├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ ├── config.yml │ ├── feature_request.yml │ └── question.md ├── PULL_REQUEST_TEMPLATE.md ├── banner.png ├── mergify.yml ├── renovate.json ├── settings.yml └── workflows │ ├── branch.yml │ ├── chatops.yml │ ├── release.yml │ └── scheduled.yml ├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── README.yaml ├── atmos.yaml ├── main.tf ├── outputs.tf └── variables.tf /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Use this file to define individuals or teams that are responsible for code in a repository. 2 | # Read more: 3 | # 4 | # Order is important: the last matching pattern has the highest precedence 5 | 6 | # These owners will be the default owners for everything 7 | * @cloudposse/engineering @cloudposse/contributors 8 | 9 | # Cloud Posse must review any changes to Makefiles 10 | **/Makefile @cloudposse/engineering 11 | **/Makefile.* @cloudposse/engineering 12 | 13 | # Cloud Posse must review any changes to GitHub actions 14 | .github/* @cloudposse/engineering 15 | 16 | # Cloud Posse must review any changes to standard context definition, 17 | # but some changes can be rubber-stamped. 18 | **/*.tf @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers 19 | README.yaml @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers 20 | README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers 21 | docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers 22 | 23 | # Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration 24 | .github/mergify.yml @cloudposse/admins 25 | .github/CODEOWNERS @cloudposse/admins 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | description: Create a report to help us improve 4 | labels: ["bug"] 5 | assignees: [""] 6 | body: 7 | - type: markdown 8 | attributes: 9 | value: | 10 | Found a bug? 11 | 12 | Please checkout our [Slack Community](https://slack.cloudposse.com) 13 | or visit our [Slack Archive](https://archive.sweetops.com/). 14 | 15 | [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) 16 | 17 | - type: textarea 18 | id: concise-description 19 | attributes: 20 | label: Describe the Bug 21 | description: A clear and concise description of what the bug is. 22 | placeholder: What is the bug about? 23 | validations: 24 | required: true 25 | 26 | - type: textarea 27 | id: expected 28 | attributes: 29 | label: Expected Behavior 30 | description: A clear and concise description of what you expected. 31 | placeholder: What happened? 32 | validations: 33 | required: true 34 | 35 | - type: textarea 36 | id: reproduction-steps 37 | attributes: 38 | label: Steps to Reproduce 39 | description: Steps to reproduce the behavior. 40 | placeholder: How do we reproduce it? 41 | validations: 42 | required: true 43 | 44 | - type: textarea 45 | id: screenshots 46 | attributes: 47 | label: Screenshots 48 | description: If applicable, add screenshots or logs to help explain. 49 | validations: 50 | required: false 51 | 52 | - type: textarea 53 | id: environment 54 | attributes: 55 | label: Environment 56 | description: Anything that will help us triage the bug. 57 | placeholder: | 58 | - OS: [e.g. Linux, OSX, WSL, etc] 59 | - Version [e.g. 10.15] 60 | - Module version 61 | - Terraform version 62 | validations: 63 | required: false 64 | 65 | - type: textarea 66 | id: additional 67 | attributes: 68 | label: Additional Context 69 | description: | 70 | Add any other context about the problem here. 71 | validations: 72 | required: false 73 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | 3 | contact_links: 4 | 5 | - name: Community Slack Team 6 | url: https://cloudposse.com/slack/ 7 | about: |- 8 | Please ask and answer questions here. 9 | 10 | - name: Office Hours 11 | url: https://cloudposse.com/office-hours/ 12 | about: |- 13 | Join us every Wednesday for FREE Office Hours (lunch & learn). 14 | 15 | - name: DevOps Accelerator Program 16 | url: https://cloudposse.com/accelerate/ 17 | about: |- 18 | Own your infrastructure in record time. We build it. You drive it. 19 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | description: Suggest an idea for this project 4 | labels: ["feature request"] 5 | assignees: [""] 6 | body: 7 | - type: markdown 8 | attributes: 9 | value: | 10 | Have a question? 11 | 12 | Please checkout our [Slack Community](https://slack.cloudposse.com) 13 | or visit our [Slack Archive](https://archive.sweetops.com/). 14 | 15 | [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) 16 | 17 | - type: textarea 18 | id: concise-description 19 | attributes: 20 | label: Describe the Feature 21 | description: A clear and concise description of what the feature is. 22 | placeholder: What is the feature about? 23 | validations: 24 | required: true 25 | 26 | - type: textarea 27 | id: expected 28 | attributes: 29 | label: Expected Behavior 30 | description: A clear and concise description of what you expected. 31 | placeholder: What happened? 32 | validations: 33 | required: true 34 | 35 | - type: textarea 36 | id: use-case 37 | attributes: 38 | label: Use Case 39 | description: | 40 | Is your feature request related to a problem/challenge you are trying 41 | to solve? 42 | 43 | Please provide some additional context of why this feature or 44 | capability will be valuable. 45 | validations: 46 | required: true 47 | 48 | - type: textarea 49 | id: ideal-solution 50 | attributes: 51 | label: Describe Ideal Solution 52 | description: A clear and concise description of what you want to happen. 