no | 61 | | engine\_version | The database engine version. Updating this argument results in an outage | `string` | `null` | no | 62 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 63 | | final\_snapshot\_identifier | The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made | `string` | `null` | no | 64 | | from\_port | (Required) Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no | 65 | | global\_cluster\_identifier | The global cluster identifier specified on `aws_rds_global_cluster` | `string` | `null` | no | 66 | | iam\_database\_authentication\_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | `bool` | `null` | no | 67 | | iam\_role\_description | Description of the monitoring role | `string` | `null` | no | 68 | | iam\_role\_force\_detach\_policies | Whether to force detaching any policies the monitoring role has before destroying it | `bool` | `null` | no | 69 | | iam\_role\_managed\_policy\_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | `list(string)` | `null` | no | 70 | | iam\_role\_max\_session\_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | `number` | `null` | no | 71 | | iam\_role\_path | Path for the monitoring role | `string` | `null` | no | 72 | | iam\_role\_permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | `string` | `null` | no | 73 | | iam\_roles | Map of IAM roles and supported feature names to associate with the cluster | `map(map(string))` | `{}` | no | 74 | | idle\_client\_timeout | (Optional) The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database. | `number` | `1800` | no | 75 | | init\_query | (Optional) One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2. | `string` | `""` | no | 76 | | instance\_class | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | `string` | `""` | no | 77 | | instance\_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | `map(string)` | `{}` | no | 78 | | instances | Map of cluster instances and any specific/overriding attributes to be created | `any` | `{}` | no | 79 | | instances\_use\_identifier\_prefix | Determines whether cluster instance identifiers are used as prefixes | `bool` | `false` | no | 80 | | iops | The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster | `number` | `null` | no | 81 | | ipv6\_cidr\_blocks | Enable to create egress rule | `list(string)` | 
[
  "::/0"
]
| no | 82 | | is\_primary\_cluster | Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters) | `bool` | `true` | no | 83 | | kms\_key\_id | The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true` | `string` | `null` | no | 84 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | 85 | | manage\_master\_user\_password | Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password` is provided | `bool` | `true` | no | 86 | | managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | 87 | | master\_user\_secret\_kms\_key\_id | The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key | `string` | `null` | no | 88 | | master\_username | Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database | `string` | `null` | no | 89 | | max\_connections\_percent | (Optional) The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max\_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. | `number` | `100` | no | 90 | | max\_idle\_connections\_percent | (Optional) Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max\_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. | `number` | `null` | no | 91 | | monitoring\_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disable. Default is `0` | `number` | `0` | no | 92 | | monitoring\_role\_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | `string` | `""` | no | 93 | | monitoring\_role\_name | Name of the IAM role which will be created when create\_monitoring\_role is enabled. | `string` | `"rds-monitoring-role"` | no | 94 | | mysql\_iam\_role\_tags | Additional tags for the mysql iam role | `map(any)` | `{}` | no | 95 | | name | Name (e.g. `app` or `cluster`). | `string` | n/a | yes | 96 | | network\_type | The type of network stack to use (IPV4 or DUAL) | `string` | `null` | no | 97 | | performance\_insights\_enabled | Specifies whether Performance Insights is enabled or not | `bool` | `null` | no | 98 | | performance\_insights\_kms\_key\_id | The ARN for the KMS key to encrypt Performance Insights data | `string` | `null` | no | 99 | | performance\_insights\_retention\_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | `number` | `null` | no | 100 | | port | The port on which the DB accepts connections | `string` | `null` | no | 101 | | predefined\_metric\_type | The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections` | `string` | `"RDSReaderAverageCPUUtilization"` | no | 102 | | preferred\_backup\_window | The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC | `string` | `"02:00-03:00"` | no | 103 | | preferred\_maintenance\_window | The weekly time range during which system maintenance can occur, in (UTC) | `string` | `"sun:05:00-sun:06:00"` | no | 104 | | protocol | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no | 105 | | proxy\_endpoints | Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`) | `any` | `{}` | no | 106 | | proxy\_iam\_role\_description | Description of the monitoring role | `string` | `null` | no | 107 | | proxy\_iam\_role\_path | Path for the monitoring role | `string` | `null` | no | 108 | | proxy\_role\_arn | (OPTIONAL) ARN of RDS proxy IAM Role. Can only be set when `enable_default_proxy_iam_role` is set to `false`. | `string` | `""` | no | 109 | | proxy\_sg\_ids | (Optional) One or more VPC security group IDs to associate with the new proxy. | `list(string)` | `[]` | no | 110 | | proxy\_subnet\_ids | (Required) One or more VPC subnet IDs to associate with the new proxy. | `list(string)` | `[]` | no | 111 | | publicly\_accessible | Determines whether instances are publicly accessible. Default `false` | `bool` | `false` | no | 112 | | replication\_source\_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | `string` | `null` | no | 113 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-aurora"` | no | 114 | | require\_tls | (Optional) A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy. | `bool` | `false` | no | 115 | | restore\_to\_point\_in\_time | Map of nested attributes for cloning Aurora cluster | `map(string)` | `{}` | no | 116 | | s3\_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | `map(string)` | `{}` | no | 117 | | scaling\_configuration | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | `map(string)` | `{}` | no | 118 | | serverlessv2\_scaling\_configuration | Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned` | `map(string)` | `{}` | no | 119 | | session\_pinning\_filters | (Optional) Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is EXCLUDE\_VARIABLE\_SETS. | `list(string)` | `[]` | no | 120 | | sg\_description | The security group description. | `string` | `"Instance default security group (only egress access is allowed)."` | no | 121 | | sg\_egress\_description | Description of the egress and ingress rule | `string` | `"Description of the rule."` | no | 122 | | sg\_egress\_ipv6\_description | Description of the egress\_ipv6 rule | `string` | `"Description of the rule."` | no | 123 | | sg\_ids | of the security group id. | `list(any)` | `[]` | no | 124 | | sg\_ingress\_description | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no | 125 | | skip\_final\_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | `bool` | `false` | no | 126 | | snapshot\_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | `string` | `null` | no | 127 | | source\_region | The source region for an encrypted replica DB cluster | `string` | `null` | no | 128 | | storage\_encrypted | Specifies whether the DB cluster is encrypted. The default is `true` | `bool` | `true` | no | 129 | | storage\_type | Specifies the storage type to be associated with the DB cluster. (This setting is required to create a Multi-AZ DB cluster). Valid values: `io1`, Default: `io1` | `string` | `null` | no | 130 | | subnets | List of subnet IDs used by database subnet group created | `list(string)` | `[]` | no | 131 | | tags | A map of tags to add to all resources | `map(string)` | `{}` | no | 132 | | to\_port | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `number` | `65535` | no | 133 | | vpc\_id | ID of the VPC where to create security group | `string` | `""` | no | 134 | | vpc\_security\_group\_ids | List of VPC security groups to associate to the cluster in addition to the security group created | `list(string)` | `[]` | no | 135 | 136 | ## Outputs 137 | 138 | | Name | Description | 139 | |------|-------------| 140 | | additional\_cluster\_endpoints | A map of additional cluster endpoints and their attributes | 141 | | cluster\_arn | Amazon Resource Name (ARN) of cluster | 142 | | cluster\_database\_name | Name for an automatically created database on cluster creation | 143 | | cluster\_endpoint | Writer endpoint for the cluster | 144 | | cluster\_engine\_version\_actual | The running version of the cluster database | 145 | | cluster\_hosted\_zone\_id | The Route53 Hosted Zone ID of the endpoint | 146 | | cluster\_id | The RDS Cluster Identifier | 147 | | cluster\_instances | A map of cluster instances and their attributes | 148 | | cluster\_master\_password | The database master password | 149 | | cluster\_master\_user\_secret | The generated database master user secret when `manage_master_user_password` is set to `true` | 150 | | cluster\_master\_username | The database master username | 151 | | cluster\_members | List of RDS Instances that are a part of this cluster | 152 | | cluster\_port | The database port | 153 | | cluster\_reader\_endpoint | A read-only endpoint for the cluster, automatically load-balanced across replicas | 154 | | cluster\_resource\_id | The RDS Cluster Resource ID | 155 | | cluster\_role\_associations | A map of IAM roles associated with the cluster and their attributes | 156 | | db\_cluster\_parameter\_group\_arn | The ARN of the DB cluster parameter group created | 157 | | db\_cluster\_parameter\_group\_id | The ID of the DB cluster parameter group created | 158 | | db\_parameter\_group\_arn | The ARN of the DB parameter group created | 159 | | db\_parameter\_group\_id | The ID of the DB parameter group created | 160 | | enhanced\_monitoring\_iam\_role\_arn | The Amazon Resource Name (ARN) specifying the enhanced monitoring role | 161 | | enhanced\_monitoring\_iam\_role\_name | The name of the enhanced monitoring role | 162 | | enhanced\_monitoring\_iam\_role\_unique\_id | Stable and unique string identifying the enhanced monitoring role | 163 | | proxy\_arn | The Amazon Resource Name (ARN) for the proxy | 164 | | proxy\_default\_target\_group\_arn | The Amazon Resource Name (ARN) for the default target group | 165 | | proxy\_default\_target\_group\_id | The ID for the default target group | 166 | | proxy\_default\_target\_group\_name | The name of the default target group | 167 | | proxy\_endpoint | The endpoint that you can use to connect to the proxy | 168 | | proxy\_iam\_policy\_name | The name of the policy attached to RDS Proxy IAM Role. | 169 | | proxy\_iam\_role\_arn | Amazon Resource Name (ARN) specifying the RDS Proxy role. | 170 | | proxy\_iam\_role\_name | Name of the RDS Proxy IAM Role. | 171 | | proxy\_iam\_role\_unique\_id | Stable and unique string identifying the RDS Proxy role. | 172 | | proxy\_id | The ID of the rds proxy | 173 | | proxy\_name | Identifier representing the DB Instance or DB Cluster target | 174 | | proxy\_target\_endpoint | Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type | 175 | | proxy\_target\_id | Identifier of `db_proxy_name`, `target_group_name`, target type (e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`), and resource identifier separated by forward slashes (/) | 176 | | proxy\_target\_port | Port for the target RDS DB Instance or Aurora DB Cluster | 177 | | proxy\_target\_target\_arn | Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API | 178 | | proxy\_target\_tracked\_cluster\_id | DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS\_INSTANCE target that is part of a DB Cluster | 179 | | proxy\_target\_type | Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER` | 180 | | security\_group\_id | The security group ID of the cluster | 181 | 182 | -------------------------------------------------------------------------------- /examples/aurora-mysql-serverless/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-north-1" 3 | } 4 | 5 | locals { 6 | environment = "test" 7 | name = "aurora-mysql-serverless" 8 | } 9 | ##----------------------------------------------------------------------------- 10 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. 