Skip to content

Latest commit

 

History

History
232 lines (197 loc) · 23.2 KB

README.md

File metadata and controls

232 lines (197 loc) · 23.2 KB

AURORA

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This Terraform module provides a convenient way to create and manage an Amazon Aurora RDS (Relational Database Service) cluster in AWS. It supports creating both Aurora MySQL and Aurora PostgreSQL clusters. Features
  1. Creates an Amazon Aurora RDS cluster with customizable configuration.
  2. Supports both Aurora MySQL and Aurora PostgreSQL engine types.
  3. Allows for easy management of database instances, replicas, and failover.
  4. Configurable backup retention periods and preferred backup/maintenance windows.
  5. Option to enable encryption at rest using AWS Key Management Service (KMS).
  6. Flexible configuration for database parameter groups and security groups.
  7. Supports provisioning in existing VPCs and subnets.
  8. Enables autoscaling for Aurora MySQL read replicas.
  9. Support for serverless Aurora PostgreSQL and performance insights.
  10. Replication: Replicate data from another Amazon RDS database by specifying the source database identifier.
  11. Snapshot Restore: Restore the database from a specified snapshot ID to easily recreate database instances.

Usage Example

  module "aurora" {
  source                           = "squareops/rds-aurora/aws"
  version                          = "2.1.1"
  role_arn                         = local.role_arn
  external_id                      = local.external_id
  environment                      = local.environment
  port                             = local.port
  vpc_id                           = module.vpc.vpc_id
  family                           = local.family
  subnets                          = module.vpc.database_subnets
  engine                           = local.engine
  engine_version                   = local.db_engine_version
  rds_instance_name                = local.name
  create_security_group            = true
  instance_type                    = local.db_instance_class
  storage_encrypted                = true
  kms_key_arn                      = module.kms.key_arn
  publicly_accessible              = false
  master_username                  = "devuser"
  database_name                    = "devdb"
  apply_immediately                = true
  create_random_password           = true
  skip_final_snapshot              = true #  Keeping final snapshot results in retention of DB options group and hence creates problems during destroy. So use this option wisely.
  snapshot_identifier              = null
  preferred_backup_window          = "03:00-06:00"
  preferred_maintenance_window     = "Mon:00:00-Mon:03:00"
  final_snapshot_identifier_prefix = "prod-snapshot"
  backup_retention_period          = 7
  enable_ssl_connection            = false
  autoscaling_enabled              = true
  autoscaling_max                  = 4
  autoscaling_min                  = 1
  long_query_time                  = 10
  deletion_protection              = false
  predefined_metric_type           = "RDSReaderAverageDatabaseConnections"
  autoscaling_target_connections   = 40
  autoscaling_scale_in_cooldown    = 60
  autoscaling_scale_out_cooldown   = 30
  allowed_cidr_blocks              = local.allowed_cidr_blocks
  allowed_security_groups          = local.allowed_security_groups
}

Security & Compliance

Security scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.

Benchmark Description
Ensure that encryption is enabled for RDS instances Enabled for RDS created using this module.

Requirements

Name Version
terraform >= 1.0
aws >= 4.30

Providers

Name Version
aws >= 4.30
aws.secondary >= 4.30
random n/a

Modules

Name Source Version
aurora terraform-aws-modules/rds-aurora/aws 8.3.0
aurora_secondary terraform-aws-modules/rds-aurora/aws 8.3.0

Resources

Name Type
aws_db_parameter_group.rds_parameter_group resource
aws_rds_cluster_parameter_group.rds_cluster_parameter_group resource
aws_rds_global_cluster.this resource
aws_secretsmanager_secret.secret_master_db resource
aws_secretsmanager_secret_version.rds_credentials resource
random_password.master resource
aws_availability_zones.primary data source
aws_availability_zones.secondary data source
aws_caller_identity.current data source