53 | validations: 54 | required: true 55 | 56 | - type: textarea 57 | id: alternatives-considered 58 | attributes: 59 | label: Alternatives Considered 60 | description: Explain alternative solutions or features considered. 61 | validations: 62 | required: false 63 | 64 | - type: textarea 65 | id: additional 66 | attributes: 67 | label: Additional Context 68 | description: | 69 | Add any other context about the problem here. 70 | validations: 71 | required: false 72 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/question.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudposse/terraform-aws-rds-replica/af3ecf1f31dbefc69b14268cae6968c5d5d5de8e/.github/ISSUE_TEMPLATE/question.md -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | 3 | 7 | 8 | ## why 9 | 10 | 15 | 16 | ## references 17 | 18 | 22 | -------------------------------------------------------------------------------- /.github/banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudposse/terraform-aws-rds-replica/af3ecf1f31dbefc69b14268cae6968c5d5d5de8e/.github/banner.png -------------------------------------------------------------------------------- /.github/mergify.yml: -------------------------------------------------------------------------------- 1 | extends: .github 2 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base", 4 | ":preserveSemverRanges" 5 | ], 6 | "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"], 7 | "labels": ["auto-update"], 8 | "dependencyDashboardAutoclose": true, 9 | "enabledManagers": ["terraform"], 10 | "terraform": { 11 | "ignorePaths": ["**/context.tf", "examples/**"] 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /.github/settings.yml: -------------------------------------------------------------------------------- 1 | # Upstream changes from _extends are only recognized when modifications are made to this file in the default branch. 2 | _extends: .github 3 | repository: 4 | name: terraform-aws-rds-replica 5 | description: Terraform module that provisions an RDS replica 6 | homepage: https://cloudposse.com/accelerate 7 | topics: rds, terraform, terraform-modue, aurora, mysql, postgres, slave, replica, readonly 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /.github/workflows/branch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Branch 3 | on: 4 | pull_request: 5 | branches: 6 | - main 7 | - release/** 8 | types: [opened, synchronize, reopened, labeled, unlabeled] 9 | push: 10 | branches: 11 | - main 12 | - release/v* 13 | paths-ignore: 14 | - '.github/**' 15 | - 'docs/**' 16 | - 'examples/**' 17 | - 'test/**' 18 | - 'README.md' 19 | 20 | permissions: {} 21 | 22 | jobs: 23 | terraform-module: 24 | uses: cloudposse/.github/.github/workflows/shared-terraform-module.yml@main 25 | secrets: inherit 26 | -------------------------------------------------------------------------------- /.github/workflows/chatops.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: chatops 3 | on: 4 | issue_comment: 5 | types: [created] 6 | 7 | permissions: 8 | pull-requests: write 9 | id-token: write 10 | contents: write 11 | statuses: write 12 | 13 | jobs: 14 | test: 15 | uses: cloudposse/.github/.github/workflows/shared-terraform-chatops.yml@main 16 | if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/terratest') }} 17 | secrets: inherit 18 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: release 3 | on: 4 | release: 5 | types: 6 | - published 7 | 8 | permissions: 9 | id-token: write 10 | contents: write 11 | pull-requests: write 12 | 13 | jobs: 14 | terraform-module: 15 | uses: cloudposse/.github/.github/workflows/shared-release-branches.yml@main 16 | secrets: inherit 17 | -------------------------------------------------------------------------------- /.github/workflows/scheduled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: scheduled 3 | on: 4 | workflow_dispatch: { } # Allows manually trigger this workflow 5 | schedule: 6 | - cron: "0 3 * * *" 7 | 8 | permissions: 9 | pull-requests: write 10 | id-token: write 11 | contents: write 12 | 13 | jobs: 14 | scheduled: 15 | uses: cloudposse/.github/.github/workflows/shared-terraform-scheduled.yml@main 16 | secrets: inherit 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.tfstate 3 | *.tfstate.backup 4 | 5 | # Module directory 6 | .terraform 7 | .idea 8 | *.iml 9 | 10 | .build-harness 11 | build-harness -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | addons: 2 | apt: 3 | packages: 4 | - git 5 | - make 6 | - curl 7 | 8 | install: 9 | - make init 10 | 11 | script: 12 | - make terraform/install 13 | - make terraform/get-plugins 14 | - make terraform/get-modules 15 | - make terraform/lint 16 | - make terraform/validate 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2019 Cloud Posse, LLC 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Project Banner
5 |

6 | Latest ReleaseLast UpdatedSlack Community

7 | 8 | 9 | 29 | 30 | Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) replica instances. These are best suited for reporting purposes. 31 | 32 | **IMPORTANT** It is not possible to create a read replica for a DB Instance that belongs to an Aurora DB Cluster. 33 | 34 | 35 | > [!TIP] 36 | > #### 👽 Use Atmos with Terraform 37 | > Cloud Posse uses [`atmos`](https://atmos.tools) to easily orchestrate multiple environments using Terraform.