11 | ##----------------------------------------------------------------------------- 12 | module "vpc" { 13 | source = "clouddrove/vpc/aws" 14 | version = "2.0.0" 15 | name = local.name 16 | environment = local.environment 17 | cidr_block = "172.16.0.0/16" 18 | } 19 | 20 | ##------------------------------------------------------------------------------ 21 | ## A subnet is a range of IP addresses in your VPC. 22 | ##------------------------------------------------------------------------------ 23 | #tfsec:ignore:aws-ec2-no-excessive-port-access # All ports are allowed by default but can be changed via variables. 24 | #tfsec:ignore:aws-ec2-no-public-ingress-acl # Public ingress is allowed from all network but can be restricted by using variables. 25 | module "subnets" { 26 | source = "clouddrove/subnet/aws" 27 | version = "2.0.1" 28 | name = local.name 29 | environment = local.environment 30 | availability_zones = ["eu-north-1b", "eu-north-1c"] 31 | vpc_id = module.vpc.vpc_id 32 | cidr_block = module.vpc.vpc_cidr_block 33 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 34 | type = "public" 35 | igw_id = module.vpc.igw_id 36 | } 37 | 38 | ##----------------------------------------------------------------------------- 39 | ## MySQL Serverless 40 | ##----------------------------------------------------------------------------- 41 | module "aurora_mysql" { 42 | source = "../../" 43 | name = local.name 44 | environment = local.environment 45 | engine = "aurora-mysql" 46 | engine_mode = "provisioned" 47 | engine_version = "8.0" 48 | master_username = "root" 49 | database_name = "test" 50 | sg_ids = [] 51 | allowed_ports = [3306] 52 | allowed_ip = [module.vpc.vpc_cidr_block] 53 | vpc_id = module.vpc.vpc_id 54 | subnets = module.subnets.public_subnet_id 55 | 56 | monitoring_interval = 60 57 | apply_immediately = true 58 | skip_final_snapshot = true 59 | serverlessv2_scaling_configuration = { 60 | min_capacity = 2 61 | max_capacity = 10 62 | } 63 | instance_class = "db.serverless" 64 | instances = { 65 | one = {} 66 | two = {} 67 | } 68 | 69 | } 70 | 71 | -------------------------------------------------------------------------------- /examples/aurora-mysql-serverless/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # Cluster 3 | ################################################################################ 4 | 5 | output "cluster_arn" { 6 | description = "Amazon Resource Name (ARN) of cluster" 7 | value = module.aurora_mysql.cluster_arn 8 | } 9 | 10 | output "cluster_id" { 11 | description = "The RDS Cluster Identifier" 12 | value = module.aurora_mysql.cluster_id 13 | } 14 | 15 | output "cluster_resource_id" { 16 | description = "The RDS Cluster Resource ID" 17 | value = module.aurora_mysql.cluster_resource_id 18 | } 19 | 20 | output "cluster_members" { 21 | description = "List of RDS Instances that are a part of this cluster" 22 | value = module.aurora_mysql.cluster_members 23 | } 24 | 25 | output "cluster_endpoint" { 26 | description = "Writer endpoint for the cluster" 27 | value = module.aurora_mysql.cluster_endpoint 28 | } 29 | 30 | output "cluster_reader_endpoint" { 31 | description = "A read-only endpoint for the cluster, automatically load-balanced across replicas" 32 | value = module.aurora_mysql.cluster_reader_endpoint 33 | } 34 | 35 | -------------------------------------------------------------------------------- /examples/aurora-mysql-serverless/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/aurora-mysql/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-north-1" 3 | } 4 | 5 | locals { 6 | environment = "test" 7 | name = "aurora-mysql" 8 | } 9 | ##----------------------------------------------------------------------------- 10 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. 11 | ##----------------------------------------------------------------------------- 12 | module "vpc" { 13 | source = "clouddrove/vpc/aws" 14 | version = "2.0.0" 15 | name = local.name 16 | environment = local.environment 17 | cidr_block = "172.16.0.0/16" 18 | } 19 | 20 | ##------------------------------------------------------------------------------ 21 | ## A subnet is a range of IP addresses in your VPC. 22 | ##------------------------------------------------------------------------------ 23 | #tfsec:ignore:aws-ec2-no-excessive-port-access # All ports are allowed by default but can be changed via variables. 24 | #tfsec:ignore:aws-ec2-no-public-ingress-acl # Public ingress is allowed from all network but can be restricted by using variables. 25 | module "subnets" { 26 | source = "clouddrove/subnet/aws" 27 | version = "2.0.1" 28 | name = local.name 29 | environment = local.environment 30 | availability_zones = ["eu-north-1b", "eu-north-1c"] 31 | vpc_id = module.vpc.vpc_id 32 | cidr_block = module.vpc.vpc_cidr_block 33 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 34 | type = "public" 35 | igw_id = module.vpc.igw_id 36 | } 37 | 38 | ##----------------------------------------------------------------------------- 39 | ## RDS Aurora Module 40 | ##----------------------------------------------------------------------------- 41 | module "aurora" { 42 | source = "../../" 43 | name = local.name 44 | environment = local.environment 45 | engine = "aurora-mysql" 46 | engine_version = "8.0" 47 | master_username = "root" 48 | database_name = "test" 49 | sg_ids = [] 50 | allowed_ports = [3306] 51 | allowed_ip = [module.vpc.vpc_cidr_block] 52 | instances = { 53 | 1 = { 54 | instance_class = "db.r5.large" 55 | publicly_accessible = false 56 | } 57 | 2 = { 58 | identifier = "mysql-static-1" 59 | instance_class = "db.r5.2xlarge" 60 | } 61 | 3 = { 62 | identifier = "mysql-excluded-1" 63 | instance_class = "db.r5.xlarge" 64 | promotion_tier = 15 65 | } 66 | } 67 | 68 | vpc_id = module.vpc.vpc_id 69 | 70 | apply_immediately = true 71 | skip_final_snapshot = true 72 | subnets = module.subnets.public_subnet_id 73 | 74 | create_db_cluster_parameter_group = true 75 | db_cluster_parameter_group_name = "aurora-mysql" 76 | db_cluster_parameter_group_family = "aurora-mysql8.0" 77 | db_cluster_parameter_group_parameters = [ 78 | { 79 | name = "connect_timeout" 80 | value = 120 81 | apply_method = "immediate" 82 | }, { 83 | name = "innodb_lock_wait_timeout" 84 | value = 300 85 | apply_method = "immediate" 86 | }, { 87 | name = "log_output" 88 | value = "FILE" 89 | apply_method = "immediate" 90 | }, { 91 | name = "max_allowed_packet" 92 | value = "67108864" 93 | apply_method = "immediate" 94 | }, { 95 | name = "binlog_format" 96 | value = "ROW" 97 | apply_method = "pending-reboot" 98 | }, { 99 | name = "log_bin_trust_function_creators" 100 | value = 1 101 | apply_method = "immediate" 102 | }, { 103 | name = "require_secure_transport" 104 | value = "ON" 105 | apply_method = "immediate" 106 | }, { 107 | name = "tls_version" 108 | value = "TLSv1.2" 109 | apply_method = "pending-reboot" 110 | } 111 | ] 112 | 113 | create_db_parameter_group = true 114 | db_parameter_group_name = "aurora-mysql" 115 | db_parameter_group_family = "aurora-mysql8.0" 116 | db_parameter_group_description = "mysql aurora example DB parameter group" 117 | db_parameter_group_parameters = [ 118 | { 119 | name = "connect_timeout" 120 | value = 60 121 | apply_method = "immediate" 122 | }, { 123 | name = "general_log" 124 | value = 0 125 | apply_method = "immediate" 126 | }, { 127 | name = "innodb_lock_wait_timeout" 128 | value = 300 129 | apply_method = "immediate" 130 | }, { 131 | name = "long_query_time" 132 | value = 5 133 | apply_method = "immediate" 134 | }, { 135 | name = "max_connections" 136 | value = 2000 137 | apply_method = "immediate" 138 | }, { 139 | name = "slow_query_log" 140 | value = 1 141 | apply_method = "immediate" 142 | }, { 143 | name = "log_bin_trust_function_creators" 144 | value = 1 145 | apply_method = "immediate" 146 | } 147 | ] 148 | 149 | enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"] 150 | } 151 | 152 | -------------------------------------------------------------------------------- /examples/aurora-mysql/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # Cluster 3 | ################################################################################ 4 | 5 | output "cluster_arn" { 6 | description = "Amazon Resource Name (ARN) of cluster" 7 | value = module.aurora.cluster_arn 8 | } 9 | 10 | output "cluster_id" { 11 | description = "The RDS Cluster Identifier" 12 | value = module.aurora.cluster_id 13 | } 14 | 15 | output "cluster_resource_id" { 16 | description = "The RDS Cluster Resource ID" 17 | value = module.aurora.cluster_resource_id 18 | } 19 | 20 | output "cluster_members" { 21 | description = "List of RDS Instances that are a part of this cluster" 22 | value = module.aurora.cluster_members 23 | } 24 | 25 | output "cluster_endpoint" { 26 | description = "Writer endpoint for the cluster" 27 | value = module.aurora.cluster_endpoint 28 | } 29 | 30 | output "cluster_reader_endpoint" { 31 | description = "A read-only endpoint for the cluster, automatically load-balanced across replicas" 32 | value = module.aurora.cluster_reader_endpoint 33 | } 34 | 35 | output "cluster_master_password" { 36 | description = "The database master password" 37 | value = module.aurora.cluster_master_password 38 | sensitive = true 39 | } 40 | -------------------------------------------------------------------------------- /examples/aurora-mysql/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/aurora-postgres-serverless/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-north-1" 3 | } 4 | 5 | locals { 6 | environment = "test" 7 | name = "aurora-postgres-serverless" 8 | } 9 | ##----------------------------------------------------------------------------- 10 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. 11 | ##----------------------------------------------------------------------------- 12 | module "vpc" { 13 | source = "clouddrove/vpc/aws" 14 | version = "2.0.0" 15 | name = local.name 16 | environment = local.environment 17 | cidr_block = "172.16.0.0/16" 18 | } 19 | 20 | ##------------------------------------------------------------------------------ 21 | ## A subnet is a range of IP addresses in your VPC. 22 | ##------------------------------------------------------------------------------ 23 | #tfsec:ignore:aws-ec2-no-excessive-port-access # All ports are allowed by default but can be changed via variables. 24 | #tfsec:ignore:aws-ec2-no-public-ingress-acl # Public ingress is allowed from all network but can be restricted by using variables. 