Inputs

Name Description Type Default Required
allow_major_version_upgrade Determines whether major engine upgrades are allowed when changing engine version bool false no
allowed_cidr_blocks A list of CIDR blocks which are allowed to access the database any [] no
allowed_security_groups A list of Security Group IDs to allow access to the database any [] no
apply_immediately Specifies whether any cluster modifications are applied immediately or during the next maintenance window bool false no
autoscaling_cpu CPU usage to trigger autoscaling at number 70 no
autoscaling_enabled Whether to enable autoscaling for RDS Aurora (MySQL) read replicas bool false no
autoscaling_max Maximum number of replicas to allow scaling for number 3 no
autoscaling_min Minimum number of replicas to allow scaling for number 1 no
autoscaling_scale_in_cooldown Cooldown in seconds before allowing further scaling operations after a scale in number 300 no
autoscaling_scale_out_cooldown Cooldown in seconds before allowing further scaling operations after a scale out number 300 no
autoscaling_target_connections No of connections on which aurora has to scale if predefined_metric_type is RDSReaderAverageDatabaseConnections number 50 no
backup_retention_period The number of days to retain backups for number null no
create_monitoring_role Set it to true to create IAM role for Enhanced monitoring. bool false no
create_random_password Whether to create a random password for the primary database cluster bool true no
create_security_group Whether to create a security group or not bool true no
database_name The name for an automatically created database on cluster creation string "" no
deletion_protection Whether accidental deletion protection is enabled bool true no
enable_egress Set it true if allow outbound traffic in rds security group bool true no
enable_http_endpoint Whether or not to enable the Data API for a serverless Aurora database engine bool false no
enable_ssl_connection Whether or not to enable the ssl connection bool false no
engine The name of the database engine to be used for this DB cluster string "aurora" no
engine_mode The database engine mode. Valid values: global, parallelquery, provisioned, serverless, multimaster string "provisioned" no
engine_version The database engine version. Updating this argument results in an outage. string "" no
environment Select enviroment type: dev, demo, prod string "demo" no
external_id External ID for assuming role. string "" no
family Version of aurora DB family being created string "aurora-mysql5.7" no
final_snapshot_identifier_prefix The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too. string "final" no
global_cluster_enable Whether enable global cluster then set it to true bool false no
global_cluster_identifier Global RDS Cluster Identifier name string null no
iam_database_authentication_enabled Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled bool null no
instance_type Instance type string "db.m5.large" no
instances_config Map of cluster instances and any specific/overriding attributes to be created map(any)
{
"one": {}
}
no
kms_key_arn The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used string null no
long_query_time To prevent fast-running queries from being logged in the slow query log, specify a value for the shortest query runtime to be logged, in seconds number 10 no
manage_master_user_password Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is provided bool false no
master_username The username for the primary cluster string "root" no
monitoring_interval The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disble. Default is 0 number 0 no
performance_insights_enabled Specifies whether Performance Insights is enabled or not bool null no
performance_insights_kms_key_id ARN of KMS key to encrypt performance insights data. string null no
performance_insights_retention_period Retention period for performance insights data, Either 7 (7 days) or 731 (2 years). number null no
port The port for the database number 3306 no
predefined_metric_type The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections string "RDSReaderAverageDatabaseConnections" no
preferred_backup_window The maintenance window for performing database backup string "" no
preferred_maintenance_window The maintenance window for performing database maintenance string "" no
publicly_accessible Specifies whether the database is publicly accessible over the internet bool false no
random_password_length The length of the randomly generated password. (default: 10) number 16 no
rds_instance_name The name of the RDS instance string "" no
region AWS region name where the primary RDS resources will be deployed string null no
role_arn The ARN of the role to assume. Leave empty if not using assume role. string "" no
scaling_configuration Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless map(string) {} no
secondary_kms_key_arn The ARN for the secondary region KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used string null no
secondary_region Secondary AWS region name where the Secondary RDS and VPC resources will be deployed string null no
secondary_subnets List of subnet IDs used by database subnet group created in secondary region list(string) [] no
secondary_vpc_allowed_cidr_blocks A list of CIDR blocks which are allowed to access the database any [] no
secondary_vpc_allowed_security_groups A list of Security Group IDs to allow access to the database any [] no
secondary_vpc_id The secondary VPC in which secondary RDS will be launched string "" no
security_group_description The description of the security group. If value is set to empty string it will contain cluster name in the description string "RDS Aurora SG managed by Terraform" no
security_group_rules Map of security group rules to add to the cluster security group created any {} no
serverlessv2_scaling_configuration Map of nested attributes with serverless v2 scaling properties. Only valid when engine_mode is set to provisioned map(string) {} no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier bool true no
snapshot_identifier DB snapshot to create this database from string "" no
storage_encrypted Allow Database encryption or not bool true no
subnets List of subnet IDs used by database subnet group created list(string) [] no
vpc_id In which VPC do you want to deploy the RDS cluster string "" no

Outputs

Name Description
rds_cluster_endpoint The endpoint URL of the Aurora cluster
rds_cluster_master_password The master password for the Aurora cluster
rds_cluster_master_username The master username for the Aurora cluster
rds_cluster_reader_endpoint The reader endpoint URL of the Aurora cluster
secondary_rds_cluster_endpoint The endpoint URL of the Aurora cluster secondary instance
secondary_rds_cluster_reader_endpoint A read-only endpoint for the cluster, automatically load-balanced across replicas
security_group_id The security group ID associated with the Aurora cluster

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.