38 | > Works with [Github Actions](https://atmos.tools/integrations/github-actions/), [Atlantis](https://atmos.tools/integrations/atlantis), or [Spacelift](https://atmos.tools/integrations/spacelift). 39 | > 40 | >
41 | > Watch demo of using Atmos with Terraform 42 | >
43 | > Example of running atmos to manage infrastructure from our Quick Start tutorial. 44 | > 45 | 46 | 47 | ## Introduction 48 | 49 | The module will create an RDS replica instance: 50 | 51 | * RDS Replica instance (MySQL, Postgres, SQL Server, Oracle) 52 | * RDS Subnet Group 53 | * RDS DB Security Group 54 | * DNS Record in Route53 for the DB endpoint 55 | 56 | 57 | 58 | 59 | ## Usage 60 | 61 | ```hcl 62 | module "rds_replica" { 63 | source = "git::https://github.com/cloudposse/terraform-aws-rds-replica.git?ref=master" 64 | namespace = "eg" 65 | stage = "prod" 66 | name = "reporting" 67 | replicate_source_db = "eg-prod-db 68 | dns_zone_id = "Z89FN1IW975KPE" 69 | host_name = "reporting" 70 | security_group_ids = ["sg-xxxxxxxx"] 71 | database_port = 3306 72 | multi_az = "true" 73 | storage_type = "gp2" 74 | storage_encrypted = "true" 75 | instance_class = "db.t2.medium" 76 | publicly_accessible = "false" 77 | subnet_ids = ["subnet-xxxxxxxxx", "subnet-xxxxxxxxx"] 78 | vpc_id = "vpc-xxxxxxxx" 79 | auto_minor_version_upgrade = "true" 80 | allow_major_version_upgrade = "false" 81 | apply_immediately = "false" 82 | maintenance_window = "Mon:03:00-Mon:04:00" 83 | skip_final_snapshot = "false" 84 | copy_tags_to_snapshot = "true" 85 | backup_retention_period = 7 86 | backup_window = "22:00-03:00" 87 | } 88 | ``` 89 | 90 | > [!IMPORTANT] 91 | > In Cloud Posse's examples, we avoid pinning modules to specific versions to prevent discrepancies between the documentation 92 | > and the latest released versions. However, for your own projects, we strongly advise pinning each module to the exact version 93 | > you're using. This practice ensures the stability of your infrastructure. Additionally, we recommend implementing a systematic 94 | > approach for updating versions to avoid unexpected changes. 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | ## Makefile Targets 105 | ```text 106 | Available targets: 107 | 108 | help Help screen 109 | help/all Display help for all targets 110 | help/short This help short screen 111 | lint Lint terraform code 112 | 113 | ``` 114 | 115 | 116 | ## Requirements 117 | 118 | No requirements. 119 | 120 | ## Providers 121 | 122 | | Name | Version | 123 | |------|---------| 124 | | [aws](#provider\_aws) | n/a | 125 | 126 | ## Modules 127 | 128 | | Name | Source | Version | 129 | |------|--------|---------| 130 | | [dns\_host\_name](#module\_dns\_host\_name) | git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git | tags/0.2.5 | 131 | | [final\_snapshot\_label](#module\_final\_snapshot\_label) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | 132 | | [label](#module\_label) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.3 | 133 | 134 | ## Resources 135 | 136 | | Name | Type | 137 | |------|------| 138 | | [aws_db_instance.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource | 139 | | [aws_db_subnet_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource | 140 | | [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | 141 | | [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | 142 | | [aws_security_group_rule.allow_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | 143 | | [aws_security_group_rule.allow_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | 144 | 145 | ## Inputs 146 | 147 | | Name | Description | Type | Default | Required | 148 | |------|-------------|------|---------|:--------:| 149 | | [allow\_major\_version\_upgrade](#input\_allow\_major\_version\_upgrade) | Allow major version upgrade | `string` | `"false"` | no | 150 | | [apply\_immediately](#input\_apply\_immediately) | Specifies whether any database modifications are applied immediately, or during the next maintenance window | `string` | `"false"` | no | 151 | | [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | 152 | | [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4) | `string` | `"true"` | no | 153 | | [backup\_retention\_period](#input\_backup\_retention\_period) | Backup retention period in days. Must be > 0 to enable backups | `number` | `0` | no | 154 | | [backup\_window](#input\_backup\_window) | When AWS can perform DB snapshots, can't overlap with maintenance window | `string` | `"22:00-03:00"` | no | 155 | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy tags from DB to a snapshot | `string` | `"true"` | no | 156 | | [database\_port](#input\_database\_port) | Database port (\_e.g.