25 | module "subnets" { 26 | source = "clouddrove/subnet/aws" 27 | version = "2.0.1" 28 | name = local.name 29 | environment = local.environment 30 | availability_zones = ["eu-north-1b", "eu-north-1c"] 31 | vpc_id = module.vpc.vpc_id 32 | cidr_block = module.vpc.vpc_cidr_block 33 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 34 | type = "public" 35 | igw_id = module.vpc.igw_id 36 | } 37 | 38 | 39 | ##----------------------------------------------------------------------------- 40 | ## PostgreSQL Serverless 41 | ##----------------------------------------------------------------------------- 42 | module "aurora_postgresql" { 43 | source = "../../" 44 | name = local.name 45 | environment = local.environment 46 | engine = "aurora-postgresql" 47 | engine_mode = "provisioned" 48 | engine_version = "14.5" 49 | master_username = "root" 50 | database_name = "postgres" 51 | vpc_id = module.vpc.vpc_id 52 | subnets = module.subnets.public_subnet_id 53 | sg_ids = [] 54 | allowed_ports = [5432] 55 | allowed_ip = [module.vpc.vpc_cidr_block] 56 | 57 | monitoring_interval = 60 58 | apply_immediately = true 59 | skip_final_snapshot = true 60 | serverlessv2_scaling_configuration = { 61 | min_capacity = 2 62 | max_capacity = 10 63 | } 64 | instance_class = "db.serverless" 65 | instances = { 66 | one = {} 67 | two = {} 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /examples/aurora-postgres-serverless/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # Cluster 3 | ################################################################################ 4 | 5 | output "cluster_arn" { 6 | description = "Amazon Resource Name (ARN) of cluster" 7 | value = module.aurora_postgresql.cluster_arn 8 | } 9 | 10 | output "cluster_id" { 11 | description = "The RDS Cluster Identifier" 12 | value = module.aurora_postgresql.cluster_id 13 | } 14 | 15 | output "cluster_resource_id" { 16 | description = "The RDS Cluster Resource ID" 17 | value = module.aurora_postgresql.cluster_resource_id 18 | } 19 | 20 | output "cluster_members" { 21 | description = "List of RDS Instances that are a part of this cluster" 22 | value = module.aurora_postgresql.cluster_members 23 | } 24 | 25 | output "cluster_endpoint" { 26 | description = "Writer endpoint for the cluster" 27 | value = module.aurora_postgresql.cluster_endpoint 28 | } 29 | 30 | output "cluster_reader_endpoint" { 31 | description = "A read-only endpoint for the cluster, automatically load-balanced across replicas" 32 | value = module.aurora_postgresql.cluster_reader_endpoint 33 | } 34 | 35 | -------------------------------------------------------------------------------- /examples/aurora-postgres-serverless/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/aurora-postgres/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.region 3 | } 4 | 5 | locals { 6 | name = "aurora-postgres" 7 | environment = "test" 8 | label_order = ["environment", "name"] 9 | region = "us-east-1" 10 | } 11 | ##----------------------------------------------------------------------------- 12 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. 13 | ##----------------------------------------------------------------------------- 14 | module "vpc" { 15 | source = "clouddrove/vpc/aws" 16 | version = "2.0.0" 17 | 18 | name = local.name 19 | environment = local.environment 20 | label_order = local.label_order 21 | 22 | cidr_block = "10.10.0.0/16" 23 | } 24 | 25 | ##------------------------------------------------------------------------------ 26 | ## A subnet is a range of IP addresses in your VPC. 27 | ##----------------------------------------------------------------------------- 28 | #tfsec:ignore:aws-ec2-no-excessive-port-access # All ports are allowed by default but can be changed via variables. 29 | #tfsec:ignore:aws-ec2-no-public-ingress-acl # Public ingress is allowed from all network but can be restricted by using variables. 30 | module "subnets" { 31 | source = "clouddrove/subnet/aws" 32 | version = "2.0.1" 33 | 34 | name = local.name 35 | environment = local.environment 36 | label_order = local.label_order 37 | 38 | nat_gateway_enabled = true 39 | single_nat_gateway = true 40 | availability_zones = ["${local.region}a", "${local.region}b", "${local.region}c"] 41 | vpc_id = module.vpc.vpc_id 42 | type = "public-private" 43 | igw_id = module.vpc.igw_id 44 | cidr_block = module.vpc.vpc_cidr_block 45 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 46 | enable_ipv6 = false 47 | private_inbound_acl_rules = [{ 48 | rule_number = 100 49 | rule_action = "allow" 50 | from_port = 0 51 | to_port = 0 52 | protocol = "-1" 53 | cidr_block = module.vpc.vpc_cidr_block 54 | }] 55 | private_outbound_acl_rules = [{ 56 | rule_number = 100 57 | rule_action = "allow" 58 | from_port = 0 59 | to_port = 0 60 | protocol = "-1" 61 | cidr_block = module.vpc.vpc_cidr_block 62 | }] 63 | } 64 | 65 | ##----------------------------------------------------------------------------- 66 | ## SECURITY GROUP: For RDS Proxy 67 | ##----------------------------------------------------------------------------- 68 | #tfsec:ignore:aws-ec2-no-public-egress-sgr # -- Allowing egress to anywhere, can we restricted to VPC CIDR only. 69 | module "proxy_sg" { 70 | source = "clouddrove/security-group/aws" 71 | version = "2.0.0" 72 | 73 | name = "${local.name}-proxy" 74 | environment = local.environment 75 | label_order = local.label_order 76 | 77 | vpc_id = module.vpc.vpc_id 78 | new_sg_ingress_rules_with_cidr_blocks = [{ 79 | rule_count = 1 80 | from_port = 5432 81 | protocol = "tcp" 82 | to_port = 5432 83 | cidr_blocks = [module.vpc.vpc_cidr_block] 84 | description = "Allow all traffic from VPC." 85 | }] 86 | new_sg_egress_rules_with_cidr_blocks = [{ 87 | rule_count = 1 88 | from_port = 0 89 | protocol = "-1" 90 | to_port = 0 91 | cidr_blocks = ["0.0.0.0/0"] 92 | ipv6_cidr_blocks = ["::/0"] 93 | description = "Allow all outbound traffic." 94 | }] 95 | } 96 | 97 | ##----------------------------------------------------------------------------- 98 | ## RDS Aurora Module 99 | ##----------------------------------------------------------------------------- 100 | module "aurora" { 101 | source = "../../" 102 | 103 | name = local.name 104 | environment = local.environment 105 | label_order = local.label_order 106 | 107 | engine = "aurora-postgresql" 108 | engine_version = "15.3" 109 | master_username = "root" 110 | storage_type = "aurora-iopt1" 111 | sg_ids = [] 112 | allowed_ports = [5432] 113 | subnets = module.subnets.public_subnet_id 114 | allowed_ip = [module.vpc.vpc_cidr_block] 115 | instances = { 116 | 1 = { 117 | instance_class = "db.t4g.medium" 118 | publicly_accessible = false 119 | } 120 | 2 = { 121 | identifier = "static-member-1" 122 | instance_class = "db.t4g.large" 123 | } 124 | 3 = { 125 | identifier = "excluded-member-1" 126 | instance_class = "db.t3.medium" 127 | promotion_tier = 15 128 | } 129 | } 130 | vpc_id = module.vpc.vpc_id 131 | database_name = "postgres" 132 | 133 | apply_immediately = true 134 | skip_final_snapshot = true 135 | create_db_cluster_parameter_group = true 136 | db_cluster_parameter_group_name = "aurora-postgres" 137 | db_cluster_parameter_group_family = "aurora-postgresql15" 138 | db_cluster_parameter_group_description = "aurora postgres example cluster parameter group" 139 | db_cluster_parameter_group_parameters = [ 140 | { 141 | name = "log_min_duration_statement" 142 | value = 4000 143 | apply_method = "immediate" 144 | }, 145 | { 146 | name = "rds.force_ssl" 147 | value = 1 148 | apply_method = "immediate" 149 | } 150 | ] 151 | create_db_parameter_group = true 152 | db_parameter_group_name = "aurora-postgre" 153 | db_parameter_group_family = "aurora-postgresql15" 154 | db_parameter_group_description = "postgres aurora example DB parameter group" 155 | db_parameter_group_parameters = [ 156 | { 157 | name = "log_min_duration_statement" 158 | value = 4000 159 | apply_method = "immediate" 160 | } 161 | ] 162 | enabled_cloudwatch_logs_exports = ["postgresql"] 163 | 164 | ##------------------------------------- 165 | ## RDS PROXY 166 | ##------------------------------------- 167 | create_db_proxy = true 168 | engine_family = "POSTGRESQL" 169 | proxy_subnet_ids = module.subnets.public_subnet_id 170 | proxy_sg_ids = [module.proxy_sg.security_group_id] 171 | auth = [ 172 | { 173 | auth_scheme = "SECRETS" 174 | description = "example" 175 | iam_auth = "DISABLED" 176 | secret_arn = module.aurora.cluster_master_user_secret[0].secret_arn 177 | } 178 | ] 179 | } -------------------------------------------------------------------------------- /examples/aurora-postgres/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # Cluster 3 | ################################################################################ 4 | 5 | output "cluster_arn" { 6 | description = "Amazon Resource Name (ARN) of cluster" 7 | value = module.aurora.cluster_arn 8 | } 9 | 10 | output "cluster_id" { 11 | description = "The RDS Cluster Identifier" 12 | value = module.aurora.cluster_id 13 | } 14 | 15 | output "cluster_resource_id" { 16 | description = "The RDS Cluster Resource ID" 17 | value = module.aurora.cluster_resource_id 18 | } 19 | 20 | output "cluster_members" { 21 | description = "List of RDS Instances that are a part of this cluster" 22 | value = module.aurora.cluster_members 23 | } 24 | 25 | output "cluster_endpoint" { 26 | description = "Writer endpoint for the cluster" 27 | value = module.aurora.cluster_endpoint 28 | } 29 | 30 | output "cluster_reader_endpoint" { 31 | description = "A read-only endpoint for the cluster, automatically load-balanced across replicas" 32 | value = module.aurora.cluster_reader_endpoint 33 | } 34 | 35 | output "cluster_master_user_secret" { 36 | value = module.aurora.cluster_master_user_secret[0].secret_arn 37 | } 38 | 39 | ################################################################################ 40 | # PROXY 41 | ################################################################################ 42 | 43 | output "proxy_id" { 44 | description = "The ID of the rds proxy" 45 | value = module.aurora.proxy_id 46 | } 47 | 48 | output "proxy_arn" { 49 | description = "The Amazon Resource Name (ARN) for the proxy" 50 | value = module.aurora.proxy_arn 51 | } 52 | 53 | output "db_proxy_endpoints" { 54 | description = "Array containing the full resource object and attributes for all DB proxy endpoints created" 55 | value = module.aurora.proxy_endpoint 56 | } 57 | 58 | output "proxy_default_target_group_id" { 59 | description = "The ID for the default target group" 60 | value = module.aurora.proxy_default_target_group_id 61 | } 62 | 63 | 64 | output "proxy_default_target_group_arn" { 65 | description = "The Amazon Resource Name (ARN) for the default target group" 66 | value = module.aurora.proxy_default_target_group_arn 67 | } 68 | 69 | output "proxy_default_target_group_name" { 70 | description = "The name of the default target group" 71 | value = module.aurora.proxy_default_target_group_name 72 | } 73 | 74 | output "proxy_target_endpoint" { 75 | description = "Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type" 76 | value = module.aurora.proxy_target_endpoint 77 | } 78 | 79 | output "proxy_target_id" { 80 | description = "Identifier of `db_proxy_name`, `target_group_name`, target type (e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`), and resource identifier separated by forward slashes (/)" 81 | value = module.aurora.proxy_target_id 82 | } 83 | 84 | output "proxy_target_port" { 85 | description = "Port for the target RDS DB Instance or Aurora DB Cluster" 86 | value = module.aurora.proxy_target_port 87 | } 88 | 89 | output "proxy_name" { 90 | description = "Identifier representing the DB Instance or DB Cluster target" 91 | value = module.aurora.proxy_name 92 | } 93 | 94 | output "proxy_target_target_arn" { 95 | description = "Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API" 96 | value = module.aurora.proxy_target_target_arn 97 | } 98 | 99 | output "proxy_target_tracked_cluster_id" { 100 | description = "DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS_INSTANCE target that is part of a DB Cluster" 101 | value = module.aurora.proxy_target_tracked_cluster_id 102 | } 103 | 104 | output "proxy_target_type" { 105 | description = "Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`" 106 | value = module.aurora.proxy_target_type 107 | } 108 | 109 | output "proxy_iam_role_name" { 110 | description = "Name of the RDS Proxy IAM Role." 111 | value = module.aurora.proxy_iam_role_name 112 | } 113 | 114 | output "proxy_iam_role_arn" { 115 | description = "Amazon Resource Name (ARN) specifying the RDS Proxy role." 116 | value = module.aurora.proxy_iam_role_arn 117 | } 118 | 119 | output "proxy_iam_role_unique_id" { 120 | description = "Stable and unique string identifying the RDS Proxy role." 121 | value = module.aurora.proxy_iam_role_unique_id 122 | } 123 | 124 | output "proxy_iam_policy_name" { 125 | description = "The name of the policy attached to RDS Proxy IAM Role." 126 | value = module.aurora.proxy_iam_policy_name 127 | } -------------------------------------------------------------------------------- /examples/aurora-postgres/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | ##------------------------------------------------------------------------------ 2 | ## Labels module callled that will be used for naming and tags. 3 | ##------------------------------------------------------------------------------ 4 | module "labels" { 5 | source = "clouddrove/labels/aws" 6 | version = "1.3.0" 7 | 8 | name = var.name 9 | repository = var.repository 10 | environment = var.environment 11 | managedby = var.managedby 12 | label_order = var.label_order 13 | } 14 | 15 | data "aws_partition" "current" {} 16 | locals { 17 | create = var.create 18 | port = coalesce(var.port, (var.engine == "aurora-postgresql" || var.engine == "postgres" ? 