\_ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids` | `any` | n/a | yes | 157 | | [db\_parameter](#input\_db\_parameter) | A list of DB parameters to apply. Note that parameters may differ from a DB family to another | `list(string)` | `[]` | no | 158 | | [delimiter](#input\_delimiter) | Delimiter to be used between `name`, `namespace`, `stage` and `attributes` | `string` | `"-"` | no | 159 | | [dns\_zone\_id](#input\_dns\_zone\_id) | The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name | `string` | `""` | no | 160 | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `string` | `"true"` | no | 161 | | [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | Final snapshot identifier e.g.: some-db-final-snapshot-2015-06-26-06-05 | `string` | `""` | no | 162 | | [host\_name](#input\_host\_name) | The DB host name created in Route53 | `string` | `"db"` | no | 163 | | [instance\_class](#input\_instance\_class) | Class of RDS instance | `string` | n/a | yes | 164 | | [iops](#input\_iops) | The amount of provisioned IOPS. Setting this implies a storage\_type of 'io1'. Default is 0 if rds storage type is not 'io1' | `string` | `"0"` | no | 165 | | [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN | `string` | `""` | no | 166 | | [maintenance\_window](#input\_maintenance\_window) | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC | `string` | `"Mon:03:00-Mon:04:00"` | no | 167 | | [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60. | `string` | `"0"` | no | 168 | | [multi\_az](#input\_multi\_az) | Set to true if multi AZ deployment must be supported | `string` | `"false"` | no | 169 | | [name](#input\_name) | The Name of the application or solution (e.g. `bastion` or `portal`) | `string` | n/a | yes | 170 | | [namespace](#input\_namespace) | Namespace (e.g. `eg` or `cp`) | `string` | n/a | yes | 171 | | [parameter\_group\_name](#input\_parameter\_group\_name) | Name of the DB parameter group to associate | `string` | `""` | no | 172 | | [publicly\_accessible](#input\_publicly\_accessible) | Determines if database can be publicly available (NOT recommended) | `string` | `"false"` | no | 173 | | [replicate\_source\_db](#input\_replicate\_source\_db) | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms\_key\_id. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication. | `any` | n/a | yes | 174 | | [same\_region](#input\_same\_region) | Whether this replica is in the same region as the master. | `string` | `"false"` | no | 175 | | [security\_group\_ids](#input\_security\_group\_ids) | The IDs of the security groups from which to allow `ingress` traffic to the DB instance | `list(string)` | `[]` | no | 176 | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true (default), no snapshot will be made before deleting DB | `string` | `"true"` | no | 177 | | [snapshot\_identifier](#input\_snapshot\_identifier) | Snapshot identifier e.g: rds:production-2015-06-26-06-05. If specified, the module create cluster from the snapshot | `string` | `""` | no | 178 | | [stage](#input\_stage) | Stage (e.g. `prod`, `dev`, `staging`) | `string` | n/a | yes | 179 | | [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB instance is encrypted. The default is false if not specified. | `string` | `"false"` | no | 180 | | [storage\_type](#input\_storage\_type) | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). | `string` | `"standard"` | no | 181 | | [subnet\_ids](#input\_subnet\_ids) | List of subnets for the DB | `list(string)` | n/a | yes | 182 | | [tags](#input\_tags) | Additional tags (e.g. map(`BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no | 183 | | [vpc\_id](#input\_vpc\_id) | VPC ID the DB instance will be created in | `string` | n/a | yes | 184 | 185 | ## Outputs 186 | 187 | | Name | Description | 188 | |------|-------------| 189 | | [hostname](#output\_hostname) | DNS host name of the instance | 190 | | [instance\_address](#output\_instance\_address) | Address of the instance | 191 | | [instance\_endpoint](#output\_instance\_endpoint) | DNS Endpoint of the instance | 192 | | [instance\_id](#output\_instance\_id) | ID of the instance | 193 | | [security\_group\_id](#output\_security\_group\_id) | ID of the Security Group | 194 | | [subnet\_group\_id](#output\_subnet\_group\_id) | ID of the Subnet Group | 195 | 196 | 197 | 198 | ## Related Projects 199 | 200 | Check out these related projects. 201 | 202 | - [terraform-aws-rds](https://github.com/cloudposse/terraform-aws-rds) - Terraform module to provision AWS RDS instances for MySQL or Postgres 203 | - [terraform-aws-rds-cluster](https://github.com/cloudposse/terraform-aws-rds-cluster) - Terraform module to provision an RDS Aurora cluster for MySQL or Postgres 204 | - [terraform-aws-rds-cloudwatch-sns-alarms](https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms) - Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic 205 | 206 | 207 | > [!TIP] 208 | > #### Use Terraform Reference Architectures for AWS 209 | > 210 | > Use Cloud Posse's ready-to-go [terraform architecture blueprints](https://cloudposse.com/reference-architecture/) for AWS to get up and running quickly. 211 | > 212 | > ✅ We build it together with your team.
213 | > ✅ Your team owns everything.
214 | > ✅ 100% Open Source and backed by fanatical support.
215 | > 216 | > Request Quote 217 | >
📚 Learn More 218 | > 219 | >
220 | > 221 | > Cloud Posse is the leading [**DevOps Accelerator**](https://cpco.io/commercial-support?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds-replica&utm_content=commercial_support) for funded startups and enterprises. 222 | > 223 | > *Your team can operate like a pro today.* 224 | > 225 | > Ensure that your team succeeds by using Cloud Posse's proven process and turnkey blueprints. Plus, we stick around until you succeed. 226 | > #### Day-0: Your Foundation for Success 227 | > - **Reference Architecture.** You'll get everything you need from the ground up built using 100% infrastructure as code. 228 | > - **Deployment Strategy.** Adopt a proven deployment strategy with GitHub Actions, enabling automated, repeatable, and reliable software releases. 229 | > - **Site Reliability Engineering.** Gain total visibility into your applications and services with Datadog, ensuring high availability and performance. 230 | > - **Security Baseline.** Establish a secure environment from the start, with built-in governance, accountability, and comprehensive audit logs, safeguarding your operations. 231 | > - **GitOps.** Empower your team to manage infrastructure changes confidently and efficiently through Pull Requests, leveraging the full power of GitHub Actions. 232 | > 233 | > Request Quote 234 | > 235 | > #### Day-2: Your Operational Mastery 236 | > - **Training.** Equip your team with the knowledge and skills to confidently manage the infrastructure, ensuring long-term success and self-sufficiency. 237 | > - **Support.** Benefit from a seamless communication over Slack with our experts, ensuring you have the support you need, whenever you need it. 238 | > - **Troubleshooting.** Access expert assistance to quickly resolve any operational challenges, minimizing downtime and maintaining business continuity. 239 | > - **Code Reviews.** Enhance your team’s code quality with our expert feedback, fostering continuous improvement and collaboration. 240 | > - **Bug Fixes.** Rely on our team to troubleshoot and resolve any issues, ensuring your systems run smoothly. 241 | > - **Migration Assistance.** Accelerate your migration process with our dedicated support, minimizing disruption and speeding up time-to-value. 242 | > - **Customer Workshops.** Engage with our team in weekly workshops, gaining insights and strategies to continuously improve and innovate. 243 | > 244 | > Request Quote 245 | >
246 | 247 | ## ✨ Contributing 248 | 249 | This project is under active development, and we encourage contributions from our community. 250 | 251 | 252 | 253 | Many thanks to our outstanding contributors: 254 | 255 | 256 | 257 | 258 | 259 | For 🐛 bug reports & feature requests, please use the [issue tracker](https://github.com/cloudposse/terraform-aws-rds-replica/issues). 260 | 261 | In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. 262 | 1. Review our [Code of Conduct](https://github.com/cloudposse/terraform-aws-rds-replica/?tab=coc-ov-file#code-of-conduct) and [Contributor Guidelines](https://github.com/cloudposse/.github/blob/main/CONTRIBUTING.md). 263 | 2. **Fork** the repo on GitHub 264 | 3. **Clone** the project to your own machine 265 | 4. **Commit** changes to your own branch 266 | 5. **Push** your work back up to your fork 267 | 6. Submit a **Pull Request** so that we can review your changes 268 | 269 | **NOTE:** Be sure to merge the latest changes from "upstream" before making a pull request! 270 | 271 | ### 🌎 Slack Community 272 | 273 | Join our [Open Source Community](https://cpco.io/slack?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds-replica&utm_content=slack) on Slack. It's **FREE** for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally *sweet* infrastructure. 274 | 275 | ### 📰 Newsletter 276 | 277 | Sign up for [our newsletter](https://cpco.io/newsletter?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds-replica&utm_content=newsletter) and join 3,000+ DevOps engineers, CTOs, and founders who get insider access to the latest DevOps trends, so you can always stay in the know. 278 | Dropped straight into your Inbox every week — and usually a 5-minute read. 279 | 280 | ### 📆 Office Hours 281 | 282 | [Join us every Wednesday via Zoom](https://cloudposse.com/office-hours?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/terraform-aws-rds-replica&utm_content=office_hours) for your weekly dose of insider DevOps trends, AWS news and Terraform insights, all sourced from our SweetOps community, plus a _live Q&A_ that you can’t find anywhere else. 283 | It's **FREE** for everyone! 284 | ## License 285 | 286 | License 287 | 288 |
289 | Preamble to the Apache License, Version 2.0 290 |
291 |
292 | 293 | Complete license is available in the [`LICENSE`](LICENSE) file. 294 | 295 | ```text 296 | Licensed to the Apache Software Foundation (ASF) under one 297 | or more contributor license agreements. See the NOTICE file 298 | distributed with this work for additional information 299 | regarding copyright ownership. The ASF licenses this file 300 | to you under the Apache License, Version 2.0 (the 301 | "License"); you may not use this file except in compliance 302 | with the License. You may obtain a copy of the License at 303 | 304 | https://www.apache.org/licenses/LICENSE-2.0 305 | 306 | Unless required by applicable law or agreed to in writing, 307 | software distributed under the License is distributed on an 308 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 309 | KIND, either express or implied. See the License for the 310 | specific language governing permissions and limitations 311 | under the License. 312 | ``` 313 |