5432 : 3306)) 19 | backtrack_window = (var.engine == "aurora-mysql" || var.engine == "aurora") && var.engine_mode != "serverless" ? var.backtrack_window : 0 20 | is_serverless = var.engine_mode == "serverless" 21 | } 22 | 23 | ##----------------------------------------------------------------------------- 24 | ## Provides an RDS DB subnet group resource. 25 | ##----------------------------------------------------------------------------- 26 | resource "aws_db_subnet_group" "default" { 27 | count = var.enable == true && var.enabled_subnet_group == true ? 1 : 0 28 | 29 | name = module.labels.id 30 | description = format("For Aurora cluster %s", module.labels.id) 31 | subnet_ids = var.subnets 32 | tags = module.labels.tags 33 | } 34 | 35 | resource "random_id" "password" { 36 | count = var.manage_master_user_password == false ? 1 : 0 37 | byte_length = 20 38 | } 39 | 40 | ##----------------------------------------------------------------------------- 41 | ## Manages a RDS Aurora Cluster. To manage cluster instances that inherit configuration from the cluster (when not running the cluster in serverless engine mode), see the aws_rds_cluster_instance resource. To manage non-Aurora databases (e.g. MySQL, PostgreSQL, SQL Server, etc.), see the aws_db_instance resource. 42 | ##----------------------------------------------------------------------------- 43 | resource "aws_rds_cluster" "this" { 44 | count = local.create ? 1 : 0 45 | allocated_storage = var.allocated_storage 46 | allow_major_version_upgrade = var.allow_major_version_upgrade 47 | apply_immediately = var.apply_immediately 48 | availability_zones = var.availability_zones 49 | backup_retention_period = var.backup_retention_period 50 | backtrack_window = local.backtrack_window 51 | cluster_identifier = module.labels.id 52 | cluster_members = var.cluster_members 53 | copy_tags_to_snapshot = var.copy_tags_to_snapshot 54 | database_name = var.is_primary_cluster ? var.database_name : null 55 | db_cluster_instance_class = var.db_cluster_instance_class 56 | db_cluster_parameter_group_name = var.create_db_cluster_parameter_group ? aws_rds_cluster_parameter_group.this[0].id : var.db_cluster_parameter_group_name 57 | db_instance_parameter_group_name = var.allow_major_version_upgrade ? var.db_cluster_db_instance_parameter_group_name : null 58 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name) 59 | deletion_protection = var.deletion_protection 60 | enable_global_write_forwarding = var.enable_global_write_forwarding 61 | enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports 62 | enable_http_endpoint = var.enable_http_endpoint 63 | engine = var.engine 64 | engine_mode = var.engine_mode 65 | engine_version = var.engine_version 66 | final_snapshot_identifier = var.final_snapshot_identifier 67 | global_cluster_identifier = var.global_cluster_identifier 68 | iam_database_authentication_enabled = var.iam_database_authentication_enabled 69 | iops = var.iops 70 | kms_key_id = var.kms_key_id 71 | manage_master_user_password = var.global_cluster_identifier == null && var.manage_master_user_password ? var.manage_master_user_password : null 72 | master_user_secret_kms_key_id = var.global_cluster_identifier == null && var.manage_master_user_password ? var.master_user_secret_kms_key_id : null 73 | master_password = var.is_primary_cluster && !var.manage_master_user_password ? random_id.password[0].b64_url : null 74 | master_username = var.is_primary_cluster ? var.master_username : null 75 | network_type = var.network_type 76 | port = local.port 77 | preferred_backup_window = local.is_serverless ? null : var.preferred_backup_window 78 | preferred_maintenance_window = local.is_serverless ? null : var.preferred_maintenance_window 79 | replication_source_identifier = var.replication_source_identifier 80 | 81 | dynamic "restore_to_point_in_time" { 82 | for_each = length(var.restore_to_point_in_time) > 0 ? [var.restore_to_point_in_time] : [] 83 | 84 | content { 85 | restore_to_time = try(restore_to_point_in_time.value.restore_to_time, null) 86 | restore_type = try(restore_to_point_in_time.value.restore_type, null) 87 | source_cluster_identifier = restore_to_point_in_time.value.source_cluster_identifier 88 | use_latest_restorable_time = try(restore_to_point_in_time.value.use_latest_restorable_time, null) 89 | } 90 | } 91 | 92 | dynamic "s3_import" { 93 | for_each = length(var.s3_import) > 0 && !local.is_serverless ? [var.s3_import] : [] 94 | 95 | content { 96 | bucket_name = s3_import.value.bucket_name 97 | bucket_prefix = try(s3_import.value.bucket_prefix, null) 98 | ingestion_role = s3_import.value.ingestion_role 99 | source_engine = "mysql" 100 | source_engine_version = s3_import.value.source_engine_version 101 | } 102 | } 103 | 104 | dynamic "scaling_configuration" { 105 | for_each = length(var.scaling_configuration) > 0 && local.is_serverless ? [var.scaling_configuration] : [] 106 | 107 | content { 108 | auto_pause = try(scaling_configuration.value.auto_pause, null) 109 | max_capacity = try(scaling_configuration.value.max_capacity, null) 110 | min_capacity = try(scaling_configuration.value.min_capacity, null) 111 | seconds_until_auto_pause = try(scaling_configuration.value.seconds_until_auto_pause, null) 112 | timeout_action = try(scaling_configuration.value.timeout_action, null) 113 | } 114 | } 115 | 116 | dynamic "serverlessv2_scaling_configuration" { 117 | for_each = length(var.serverlessv2_scaling_configuration) > 0 && var.engine_mode == "provisioned" ? [var.serverlessv2_scaling_configuration] : [] 118 | 119 | content { 120 | max_capacity = serverlessv2_scaling_configuration.value.max_capacity 121 | min_capacity = serverlessv2_scaling_configuration.value.min_capacity 122 | } 123 | } 124 | 125 | skip_final_snapshot = var.skip_final_snapshot 126 | snapshot_identifier = var.snapshot_identifier 127 | source_region = var.source_region 128 | storage_encrypted = var.storage_encrypted 129 | storage_type = var.storage_type 130 | vpc_security_group_ids = compact(concat([try(aws_security_group.default[0].id, "")], var.vpc_security_group_ids)) 131 | 132 | timeouts { 133 | create = try(var.cluster_timeouts.create, null) 134 | update = try(var.cluster_timeouts.update, null) 135 | delete = try(var.cluster_timeouts.delete, null) 136 | } 137 | 138 | lifecycle { 139 | ignore_changes = [ 140 | # See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#replication_source_identifier 141 | # Since this is used either in read-replica clusters or global clusters, this should be acceptable to specify 142 | replication_source_identifier, 143 | global_cluster_identifier, 144 | snapshot_identifier, 145 | ] 146 | } 147 | 148 | tags = module.labels.tags 149 | } 150 | 151 | ##----------------------------------------------------------------------------- 152 | ## Provides an RDS Cluster Instance Resource. A Cluster Instance Resource defines attributes that are specific to a single instance in a RDS Cluster, specifically running Amazon Aurora. 153 | ##----------------------------------------------------------------------------- 154 | resource "aws_rds_cluster_instance" "this" { 155 | for_each = { for k, v in var.instances : k => v if local.create && !local.is_serverless } 156 | apply_immediately = try(each.value.apply_immediately, var.apply_immediately) 157 | auto_minor_version_upgrade = try(each.value.auto_minor_version_upgrade, var.auto_minor_version_upgrade) 158 | availability_zone = try(each.value.availability_zone, null) 159 | ca_cert_identifier = var.ca_cert_identifier 160 | cluster_identifier = aws_rds_cluster.this[0].id 161 | copy_tags_to_snapshot = try(each.value.copy_tags_to_snapshot, var.copy_tags_to_snapshot) 162 | db_parameter_group_name = var.create_db_parameter_group ? aws_db_parameter_group.this[0].id : var.db_parameter_group_name 163 | db_subnet_group_name = join("", aws_db_subnet_group.default[*].name) 164 | engine = var.engine 165 | engine_version = var.engine_version 166 | identifier = var.instances_use_identifier_prefix ? null : try(each.value.identifier, "${var.name}-${each.key}") 167 | identifier_prefix = var.instances_use_identifier_prefix ? try(each.value.identifier_prefix, "${var.name}-${each.key}-") : null 168 | instance_class = try(each.value.instance_class, var.instance_class) 169 | monitoring_interval = try(each.value.monitoring_interval, var.monitoring_interval) 170 | monitoring_role_arn = var.create_monitoring_role ? try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) : var.monitoring_role_arn 171 | performance_insights_enabled = try(each.value.performance_insights_enabled, var.performance_insights_enabled) 172 | performance_insights_kms_key_id = try(each.value.performance_insights_kms_key_id, var.performance_insights_kms_key_id) 173 | performance_insights_retention_period = try(each.value.performance_insights_retention_period, var.performance_insights_retention_period) 174 | # preferred_backup_window - is set at the cluster level and will error if provided here 175 | preferred_maintenance_window = try(each.value.preferred_maintenance_window, var.preferred_maintenance_window) 176 | promotion_tier = try(each.value.promotion_tier, null) 177 | publicly_accessible = try(each.value.publicly_accessible, var.publicly_accessible) 178 | tags = merge(var.tags, var.cluster_tags) 179 | timeouts { 180 | create = try(var.instance_timeouts.create, null) 181 | update = try(var.instance_timeouts.update, null) 182 | delete = try(var.instance_timeouts.delete, null) 183 | } 184 | } 185 | 186 | ##----------------------------------------------------------------------------- 187 | ## Manages an RDS Aurora Cluster Endpoint. You can refer to the User Guide. 188 | ##----------------------------------------------------------------------------- 189 | resource "aws_rds_cluster_endpoint" "this" { 190 | for_each = { for k, v in var.endpoints : k => v if local.create && !local.is_serverless } 191 | 192 | cluster_endpoint_identifier = each.value.identifier 193 | cluster_identifier = aws_rds_cluster.this[0].id 194 | custom_endpoint_type = each.value.type 195 | excluded_members = try(each.value.excluded_members, null) 196 | static_members = try(each.value.static_members, null) 197 | tags = merge(var.tags, var.cluster_tags) 198 | depends_on = [ 199 | aws_rds_cluster_instance.this 200 | ] 201 | } 202 | 203 | ##----------------------------------------------------------------------------- 204 | ## Manages an RDS DB Instance association with an IAM Role. Example use cases. 205 | ##----------------------------------------------------------------------------- 206 | resource "aws_rds_cluster_role_association" "this" { 207 | for_each = { for k, v in var.iam_roles : k => v if local.create } 208 | 209 | db_cluster_identifier = aws_rds_cluster.this[0].id 210 | feature_name = each.value.feature_name 211 | role_arn = each.value.role_arn 212 | } 213 | 214 | locals { 215 | create_monitoring_role = local.create && var.create_monitoring_role && var.monitoring_interval > 0 216 | } 217 | 218 | data "aws_iam_policy_document" "monitoring_rds_assume_role" { 219 | count = local.create_monitoring_role ? 1 : 0 220 | 221 | statement { 222 | actions = ["sts:AssumeRole"] 223 | 224 | principals { 225 | type = "Service" 226 | identifiers = ["monitoring.rds.${data.aws_partition.current.dns_suffix}"] 227 | } 228 | } 229 | } 230 | 231 | ##----------------------------------------------------------------------------- 232 | ## This data source can be used to fetch information about a specific IAM role. By using this data source, you can reference IAM role properties without having to hard code ARNs as input. 