314 | 315 | ## Trademarks 316 | 317 | All other trademarks referenced herein are the property of their respective owners. 318 | 319 | 320 | --- 321 | Copyright © 2017-2024 [Cloud Posse, LLC](https://cpco.io/copyright) 322 | 323 | 324 | README footer 325 | 326 | Beacon 327 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # This is the canonical configuration for the `README.md` 3 | # Run `make readme` to rebuild the `README.md` 4 | # 5 | 6 | # Name of this project 7 | name: terraform-aws-rds-replica 8 | 9 | # Tags of this project 10 | tags: 11 | - aws 12 | - terraform 13 | - terraform-modules 14 | - databases 15 | - rds 16 | - aws-rds 17 | - postgres 18 | - mysql 19 | 20 | # Categories of this project 21 | categories: 22 | - terraform-modules/databases 23 | 24 | # Logo for this project 25 | #logo: docs/logo.png 26 | 27 | # License of this project 28 | license: "APACHE2" 29 | 30 | # Canonical GitHub repo 31 | github_repo: cloudposse/terraform-aws-rds-replica 32 | 33 | # Badges to display 34 | badges: 35 | - name: Latest Release 36 | image: https://img.shields.io/github/release/cloudposse/terraform-aws-rds-replica.svg?style=for-the-badge 37 | url: https://github.com/cloudposse/terraform-aws-rds-replica/releases/latest 38 | - name: Last Updated 39 | image: https://img.shields.io/github/last-commit/cloudposse/terraform-aws-rds-replica.svg?style=for-the-badge 40 | url: https://github.com/cloudposse/terraform-aws-rds-replica/commits 41 | - name: Slack Community 42 | image: https://slack.cloudposse.com/for-the-badge.svg 43 | url: https://cloudposse.com/slack 44 | 45 | # List any related terraform modules that this module may be used with or that this module depends on. 46 | related: 47 | - name: "terraform-aws-rds" 48 | description: "Terraform module to provision AWS RDS instances for MySQL or Postgres" 49 | url: "https://github.com/cloudposse/terraform-aws-rds" 50 | - name: "terraform-aws-rds-cluster" 51 | description: "Terraform module to provision an RDS Aurora cluster for MySQL or Postgres" 52 | url: "https://github.com/cloudposse/terraform-aws-rds-cluster" 53 | - name: "terraform-aws-rds-cloudwatch-sns-alarms" 54 | description: "Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic" 55 | url: "https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms" 56 | 57 | # Short description of this project 58 | description: |- 59 | Terraform module to provision AWS [`RDS`](https://aws.amazon.com/rds/) replica instances. These are best suited for reporting purposes. 60 | 61 | **IMPORTANT** It is not possible to create a read replica for a DB Instance that belongs to an Aurora DB Cluster. 62 | 63 | introduction: |- 64 | The module will create an RDS replica instance: 65 | 66 | * RDS Replica instance (MySQL, Postgres, SQL Server, Oracle) 67 | * RDS Subnet Group 68 | * RDS DB Security Group 69 | * DNS Record in Route53 for the DB endpoint 70 | 71 | # How to use this project 72 | usage: |- 73 | ```hcl 74 | module "rds_replica" { 75 | source = "git::https://github.com/cloudposse/terraform-aws-rds-replica.git?ref=master" 76 | namespace = "eg" 77 | stage = "prod" 78 | name = "reporting" 79 | replicate_source_db = "eg-prod-db 80 | dns_zone_id = "Z89FN1IW975KPE" 81 | host_name = "reporting" 82 | security_group_ids = ["sg-xxxxxxxx"] 83 | database_port = 3306 84 | multi_az = "true" 85 | storage_type = "gp2" 86 | storage_encrypted = "true" 87 | instance_class = "db.t2.medium" 88 | publicly_accessible = "false" 89 | subnet_ids = ["subnet-xxxxxxxxx", "subnet-xxxxxxxxx"] 90 | vpc_id = "vpc-xxxxxxxx" 91 | auto_minor_version_upgrade = "true" 92 | allow_major_version_upgrade = "false" 93 | apply_immediately = "false" 94 | maintenance_window = "Mon:03:00-Mon:04:00" 95 | skip_final_snapshot = "false" 96 | copy_tags_to_snapshot = "true" 97 | backup_retention_period = 7 98 | backup_window = "22:00-03:00" 99 | } 100 | ``` 101 | 102 | include: [] 103 | contributors: [] 104 | -------------------------------------------------------------------------------- /atmos.yaml: -------------------------------------------------------------------------------- 1 | # Atmos Configuration — powered by https://atmos.tools 2 | # 3 | # This configuration enables centralized, DRY, and consistent project scaffolding using Atmos. 4 | # 5 | # Included features: 6 | # - Organizational custom commands: https://atmos.tools/core-concepts/custom-commands 7 | # - Automated README generation: https://atmos.tools/cli/commands/docs/generate 8 | # 9 | 10 | # Import shared configuration used by all modules 11 | import: 12 | - https://raw.githubusercontent.com/cloudposse/.github/refs/heads/main/.github/atmos/terraform-module.yaml 13 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | module "label" { 2 | source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3" 3 | enabled = var.enabled 4 | namespace = var.namespace 5 | name = var.name 6 | stage = var.stage 7 | delimiter = var.delimiter 8 | attributes = var.attributes 9 | tags = var.tags 10 | } 11 | 12 | module "final_snapshot_label" { 13 | source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.3" 14 | enabled = var.enabled 15 | namespace = var.namespace 16 | name = var.name 17 | stage = var.stage 18 | delimiter = var.delimiter 19 | attributes = ["${compact(concat(var.attributes, list("final", "snapshot")))}"] 20 | tags = var.tags 21 | } 22 | 23 | resource "aws_kms_key" "default" { 24 | count = local.enabled && length(var.kms_key_id) == 0 ? 