233 | ##----------------------------------------------------------------------------- 234 | resource "aws_iam_role" "rds_enhanced_monitoring" { 235 | count = local.create_monitoring_role ? 1 : 0 236 | name = module.labels.id 237 | description = var.iam_role_description 238 | path = var.iam_role_path 239 | 240 | assume_role_policy = data.aws_iam_policy_document.monitoring_rds_assume_role[0].json 241 | managed_policy_arns = var.iam_role_managed_policy_arns 242 | permissions_boundary = var.iam_role_permissions_boundary 243 | force_detach_policies = var.iam_role_force_detach_policies 244 | max_session_duration = var.iam_role_max_session_duration 245 | 246 | tags = merge( 247 | { 248 | "Name" = format("%s", var.monitoring_role_name) 249 | }, 250 | module.labels.tags, 251 | var.mysql_iam_role_tags 252 | ) 253 | } 254 | 255 | resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" { 256 | count = local.create_monitoring_role ? 1 : 0 257 | 258 | role = aws_iam_role.rds_enhanced_monitoring[0].name 259 | policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" 260 | } 261 | 262 | ##----------------------------------------------------------------------------- 263 | ## Provides an AutoScaling Group resource. 264 | ##----------------------------------------------------------------------------- 265 | resource "aws_appautoscaling_target" "this" { 266 | count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0 267 | 268 | max_capacity = var.autoscaling_max_capacity 269 | min_capacity = var.autoscaling_min_capacity 270 | resource_id = "cluster:${aws_rds_cluster.this[0].cluster_identifier}" 271 | scalable_dimension = "rds:cluster:ReadReplicaCount" 272 | service_namespace = "rds" 273 | 274 | tags = module.labels.tags 275 | } 276 | 277 | ##----------------------------------------------------------------------------- 278 | ## Provides an Application AutoScaling Policy resource. 279 | ##----------------------------------------------------------------------------- 280 | resource "aws_appautoscaling_policy" "this" { 281 | count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0 282 | 283 | name = var.autoscaling_policy_name 284 | policy_type = "TargetTrackingScaling" 285 | resource_id = "cluster:${aws_rds_cluster.this[0].cluster_identifier}" 286 | scalable_dimension = "rds:cluster:ReadReplicaCount" 287 | service_namespace = "rds" 288 | target_tracking_scaling_policy_configuration { 289 | predefined_metric_specification { 290 | predefined_metric_type = var.predefined_metric_type 291 | } 292 | 293 | scale_in_cooldown = var.autoscaling_scale_in_cooldown 294 | scale_out_cooldown = var.autoscaling_scale_out_cooldown 295 | target_value = var.predefined_metric_type == "RDSReaderAverageCPUUtilization" ? var.autoscaling_target_cpu : var.autoscaling_target_connections 296 | } 297 | 298 | depends_on = [ 299 | aws_appautoscaling_target.this 300 | ] 301 | } 302 | 303 | ##----------------------------------------------------------------------------- 304 | ## Provides a security group resource. 305 | ##----------------------------------------------------------------------------- 306 | resource "aws_security_group" "default" { 307 | count = var.enable_security_group && length(var.sg_ids) < 1 ? 1 : 0 308 | 309 | name = format("%s-sg", module.labels.id) 310 | vpc_id = var.vpc_id 311 | description = var.sg_description 312 | tags = module.labels.tags 313 | lifecycle { 314 | create_before_destroy = true 315 | } 316 | } 317 | 318 | ##----------------------------------------------------------------------------- 319 | ## Provides a security group resource. 320 | ##----------------------------------------------------------------------------- 321 | #tfsec:ignore:aws-ec2-no-public-egress-sgr 322 | resource "aws_security_group_rule" "egress" { 323 | count = (var.enable_security_group == true && length(var.sg_ids) < 1 && var.egress_rule == true) ? 1 : 0 324 | 325 | description = var.sg_egress_description 326 | type = "egress" 327 | from_port = var.from_port 328 | to_port = var.to_port 329 | protocol = var.egress_protocol 330 | cidr_blocks = var.cidr_blocks 331 | security_group_id = join("", aws_security_group.default[*].id) 332 | } 333 | #tfsec:ignore:aws-ec2-no-public-egress-sgr 334 | resource "aws_security_group_rule" "egress_ipv6" { 335 | count = (var.enable_security_group == true && length(var.sg_ids) < 1) && var.egress_rule == true ? 1 : 0 336 | 337 | description = var.sg_egress_ipv6_description 338 | type = "egress" 339 | from_port = var.from_port 340 | to_port = var.to_port 341 | protocol = var.egress_protocol 342 | ipv6_cidr_blocks = var.ipv6_cidr_blocks 343 | security_group_id = join("", aws_security_group.default[*].id) 344 | } 345 | 346 | resource "aws_security_group_rule" "ingress" { 347 | count = length(var.allowed_ip) > 0 == true && length(var.sg_ids) < 1 ? length(compact(var.allowed_ports)) : 0 348 | 349 | description = var.sg_ingress_description 350 | type = "ingress" 351 | from_port = element(var.allowed_ports, count.index) 352 | to_port = element(var.allowed_ports, count.index) 353 | protocol = var.protocol 354 | cidr_blocks = var.allowed_ip 355 | security_group_id = join("", aws_security_group.default[*].id) 356 | } 357 | 358 | ##----------------------------------------------------------------------------- 359 | ## Provides an RDS DB cluster parameter group resource. Documentation of the available parameters for various Aurora engines can be found at: 360 | ##----------------------------------------------------------------------------- 361 | resource "aws_rds_cluster_parameter_group" "this" { 362 | count = local.create && var.create_db_cluster_parameter_group ? 1 : 0 363 | 364 | name = module.labels.id 365 | description = var.db_cluster_parameter_group_description 366 | family = var.db_cluster_parameter_group_family 367 | 368 | dynamic "parameter" { 369 | for_each = var.db_cluster_parameter_group_parameters 370 | 371 | content { 372 | name = parameter.value.name 373 | value = parameter.value.value 374 | apply_method = try(parameter.value.apply_method, "immediate") 375 | } 376 | } 377 | 378 | lifecycle { 379 | create_before_destroy = true 380 | } 381 | 382 | tags = module.labels.tags 383 | } 384 | 385 | ##----------------------------------------------------------------------------- 386 | ## Provides an RDS DB parameter group resource .Documentation of the available parameters for various RDS engines can be found at. 387 | ##----------------------------------------------------------------------------- 388 | resource "aws_db_parameter_group" "this" { 389 | count = local.create && var.create_db_parameter_group ? 1 : 0 390 | 391 | name = module.labels.id 392 | description = var.db_parameter_group_description 393 | family = var.db_parameter_group_family 394 | 395 | dynamic "parameter" { 396 | for_each = var.db_parameter_group_parameters 397 | 398 | content { 399 | name = parameter.value.name 400 | value = parameter.value.value 401 | apply_method = try(parameter.value.apply_method, "immediate") 402 | } 403 | } 404 | 405 | lifecycle { 406 | create_before_destroy = true 407 | } 408 | 409 | tags = module.labels.tags 410 | } 411 | 412 | ##----------------------------------------------------------------------------------------- 413 | ## RDS PROXY 414 | ##----------------------------------------------------------------------------------------- 415 | data "aws_region" "current" {} 416 | 417 | resource "aws_db_proxy" "proxy" { 418 | count = local.create && var.create_db_proxy ? 1 : 0 419 | 420 | name = module.labels.id 421 | debug_logging = var.debug_logging 422 | engine_family = var.engine_family 423 | idle_client_timeout = var.idle_client_timeout 424 | require_tls = var.require_tls 425 | role_arn = local.create && var.enable_default_proxy_iam_role ? join("", aws_iam_role.proxy_iam_role[*].arn) : var.proxy_role_arn 426 | vpc_security_group_ids = var.proxy_sg_ids 427 | vpc_subnet_ids = var.proxy_subnet_ids 428 | 429 | dynamic "auth" { 430 | for_each = var.auth 431 | content { 432 | auth_scheme = try(auth.value.auth_scheme, "SECRETS") 433 | client_password_auth_type = try(auth.value.client_password_auth_type, null) 434 | description = try(auth.value.description, null) 435 | iam_auth = try(auth.value.iam_auth, null) 436 | secret_arn = try(auth.value.secret_arn, null) 437 | username = try(auth.value.username, null) 438 | } 439 | } 440 | tags = module.labels.tags 441 | } 442 | 443 | resource "aws_db_proxy_default_target_group" "proxy" { 444 | count = local.create && var.create_db_proxy ? 1 : 0 445 | 446 | db_proxy_name = join("", aws_db_proxy.proxy[*].name) 447 | 448 | connection_pool_config { 449 | connection_borrow_timeout = var.connection_borrow_timeout 450 | init_query = var.init_query 451 | max_connections_percent = var.max_connections_percent 452 | max_idle_connections_percent = var.max_idle_connections_percent 453 | session_pinning_filters = var.session_pinning_filters 454 | } 455 | } 456 | 457 | resource "aws_db_proxy_target" "proxy" { 458 | count = local.create && var.create_db_proxy ? 1 : 0 459 | 460 | db_proxy_name = aws_db_proxy.proxy[0].name 461 | target_group_name = aws_db_proxy_default_target_group.proxy[0].name 462 | db_cluster_identifier = aws_rds_cluster.this[0].id 463 | } 464 | 465 | resource "aws_db_proxy_endpoint" "proxy" { 466 | for_each = { for k, v in var.proxy_endpoints : k => v if local.create && var.create_db_proxy } 467 | 468 | db_proxy_name = aws_db_proxy.proxy[0].name 469 | db_proxy_endpoint_name = each.value.name 470 | vpc_subnet_ids = each.value.vpc_subnet_ids 471 | vpc_security_group_ids = lookup(each.value, "vpc_security_group_ids", null) 472 | target_role = lookup(each.value, "target_role", null) 473 | 474 | tags = module.labels.tags 475 | } 476 | 477 | ################################################################################ 478 | # IAM Role 479 | ################################################################################ 480 | 481 | data "aws_iam_policy_document" "proxy_assume_role" { 482 | count = local.create && var.create_db_proxy && var.enable_default_proxy_iam_role ? 1 : 0 483 | 484 | statement { 485 | sid = "RDSAssume" 486 | effect = "Allow" 487 | actions = ["sts:AssumeRole"] 488 | 489 | principals { 490 | type = "Service" 491 | identifiers = ["rds.${data.aws_partition.current.dns_suffix}"] 492 | } 493 | } 494 | } 495 | 496 | resource "aws_iam_role" "proxy_iam_role" { 497 | count = local.create && var.create_db_proxy && var.enable_default_proxy_iam_role ? 1 : 0 498 | 499 | name = module.labels.id 500 | description = var.proxy_iam_role_description 501 | path = var.proxy_iam_role_path 502 | 503 | assume_role_policy = data.aws_iam_policy_document.proxy_assume_role[0].json 504 | force_detach_policies = var.iam_role_force_detach_policies 505 | max_session_duration = var.iam_role_max_session_duration 506 | permissions_boundary = var.iam_role_permissions_boundary 507 | 508 | tags = module.labels.tags 509 | } 510 | 511 | data "aws_iam_policy_document" "proxy_iam_policy_permissions" { 512 | count = local.create && var.create_db_proxy && var.enable_default_proxy_iam_role ? 1 : 0 513 | 514 | statement { 515 | sid = "DecryptSecrets" 516 | effect = "Allow" 517 | actions = ["kms:Decrypt"] 518 | resources = ["arn:${data.aws_partition.current.partition}:kms:*:*:key/*"] 519 | 520 | condition { 521 | test = "StringEquals" 522 | variable = "kms:ViaService" 523 | values = [ 524 | "secretsmanager.${data.aws_region.current.name}.${data.aws_partition.current.dns_suffix}" 525 | ] 526 | } 527 | } 528 | 529 | statement { 530 | sid = "ListSecrets" 531 | effect = "Allow" 532 | actions = [ 533 | "secretsmanager:GetRandomPassword", 534 | "secretsmanager:ListSecrets", 535 | ] 536 | resources = ["*"] 537 | } 538 | 539 | statement { 540 | sid = "GetSecrets" 541 | effect = "Allow" 542 | actions = [ 543 | "secretsmanager:GetResourcePolicy", 544 | "secretsmanager:GetSecretValue", 545 | "secretsmanager:DescribeSecret", 546 | "secretsmanager:ListSecretVersionIds", 547 | ] 548 | 549 | resources = distinct([for auth in var.auth : auth.secret_arn]) 550 | } 551 | } 552 | 553 | resource "aws_iam_role_policy" "proxy_iam_policy" { 554 | count = local.create && var.create_db_proxy && var.enable_default_proxy_iam_role ? 1 : 0 555 | 556 | name = module.labels.id 557 | policy = data.aws_iam_policy_document.proxy_iam_policy_permissions[0].json 558 | role = aws_iam_role.proxy_iam_role[0].id 559 | } -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # DB Subnet Group 3 | ################################################################################ 4 | 5 | 6 | ################################################################################ 7 | # Cluster 8 | ################################################################################ 9 | 10 | output "cluster_arn" { 11 | description = "Amazon Resource Name (ARN) of cluster" 12 | value = try(aws_rds_cluster.this[0].arn, null) 13 | } 14 | 15 | output "cluster_id" { 16 | description = "The RDS Cluster Identifier" 17 | value = try(aws_rds_cluster.this[0].id, null) 18 | } 19 | 20 | output "cluster_resource_id" { 21 | description = "The RDS Cluster Resource ID" 22 | value = try(aws_rds_cluster.this[0].cluster_resource_id, null) 23 | } 24 | 25 | output "cluster_members" { 26 | description = "List of RDS Instances that are a part of this cluster" 27 | value = try(aws_rds_cluster.this[0].cluster_members, null) 28 | } 29 | 30 | output "cluster_endpoint" { 31 | description = "Writer endpoint for the cluster" 32 | value = try(aws_rds_cluster.this[0].endpoint, null) 33 | } 34 | 35 | output "cluster_reader_endpoint" { 36 | description = "A read-only endpoint for the cluster, automatically load-balanced across replicas" 37 | value = try(aws_rds_cluster.this[0].reader_endpoint, null) 38 | } 39 | 40 | output "cluster_engine_version_actual" { 41 | description = "The running version of the cluster database" 42 | value = try(aws_rds_cluster.this[0].engine_version_actual, null) 43 | } 44 | 45 | # database_name is not set on `aws_rds_cluster` resource if it was not specified, so can't be used in output 46 | output "cluster_database_name" { 47 | description = "Name for an automatically created database on cluster creation" 48 | value = var.database_name 49 | } 50 | 51 | output "cluster_port" { 52 | description = "The database port" 53 | value = try(aws_rds_cluster.this[0].port, null) 54 | } 55 | 56 | output "cluster_master_password" { 57 | description = "The database master password" 58 | value = try(aws_rds_cluster.this[0].master_password, null) 59 | sensitive = true 60 | } 61 | 62 | output "cluster_master_username" { 63 | description = "The database master username" 64 | value = try(aws_rds_cluster.this[0].master_username, null) 65 | sensitive = true 66 | } 67 | 68 | output "cluster_master_user_secret" { 69 | description = "The generated database master user secret when `manage_master_user_password` is set to `true`" 70 | value = try(aws_rds_cluster.this[0].master_user_secret, null) 71 | } 72 | 73 | output "cluster_hosted_zone_id" { 74 | description = "The Route53 Hosted Zone ID of the endpoint" 75 | value = try(aws_rds_cluster.this[0].hosted_zone_id, null) 76 | } 77 | 78 | ################################################################################ 79 | # Cluster Instance(s) 80 | ################################################################################ 81 | 82 | output "cluster_instances" { 83 | description = "A map of cluster instances and their attributes" 84 | value = aws_rds_cluster_instance.this 85 | } 86 | 87 | ################################################################################ 88 | # Cluster Endpoint(s) 89 | ################################################################################ 90 | 91 | output "additional_cluster_endpoints" { 92 | description = "A map of additional cluster endpoints and their attributes" 93 | value = aws_rds_cluster_endpoint.this 94 | } 95 | 96 | ################################################################################ 97 | # Cluster IAM Roles 98 | ################################################################################ 99 | 100 | output "cluster_role_associations" { 101 | description = "A map of IAM roles associated with the cluster and their attributes" 102 | value = aws_rds_cluster_role_association.this 103 | } 104 | 105 | ################################################################################ 106 | # Enhanced Monitoring 107 | ################################################################################ 108 | 109 | output "enhanced_monitoring_iam_role_name" { 110 | description = "The name of the enhanced monitoring role" 111 | value = try(aws_iam_role.rds_enhanced_monitoring[0].name, null) 112 | } 113 | 114 | output "enhanced_monitoring_iam_role_arn" { 115 | description = "The Amazon Resource Name (ARN) specifying the enhanced monitoring role" 116 | value = try(aws_iam_role.rds_enhanced_monitoring[0].arn, null) 117 | } 118 | 119 | output "enhanced_monitoring_iam_role_unique_id" { 120 | description = "Stable and unique string identifying the enhanced monitoring role" 121 | value = try(aws_iam_role.rds_enhanced_monitoring[0].unique_id, null) 122 | } 123 | 124 | ################################################################################ 125 | # Security Group 126 | ################################################################################ 127 | 128 | output "security_group_id" { 129 | description = "The security group ID of the cluster" 130 | value = try(aws_security_group.default[0].id, null) 131 | } 132 | 133 | ################################################################################ 134 | # Cluster Parameter Group 135 | ################################################################################ 136 | 137 | output "db_cluster_parameter_group_arn" { 138 | description = "The ARN of the DB cluster parameter group created" 139 | value = try(aws_rds_cluster_parameter_group.this[0].arn, null) 140 | } 141 | 142 | output "db_cluster_parameter_group_id" { 143 | description = "The ID of the DB cluster parameter group created" 144 | value = try(aws_rds_cluster_parameter_group.this[0].id, null) 145 | } 146 | 147 | ################################################################################ 148 | # DB Parameter Group 149 | ################################################################################ 150 | 151 | output "db_parameter_group_arn" { 152 | description = "The ARN of the DB parameter group created" 153 | value = try(aws_db_parameter_group.this[0].arn, null) 154 | } 155 | 156 | output "db_parameter_group_id" { 157 | description = "The ID of the DB parameter group created" 158 | value = try(aws_db_parameter_group.this[0].id, null) 159 | } 160 | 161 | ####################################################################################################################### 162 | # RDS-PROXY: proxy output will show outputs other than empty string `""` , only when `create_db_proxy` is set to `true` 163 | ####################################################################################################################### 164 | output "proxy_id" { 165 | description = "The ID of the rds proxy" 166 | value = join("", try(aws_db_proxy.proxy[*].id, null)) 167 | } 168 | 169 | output "proxy_arn" { 170 | description = "The Amazon Resource Name (ARN) for the proxy" 171 | value = join("", try(aws_db_proxy.proxy[*].arn, null)) 172 | } 173 | 174 | output "proxy_endpoint" { 175 | description = "The endpoint that you can use to connect to the proxy" 176 | value = join("", try(aws_db_proxy.proxy[*].endpoint, null)) 177 | } 178 | 179 | # Proxy Default Target Group 180 | output "proxy_default_target_group_id" { 181 | description = "The ID for the default target group" 182 | value = join("", try(aws_db_proxy_default_target_group.proxy[*].id, null)) 183 | } 184 | 185 | output "proxy_default_target_group_arn" { 186 | description = "The Amazon Resource Name (ARN) for the default target group" 187 | value = join("", try(aws_db_proxy_default_target_group.proxy[*].arn, null)) 188 | } 189 | 190 | output "proxy_default_target_group_name" { 191 | description = "The name of the default target group" 192 | value = join("", try(aws_db_proxy_default_target_group.proxy[*].name, null)) 193 | } 194 | 195 | # Proxy Target 196 | output "proxy_target_endpoint" { 197 | description = "Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type" 198 | value = join("", try(aws_db_proxy_target.proxy[*].endpoint, null)) 199 | } 200 | 201 | output "proxy_target_id" { 202 | description = "Identifier of `db_proxy_name`, `target_group_name`, target type (e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`), and resource identifier separated by forward slashes (/)" 203 | value = join("", try(aws_db_proxy_target.proxy[*].id, null)) 204 | } 205 | 206 | output "proxy_target_port" { 207 | description = "Port for the target RDS DB Instance or Aurora DB Cluster" 208 | value = join("", try(aws_db_proxy_target.proxy[*].port, null)) 209 | } 210 | 211 | output "proxy_name" { 212 | description = "Identifier representing the DB Instance or DB Cluster target" 213 | value = join("", try(aws_db_proxy_target.proxy[*].rds_resource_id, null)) 214 | } 215 | 216 | output "proxy_target_target_arn" { 217 | description = "Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API" 218 | value = join("", try(aws_db_proxy_target.proxy[*].target_arn, null)) 219 | } 220 | 221 | output "proxy_target_tracked_cluster_id" { 222 | description = "DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS_INSTANCE target that is part of a DB Cluster" 223 | value = join("", try(aws_db_proxy_target.proxy[*].tracked_cluster_id, null)) 224 | } 225 | 226 | output "proxy_target_type" { 227 | description = "Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`" 228 | value = join("", try(aws_db_proxy_target.proxy[*].type, null)) 229 | } 230 | 231 | # Proxy IAM Role 232 | output "proxy_iam_role_name" { 233 | description = "Name of the RDS Proxy IAM Role." 234 | value = join("", aws_iam_role.proxy_iam_role[*].name) 235 | } 236 | 237 | output "proxy_iam_role_arn" { 238 | description = "Amazon Resource Name (ARN) specifying the RDS Proxy role." 239 | value = join("", aws_iam_role.proxy_iam_role[*].arn) 240 | } 241 | 242 | output "proxy_iam_role_unique_id" { 243 | description = "Stable and unique string identifying the RDS Proxy role." 244 | value = join("", aws_iam_role.proxy_iam_role[*].unique_id) 245 | } 246 | 247 | output "proxy_iam_policy_name" { 248 | description = "The name of the policy attached to RDS Proxy IAM Role." 249 | value = join("", aws_iam_role_policy.proxy_iam_policy[*].name) 250 | } -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #Module : LABEL 2 | #Description : Terraform label module variables. 3 | variable "name" { 4 | type = string 5 | description = "Name (e.g. `app` or `cluster`)." 6 | } 7 | 8 | variable "repository" { 9 | type = string 10 | default = "https://github.com/clouddrove/terraform-aws-aurora" 11 | description = "Terraform current module repo" 12 | 13 | validation { 14 | # regex(...) fails if it cannot find a match 15 | condition = can(regex("^https://", var.repository)) 16 | error_message = "The module-repo value must be a valid Git repo link." 17 | } 18 | } 19 | 20 | variable "environment" { 21 | type = string 22 | default = "" 23 | description = "Environment (e.g. `prod`, `dev`, `staging`)." 24 | } 25 | 26 | variable "label_order" { 27 | type = list(any) 28 | default = ["name", "environment"] 29 | description = "Label order, e.g. `name`,`application`." 30 | } 31 | 32 | variable "managedby" { 33 | type = string 34 | default = "hello@clouddrove.com" 35 | description = "ManagedBy, eg 'CloudDrove'." 36 | } 37 | 38 | variable "create" { 39 | description = "Whether cluster should be created (affects nearly all resources)" 40 | type = bool 41 | default = true 42 | } 43 | 44 | variable "tags" { 45 | description = "A map of tags to add to all resources" 46 | type = map(string) 47 | default = {} 48 | } 49 | 50 | ################################################################################ 51 | # DB Subnet Group 52 | ################################################################################ 53 | 54 | variable "subnets" { 55 | description = "List of subnet IDs used by database subnet group created" 56 | type = list(string) 57 | default = [] 58 | } 59 | 60 | ################################################################################ 61 | # Cluster 62 | ################################################################################ 63 | 64 | variable "is_primary_cluster" { 65 | description = "Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters)" 66 | type = bool 67 | default = true 68 | } 69 | 70 | variable "allocated_storage" { 71 | description = "The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (This setting is required to create a Multi-AZ DB cluster)" 72 | type = number 73 | default = null 74 | } 75 | 76 | variable "enable" { 77 | type = bool 78 | default = true 79 | description = "Set to false to prevent the module from creating any resources." 