1 : 0 25 | description = module.label.id 26 | deletion_window_in_days = 10 27 | enable_key_rotation = true 28 | tags = module.label.tags 29 | } 30 | 31 | locals { 32 | enabled = var.enabled == "true" 33 | final_snapshot_identifier = length(var.final_snapshot_identifier) > 0 ? var.final_snapshot_identifier : module.final_snapshot_label.id 34 | kms_key_id = length(var.kms_key_id) > 0 ? var.kms_key_id : join("", aws_kms_key.default.*.arn) 35 | } 36 | 37 | resource "aws_db_instance" "default" { 38 | count = local.enabled ? 1 : 0 39 | identifier = module.label.id 40 | port = var.database_port 41 | instance_class = var.instance_class 42 | storage_encrypted = var.storage_encrypted 43 | vpc_security_group_ids = ["${aws_security_group.default.*.id}"] 44 | db_subnet_group_name = join("", aws_db_subnet_group.default.*.name) 45 | multi_az = var.multi_az 46 | storage_type = var.storage_type 47 | iops = var.iops 48 | publicly_accessible = var.publicly_accessible 49 | snapshot_identifier = var.snapshot_identifier 50 | allow_major_version_upgrade = var.allow_major_version_upgrade 51 | auto_minor_version_upgrade = var.auto_minor_version_upgrade 52 | apply_immediately = var.apply_immediately 53 | maintenance_window = var.maintenance_window 54 | skip_final_snapshot = var.skip_final_snapshot 55 | copy_tags_to_snapshot = var.copy_tags_to_snapshot 56 | backup_retention_period = var.backup_retention_period 57 | backup_window = var.backup_window 58 | tags = module.label.tags 59 | final_snapshot_identifier = local.final_snapshot_identifier 60 | kms_key_id = local.kms_key_id 61 | monitoring_interval = var.monitoring_interval 62 | replicate_source_db = var.replicate_source_db 63 | } 64 | 65 | resource "aws_db_subnet_group" "default" { 66 | count = local.enabled && var.same_region == "false" ? 1 : 0 67 | name = module.label.id 68 | subnet_ids = ["${var.subnet_ids}"] 69 | tags = module.label.tags 70 | } 71 | 72 | resource "aws_security_group" "default" { 73 | count = local.enabled ? 1 : 0 74 | name = module.label.id 75 | description = "Allow inbound traffic from the security groups" 76 | vpc_id = var.vpc_id 77 | 78 | tags = module.label.tags 79 | } 80 | 81 | locals { 82 | security_group_id = join("", aws_security_group.default.*.id) 83 | } 84 | 85 | resource "aws_security_group_rule" "allow_ingress" { 86 | count = local.enabled ? length(var.security_group_ids) : 0 87 | security_group_id = local.security_group_id 88 | type = "ingress" 89 | from_port = var.database_port 90 | to_port = var.database_port 91 | protocol = "tcp" 92 | source_security_group_id = var.security_group_ids[count.index] 93 | } 94 | 95 | resource "aws_security_group_rule" "allow_egress" { 96 | count = local.enabled ? 1 : 0 97 | security_group_id = local.security_group_id 98 | type = "egress" 99 | from_port = 0 100 | to_port = 0 101 | protocol = "-1" 102 | cidr_blocks = ["0.0.0.0/0"] 103 | } 104 | 105 | module "dns_host_name" { 106 | source = "git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git?ref=tags/0.2.5" 107 | enabled = local.enabled && length(var.dns_zone_id) > 0 ? "true" : "false" 108 | namespace = var.namespace 109 | name = var.host_name 110 | stage = var.stage 111 | zone_id = var.dns_zone_id 112 | records = aws_db_instance.default.*.address 113 | } 114 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "instance_id" { 2 | value = join("", aws_db_instance.default.*.id) 3 | description = "ID of the instance" 4 | } 5 | 6 | output "instance_address" { 7 | value = join("", aws_db_instance.default.*.address) 8 | description = "Address of the instance" 9 | } 10 | 11 | output "instance_endpoint" { 12 | value = join("", aws_db_instance.default.*.endpoint) 13 | description = "DNS Endpoint of the instance" 14 | } 15 | 16 | output "subnet_group_id" { 17 | value = join("", aws_db_subnet_group.default.*.id) 18 | description = "ID of the Subnet Group" 19 | } 20 | 21 | output "security_group_id" { 22 | value = join("", aws_security_group.default.*.id) 23 | description = "ID of the Security Group" 24 | } 25 | 26 | output "hostname" { 27 | value = module.dns_host_name.hostname 28 | description = "DNS host name of the instance" 29 | } 30 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | type = string 3 | description = "The Name of the application or solution (e.g. `bastion` or `portal`)" 4 | } 5 | 6 | variable "namespace" { 7 | type = string 8 | description = "Namespace (e.g. `eg` or `cp`)" 9 | } 10 | 11 | variable "stage" { 12 | type = string 13 | description = "Stage (e.g. `prod`, `dev`, `staging`)" 14 | } 15 | 16 | variable "enabled" { 17 | description = "Set to false to prevent the module from creating any resources" 18 | default = "true" 19 | } 20 | 21 | variable "dns_zone_id" { 22 | type = string 23 | default = "" 24 | description = "The ID of the DNS Zone in Route53 where a new DNS record will be created for the DB host name" 25 | } 26 | 27 | variable "host_name" { 28 | type = string 29 | default = "db" 30 | description = "The DB host name created in Route53" 31 | } 32 | 33 | variable "security_group_ids" { 34 | type = list(string) 35 | default = [] 36 | description = "The IDs of the security groups from which to allow `ingress` traffic to the DB instance" 37 | } 38 | 39 | variable "database_port" { 40 | description = "Database port (_e.g._ `3306` for `MySQL`). Used in the DB Security Group to allow access to the DB instance from the provided `security_group_ids`" 41 | } 42 | 43 | variable "multi_az" { 44 | type = string 45 | description = "Set to true if multi AZ deployment must be supported" 46 | default = "false" 47 | } 48 | 49 | variable "storage_type" { 50 | type = string 51 | description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD)." 52 | default = "standard" 53 | } 54 | 55 | variable "storage_encrypted" { 56 | type = string 57 | description = "Specifies whether the DB instance is encrypted. The default is false if not specified." 58 | default = "false" 59 | } 60 | 61 | variable "iops" { 62 | description = "The amount of provisioned IOPS. Setting this implies a storage_type of 'io1'. Default is 0 if rds storage type is not 'io1'" 63 | default = "0" 64 | } 65 | 66 | variable "instance_class" { 67 | type = string 68 | description = "Class of RDS instance" 69 | 70 | # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html 71 | } 72 | 73 | variable "publicly_accessible" { 74 | type = string 75 | description = "Determines if database can be publicly available (NOT recommended)" 76 | default = "false" 77 | } 78 | 79 | variable "subnet_ids" { 80 | description = "List of subnets for the DB" 81 | type = list(string) 82 | } 83 | 84 | variable "vpc_id" { 85 | type = string 86 | description = "VPC ID the DB instance will be created in" 87 | } 88 | 89 | variable "auto_minor_version_upgrade" { 90 | type = string 91 | description = "Allow automated minor version upgrade (e.g. from Postgres 9.5.3 to Postgres 9.5.4)" 92 | default = "true" 93 | } 94 | 95 | variable "allow_major_version_upgrade" { 96 | type = string 97 | description = "Allow major version upgrade" 98 | default = "false" 99 | } 100 | 101 | variable "apply_immediately" { 102 | type = string 103 | description = "Specifies whether any database modifications are applied immediately, or during the next maintenance window" 104 | default = "false" 105 | } 106 | 107 | variable "maintenance_window" { 108 | type = string 109 | description = "The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' UTC " 110 | default = "Mon:03:00-Mon:04:00" 111 | } 112 | 113 | variable "skip_final_snapshot" { 114 | type = string 115 | description = "If true (default), no snapshot will be made before deleting DB" 116 | default = "true" 117 | } 118 | 119 | variable "copy_tags_to_snapshot" { 120 | type = string 121 | description = "Copy tags from DB to a snapshot" 122 | default = "true" 123 | } 124 | 125 | variable "backup_retention_period" { 126 | description = "Backup retention period in days. Must be > 0 to enable backups" 127 | default = 0 128 | } 129 | 130 | variable "backup_window" { 131 | type = string 132 | description = "When AWS can perform DB snapshots, can't overlap with maintenance window" 133 | default = "22:00-03:00" 134 | } 135 | 136 | variable "delimiter" { 137 | type = string 138 | default = "-" 139 | description = "Delimiter to be used between `name`, `namespace`, `stage` and `attributes`" 140 | } 141 | 142 | variable "attributes" { 143 | type = list(string) 144 | default = [] 145 | description = "Additional attributes (e.g. `1`)" 146 | } 147 | 148 | variable "tags" { 149 | type = map(string) 150 | default = {} 151 | description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)" 152 | } 153 | 154 | variable "db_parameter" { 155 | type = list(string) 156 | default = [] 157 | description = "A list of DB parameters to apply. Note that parameters may differ from a DB family to another" 158 | } 159 | 160 | variable "snapshot_identifier" { 161 | type = string 162 | description = "Snapshot identifier e.g: rds:production-2015-06-26-06-05. If specified, the module create cluster from the snapshot" 163 | default = "" 164 | } 165 | 166 | variable "final_snapshot_identifier" { 167 | type = string 168 | description = "Final snapshot identifier e.g.: some-db-final-snapshot-2015-06-26-06-05" 169 | default = "" 170 | } 171 | 172 | variable "parameter_group_name" { 173 | type = string 174 | description = "Name of the DB parameter group to associate" 175 | default = "" 176 | } 177 | 178 | variable "kms_key_id" { 179 | type = string 180 | description = "The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN" 181 | default = "" 182 | } 183 | 184 | variable "replicate_source_db" { 185 | description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms_key_id. See [DB Instance Replication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html) and [Working with PostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) for more information on using Replication." 186 | } 187 | 188 | variable "monitoring_interval" { 189 | description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values are 0, 1, 5, 10, 15, 30, 60." 190 | default = "0" 191 | } 192 | 193 | variable "same_region" { 194 | description = "Whether this replica is in the same region as the master." 195 | default = "false" 196 | } 197 | --------------------------------------------------------------------------------