80 | } 81 | 82 | variable "enabled_subnet_group" { 83 | type = bool 84 | default = true 85 | description = "Set to false to prevent the module from creating any resources." 86 | } 87 | 88 | variable "allow_major_version_upgrade" { 89 | description = "Enable to allow major engine version upgrades when changing engine versions. Defaults to `false`" 90 | type = bool 91 | default = false 92 | } 93 | 94 | variable "apply_immediately" { 95 | description = "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`" 96 | type = bool 97 | default = null 98 | } 99 | 100 | variable "availability_zones" { 101 | description = "List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply" 102 | type = list(string) 103 | default = null 104 | } 105 | 106 | variable "backup_retention_period" { 107 | description = "The days to retain backups for. Default `7`" 108 | type = number 109 | default = 7 110 | } 111 | 112 | variable "backtrack_window" { 113 | description = "The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours)" 114 | type = number 115 | default = null 116 | } 117 | 118 | variable "cluster_members" { 119 | description = "List of RDS Instances that are a part of this cluster" 120 | type = list(string) 121 | default = null 122 | } 123 | 124 | variable "copy_tags_to_snapshot" { 125 | description = "Copy all Cluster `tags` to snapshots" 126 | type = bool 127 | default = null 128 | } 129 | 130 | variable "database_name" { 131 | description = "Name for an automatically created database on cluster creation" 132 | type = string 133 | default = "" 134 | } 135 | 136 | variable "db_cluster_instance_class" { 137 | description = "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines" 138 | type = string 139 | default = null 140 | } 141 | 142 | variable "db_cluster_db_instance_parameter_group_name" { 143 | description = "Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade`" 144 | type = string 145 | default = null 146 | } 147 | 148 | variable "deletion_protection" { 149 | description = "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`" 150 | type = bool 151 | default = null 152 | } 153 | 154 | variable "sg_ingress_description" { 155 | type = string 156 | default = "Description of the ingress rule use elasticache." 157 | description = "Description of the ingress rule" 158 | } 159 | 160 | variable "allowed_ip" { 161 | type = list(any) 162 | default = [] 163 | description = "List of allowed ip." 164 | } 165 | 166 | variable "sg_egress_description" { 167 | type = string 168 | default = "Description of the rule." 169 | description = "Description of the egress and ingress rule" 170 | } 171 | 172 | variable "sg_egress_ipv6_description" { 173 | type = string 174 | default = "Description of the rule." 175 | description = "Description of the egress_ipv6 rule" 176 | } 177 | 178 | variable "allowed_ports" { 179 | type = list(any) 180 | default = [] 181 | description = "List of allowed ingress ports" 182 | } 183 | 184 | 185 | variable "protocol" { 186 | type = string 187 | default = "tcp" 188 | description = "The protocol. If not icmp, tcp, udp, or all use the." 189 | } 190 | variable "enable_global_write_forwarding" { 191 | description = "Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster" 192 | type = bool 193 | default = null 194 | } 195 | 196 | variable "enabled_cloudwatch_logs_exports" { 197 | description = "Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql`" 198 | type = list(string) 199 | default = [] 200 | } 201 | 202 | variable "enable_http_endpoint" { 203 | description = "Enable HTTP endpoint (data API). Only valid when engine_mode is set to `serverless`" 204 | type = bool 205 | default = null 206 | } 207 | 208 | variable "engine" { 209 | description = "The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`" 210 | type = string 211 | default = null 212 | } 213 | 214 | variable "engine_mode" { 215 | description = "The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned`" 216 | type = string 217 | default = "provisioned" 218 | } 219 | 220 | variable "engine_version" { 221 | description = "The database engine version. Updating this argument results in an outage" 222 | type = string 223 | default = null 224 | } 225 | 226 | variable "final_snapshot_identifier" { 227 | description = "The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made" 228 | type = string 229 | default = null 230 | } 231 | 232 | variable "global_cluster_identifier" { 233 | description = "The global cluster identifier specified on `aws_rds_global_cluster`" 234 | type = string 235 | default = null 236 | } 237 | 238 | variable "iam_database_authentication_enabled" { 239 | description = "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled" 240 | type = bool 241 | default = null 242 | } 243 | 244 | variable "iops" { 245 | description = "The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster" 246 | type = number 247 | default = null 248 | } 249 | 250 | variable "kms_key_id" { 251 | description = "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true`" 252 | type = string 253 | default = null 254 | } 255 | 256 | variable "manage_master_user_password" { 257 | description = "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if `master_password` is provided" 258 | type = bool 259 | default = true 260 | } 261 | 262 | variable "master_user_secret_kms_key_id" { 263 | description = "The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key" 264 | type = string 265 | default = null 266 | } 267 | 268 | variable "master_username" { 269 | description = "Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database" 270 | type = string 271 | default = null 272 | } 273 | 274 | variable "network_type" { 275 | description = "The type of network stack to use (IPV4 or DUAL)" 276 | type = string 277 | default = null 278 | } 279 | 280 | variable "port" { 281 | description = "The port on which the DB accepts connections" 282 | type = string 283 | default = null 284 | } 285 | 286 | variable "preferred_backup_window" { 287 | description = "The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC" 288 | type = string 289 | default = "02:00-03:00" 290 | } 291 | 292 | variable "preferred_maintenance_window" { 293 | description = "The weekly time range during which system maintenance can occur, in (UTC)" 294 | type = string 295 | default = "sun:05:00-sun:06:00" 296 | } 297 | 298 | variable "replication_source_identifier" { 299 | description = "ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica" 300 | type = string 301 | default = null 302 | } 303 | 304 | variable "restore_to_point_in_time" { 305 | description = "Map of nested attributes for cloning Aurora cluster" 306 | type = map(string) 307 | default = {} 308 | } 309 | 310 | variable "s3_import" { 311 | description = "Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported)" 312 | type = map(string) 313 | default = {} 314 | } 315 | 316 | variable "scaling_configuration" { 317 | description = "Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless`" 318 | type = map(string) 319 | default = {} 320 | } 321 | 322 | variable "serverlessv2_scaling_configuration" { 323 | description = "Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned`" 324 | type = map(string) 325 | default = {} 326 | } 327 | 328 | variable "skip_final_snapshot" { 329 | description = "Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created" 330 | type = bool 331 | default = false 332 | } 333 | 334 | variable "snapshot_identifier" { 335 | description = "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot" 336 | type = string 337 | default = null 338 | } 339 | 340 | variable "source_region" { 341 | description = "The source region for an encrypted replica DB cluster" 342 | type = string 343 | default = null 344 | } 345 | 346 | variable "storage_encrypted" { 347 | description = "Specifies whether the DB cluster is encrypted. The default is `true`" 348 | type = bool 349 | default = true 350 | } 351 | 352 | variable "storage_type" { 353 | description = "Specifies the storage type to be associated with the DB cluster. (This setting is required to create a Multi-AZ DB cluster). Valid values: `io1`, Default: `io1`" 354 | type = string 355 | default = null 356 | } 357 | 358 | variable "cluster_tags" { 359 | description = "A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging" 360 | type = map(string) 361 | default = {} 362 | } 363 | 364 | variable "vpc_security_group_ids" { 365 | description = "List of VPC security groups to associate to the cluster in addition to the security group created" 366 | type = list(string) 367 | default = [] 368 | } 369 | 370 | variable "cluster_timeouts" { 371 | description = "Create, update, and delete timeout configurations for the cluster" 372 | type = map(string) 373 | default = {} 374 | } 375 | 376 | ################################################################################ 377 | # Cluster Instance(s) 378 | ################################################################################ 379 | 380 | variable "instances" { 381 | description = "Map of cluster instances and any specific/overriding attributes to be created" 382 | type = any 383 | default = {} 384 | } 385 | 386 | variable "auto_minor_version_upgrade" { 387 | description = "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`" 388 | type = bool 389 | default = null 390 | } 391 | 392 | variable "ca_cert_identifier" { 393 | description = "The identifier of the CA certificate for the DB instance" 394 | type = string 395 | default = null 396 | } 397 | 398 | variable "db_parameter_group_name" { 399 | description = "The name of the DB parameter group" 400 | type = string 401 | default = null 402 | } 403 | 404 | variable "instances_use_identifier_prefix" { 405 | description = "Determines whether cluster instance identifiers are used as prefixes" 406 | type = bool 407 | default = false 408 | } 409 | 410 | variable "instance_class" { 411 | description = "Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling" 412 | type = string 413 | default = "" 414 | } 415 | 416 | variable "monitoring_interval" { 417 | description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disable. Default is `0`" 418 | type = number 419 | default = 0 420 | } 421 | 422 | variable "performance_insights_enabled" { 423 | description = "Specifies whether Performance Insights is enabled or not" 424 | type = bool 425 | default = null 426 | } 427 | 428 | variable "performance_insights_kms_key_id" { 429 | description = "The ARN for the KMS key to encrypt Performance Insights data" 430 | type = string 431 | default = null 432 | } 433 | 434 | variable "performance_insights_retention_period" { 435 | description = "Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)" 436 | type = number 437 | default = null 438 | } 439 | 440 | variable "publicly_accessible" { 441 | description = "Determines whether instances are publicly accessible. Default `false`" 442 | type = bool 443 | default = false 444 | } 445 | 446 | variable "instance_timeouts" { 447 | description = "Create, update, and delete timeout configurations for the cluster instance(s)" 448 | type = map(string) 449 | default = {} 450 | } 451 | 452 | ################################################################################ 453 | # Cluster Endpoint(s) 454 | ################################################################################ 455 | 456 | variable "endpoints" { 457 | description = "Map of additional cluster endpoints and their attributes to be created" 458 | type = any 459 | default = {} 460 | } 461 | 462 | ################################################################################ 463 | # Cluster IAM Roles 464 | ################################################################################ 465 | 466 | variable "iam_roles" { 467 | description = "Map of IAM roles and supported feature names to associate with the cluster" 468 | type = map(map(string)) 469 | default = {} 470 | } 471 | 472 | ################################################################################ 473 | # Enhanced Monitoring 474 | ################################################################################ 475 | 476 | variable "create_monitoring_role" { 477 | description = "Determines whether to create the IAM role for RDS enhanced monitoring" 478 | type = bool 479 | default = true 480 | } 481 | 482 | variable "monitoring_role_arn" { 483 | description = "IAM role used by RDS to send enhanced monitoring metrics to CloudWatch" 484 | type = string 485 | default = "" 486 | } 487 | 488 | variable "sg_description" { 489 | type = string 490 | default = "Instance default security group (only egress access is allowed)." 491 | description = "The security group description." 492 | } 493 | 494 | variable "monitoring_role_name" { 495 | type = string 496 | default = "rds-monitoring-role" 497 | description = "Name of the IAM role which will be created when create_monitoring_role is enabled." 498 | } 499 | 500 | variable "mysql_iam_role_tags" { 501 | type = map(any) 502 | default = {} 503 | description = "Additional tags for the mysql iam role" 504 | } 505 | 506 | 507 | variable "iam_role_description" { 508 | description = "Description of the monitoring role" 509 | type = string 510 | default = null 511 | } 512 | 513 | variable "iam_role_path" { 514 | description = "Path for the monitoring role" 515 | type = string 516 | default = null 517 | } 518 | 519 | variable "iam_role_managed_policy_arns" { 520 | description = "Set of exclusive IAM managed policy ARNs to attach to the monitoring role" 521 | type = list(string) 522 | default = null 523 | } 524 | 525 | variable "iam_role_permissions_boundary" { 526 | description = "The ARN of the policy that is used to set the permissions boundary for the monitoring role" 527 | type = string 528 | default = null 529 | } 530 | 531 | variable "iam_role_force_detach_policies" { 532 | description = "Whether to force detaching any policies the monitoring role has before destroying it" 533 | type = bool 534 | default = null 535 | } 536 | 537 | variable "iam_role_max_session_duration" { 538 | description = "Maximum session duration (in seconds) that you want to set for the monitoring role" 539 | type = number 540 | default = null 541 | } 542 | 543 | ################################################################################ 544 | # Autoscaling 545 | ################################################################################ 546 | 547 | variable "autoscaling_enabled" { 548 | description = "Determines whether autoscaling of the cluster read replicas is enabled" 549 | type = bool 550 | default = false 551 | } 552 | 553 | variable "autoscaling_max_capacity" { 554 | description = "Maximum number of read replicas permitted when autoscaling is enabled" 555 | type = number 556 | default = 2 557 | } 558 | 559 | variable "autoscaling_min_capacity" { 560 | description = "Minimum number of read replicas permitted when autoscaling is enabled" 561 | type = number 562 | default = 0 563 | } 564 | 565 | variable "autoscaling_policy_name" { 566 | description = "Autoscaling policy name" 567 | type = string 568 | default = "target-metric" 569 | } 570 | 571 | variable "predefined_metric_type" { 572 | description = "The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections`" 573 | type = string 574 | default = "RDSReaderAverageCPUUtilization" 575 | } 576 | 577 | variable "autoscaling_scale_in_cooldown" { 578 | description = "Cooldown in seconds before allowing further scaling operations after a scale in" 579 | type = number 580 | default = 300 581 | } 582 | 583 | variable "autoscaling_scale_out_cooldown" { 584 | description = "Cooldown in seconds before allowing further scaling operations after a scale out" 585 | type = number 586 | default = 300 587 | } 588 | 589 | variable "autoscaling_target_cpu" { 590 | description = "CPU threshold which will initiate autoscaling" 591 | type = number 592 | default = 70 593 | } 594 | 595 | variable "autoscaling_target_connections" { 596 | description = "Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections" 597 | type = number 598 | default = 700 599 | } 600 | 601 | ################################################################################ 602 | # Security Group 603 | ################################################################################ 604 | 605 | variable "enable_security_group" { 606 | type = bool 607 | default = true 608 | description = "Enable default Security Group with only Egress traffic allowed." 609 | } 610 | 611 | variable "sg_ids" { 612 | type = list(any) 613 | default = [] 614 | description = "of the security group id." 615 | } 616 | 617 | variable "egress_rule" { 618 | type = bool 619 | default = true 620 | description = "Enable to create egress rule" 621 | } 622 | variable "ipv6_cidr_blocks" { 623 | type = list(string) 624 | default = ["::/0"] 625 | description = "Enable to create egress rule" 626 | } 627 | 628 | variable "vpc_id" { 629 | description = "ID of the VPC where to create security group" 630 | type = string 631 | default = "" 632 | } 633 | 634 | variable "from_port" { 635 | description = " (Required) Start port (or ICMP type number if protocol is icmp or icmpv6)." 636 | type = number 637 | default = 0 638 | } 639 | 640 | variable "to_port" { 641 | description = "equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference" 642 | type = number 643 | default = 65535 644 | } 645 | 646 | variable "egress_protocol" { 647 | description = "equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference" 648 | type = number 649 | default = -1 650 | } 651 | variable "cidr_blocks" { 652 | description = "equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference" 653 | type = list(string) 654 | default = ["0.0.0.0/0"] 655 | } 656 | 657 | ################################################################################ 658 | # Cluster Parameter Group 659 | ################################################################################ 660 | 661 | variable "create_db_cluster_parameter_group" { 662 | description = "Determines whether a cluster parameter should be created or use existing" 663 | type = bool 664 | default = false 665 | } 666 | 667 | variable "db_cluster_parameter_group_name" { 668 | description = "The name of the DB cluster parameter group" 669 | type = string 670 | default = null 671 | } 672 | 673 | variable "db_cluster_parameter_group_description" { 674 | description = "The description of the DB cluster parameter group. Defaults to \"Managed by Terraform\"" 675 | type = string 676 | default = null 677 | } 678 | 679 | variable "db_cluster_parameter_group_family" { 680 | description = "The family of the DB cluster parameter group" 681 | type = string 682 | default = "" 683 | } 684 | 685 | variable "db_cluster_parameter_group_parameters" { 686 | description = "A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other" 687 | type = list(map(string)) 688 | default = [] 689 | } 690 | 691 | ################################################################################ 692 | # DB Parameter Group 693 | ################################################################################ 694 | 695 | variable "create_db_parameter_group" { 696 | description = "Determines whether a DB parameter should be created or use existing" 697 | type = bool 698 | default = false 699 | } 700 | 701 | variable "db_parameter_group_description" { 702 | description = "The description of the DB parameter group. Defaults to \"Managed by Terraform\"" 703 | type = string 704 | default = null 705 | } 706 | 707 | variable "db_parameter_group_family" { 708 | description = "The family of the DB parameter group" 709 | type = string 710 | default = "" 711 | } 712 | 713 | variable "db_parameter_group_parameters" { 714 | description = "A list of DB parameters to apply. Note that parameters may differ from a family to an other" 715 | type = list(map(string)) 716 | default = [] 717 | } 718 | 719 | 720 | ##-------------------------------------------------------------------------------------- 721 | ## RDS PROXY 722 | ##-------------------------------------------------------------------------------------- 723 | variable "create_db_proxy" { 724 | type = bool 725 | default = false 726 | description = "(Optional) Set this to true to create RDS Proxy." 727 | } 728 | 729 | variable "auth" { 730 | type = any 731 | default = {} 732 | description = "" 733 | } 734 | 735 | variable "debug_logging" { 736 | type = bool 737 | default = false 738 | description = "(Optional) Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs." 739 | } 740 | 741 | variable "engine_family" { 742 | type = string 743 | default = "POSTGRESQL" 744 | description = "(Required, Forces new resource) The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, specify SQLSERVER. Valid values are MYSQL, POSTGRESQL, and SQLSERVER." 745 | } 746 | 747 | variable "idle_client_timeout" { 748 | type = number 749 | default = 1800 750 | description = "(Optional) The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database." 751 | } 752 | 753 | variable "require_tls" { 754 | type = bool 755 | default = false 756 | description = "(Optional) A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy." 757 | } 758 | 759 | variable "proxy_sg_ids" { 760 | type = list(string) 761 | default = [] 762 | description = "(Optional) One or more VPC security group IDs to associate with the new proxy." 763 | } 764 | 765 | variable "proxy_subnet_ids" { 766 | type = list(string) 767 | default = [] 768 | description = "(Required) One or more VPC subnet IDs to associate with the new proxy." 769 | } 770 | 771 | variable "enable_default_proxy_iam_role" { 772 | type = bool 773 | default = true 774 | description = "(OPTIONAL) Set this to false to pass your own IAM Role for RDS Proxy." 775 | } 776 | 777 | variable "proxy_role_arn" { 778 | type = string 779 | default = "" 780 | description = "(OPTIONAL) ARN of RDS proxy IAM Role. Can only be set when `enable_default_proxy_iam_role` is set to `false`." 781 | } 782 | 783 | variable "connection_borrow_timeout" { 784 | type = number 785 | default = null 786 | description = "(Optional) The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions." 787 | } 788 | 789 | variable "init_query" { 790 | type = string 791 | default = "" 792 | description = "(Optional) One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2." 793 | } 794 | 795 | variable "max_connections_percent" { 796 | type = number 797 | default = 100 798 | description = "(Optional) The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group." 799 | } 800 | 801 | variable "max_idle_connections_percent" { 802 | type = number 803 | default = null 804 | description = "(Optional) Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group." 805 | } 806 | 807 | variable "session_pinning_filters" { 808 | type = list(string) 809 | default = [] 810 | description = "(Optional) Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is EXCLUDE_VARIABLE_SETS." 811 | } 812 | 813 | variable "proxy_endpoints" { 814 | type = any 815 | default = {} 816 | description = "Map of DB proxy endpoints to create and their attributes (see `aws_db_proxy_endpoint`)" 817 | } 818 | 819 | variable "proxy_iam_role_description" { 820 | description = "Description of the monitoring role" 821 | type = string 822 | default = null 823 | } 824 | 825 | variable "proxy_iam_role_path" { 826 | description = "Path for the monitoring role" 827 | type = string 828 | default = null 829 | } 830 | 831 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | random = { 11 | source = "hashicorp/random" 12 | version = ">= 3.5.1" 13 | } 14 | } 15 | } 16 | --------------------------------------------------------------------------------