terraform-aws-rds-aurora

Terraform module which creates AWS RDS Aurora resources. It supports MySQL, Postgres, Serverless and Global clusters.

Terraform versions

Terraform 0.13. Pin module version to ~> v3.2. Submit pull-requests to main branch.

Usage

module "rds-aurora-mysql" {
  source = "umotif-public/rds-aurora/aws"
  version = "~> 3.2.0"

  name_prefix         = "example-aurora-mysql"
  engine              = "aurora-mysql"
  engine_version      = "8.0.mysql_aurora.3.03.1"
  deletion_protection = true

  vpc_id  = module.vpc.vpc_id
  subnets = module.vpc.public_subnets

  replica_count                       = 2
  instance_type                       = "db.t4g.medium"
  apply_immediately                   = true
  skip_final_snapshot                 = true

  db_parameter_group_name         = "default"
  db_cluster_parameter_group_name = "default"

  iam_database_authentication_enabled = true

  allowed_cidr_blocks             = ["10.10.0.0/24", "10.20.0.0/24", "10.30.0.0/24"]

  create_security_group = true

  monitoring_interval = 60
  enabled_cloudwatch_logs_exports = [
    {
      name              = "audit",
      retention_in_days = "60"
      kms_key_id        = module.kms-cloudwatch.key_arn
    },
    {
      name       = "error"
      kms_key_id = module.kms-cloudwatch.key_arn
    },
    {
      name              = "general",
      retention_in_days = "30"
    },
    {
      name = "slowquery",
    }
  ]

  tags = {
    Environment = "test"
  }
}

Examples

• Aurora MySQL
• Global Aurora MySQL
• Aurora Serverless
• Aurora Postgres

Authors

Module managed by uMotif.

Global Aurora Cluster

Module supports configuration for Global Cluster, see an appropriate example for full configuration.

Please note that there are various limitations from AWS that you need to consider. See the AWS doc.

On the Terraform side, if you decide to upgrade engine version. You will need to run terraform apply twice. This is required since Terraform will only upgrade 2nd cluster during first run. During second run Terraform will upgrade the 1st cluster and automatically update global cluster version to match all clusters.

In order to activate global cluster, set enable_global_cluster = true when using this module.

Requirements

Name	Version
terraform	>= 1.0.11
aws	>= 4.61.0
random	>= 3.1.1

Providers

Name	Version
aws	>= 4.61.0
random	>= 3.1.1

Modules

No modules.

Resources

Name	Type
aws_appautoscaling_policy.read_replica	resource
aws_appautoscaling_target.read_replica	resource
aws_cloudwatch_log_group.audit_log_group	resource
aws_db_parameter_group.main	resource
aws_db_subnet_group.main	resource
aws_iam_role.rds_enhanced_monitoring	resource
aws_iam_role_policy_attachment.rds_enhanced_monitoring	resource
aws_rds_cluster.global	resource
aws_rds_cluster.main	resource
aws_rds_cluster_instance.main	resource
aws_rds_cluster_parameter_group.main	resource
aws_rds_cluster_role_association.main	resource
aws_security_group.main	resource
aws_security_group_rule.main_cidr_ingress	resource
aws_security_group_rule.main_default_ingress	resource
aws_security_group_rule.main_egress	resource
random_id.snapshot_identifier	resource
random_password.master_password	resource
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
allocated_storage	The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster	number	null	no
allow_major_version_upgrade	Enable to allow major engine version upgrades when changing engine versions. Defaults to false	bool	null	no
allowed_cidr_blocks	A list of CIDR blocks which are allowed to access the database	list(string)	[]	no
allowed_security_groups	A list of Security Group ID's to allow access to.	list(string)	[]	no
apply_immediately	Determines whether or not any DB modifications are applied immediately, or during the maintenance window	bool	false	no
auto_minor_version_upgrade	Determines whether minor engine upgrades will be performed automatically in the maintenance window	bool	true	no
availability_zones	List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply.	list(string)	null	no
backtrack_window	The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Defaults to 0. Must be between 0 and 259200 (72 hours)	number	0	no
backup_retention_period	How long to keep backups for (in days)	number	7	no
ca_cert_identifier	The identifier of the CA certificate for the DB instance.	string	"rds-ca-rsa4096-g1"	no
cluster_instance_tags	Additional tags for the cluster instance	map(string)	{}	no
cluster_parameters	A list of cluster parameter objects	list(object({ name = string value = string apply_method = string }))	[]	no
cluster_tags	Additional tags for the cluster	map(string)	{}	no
copy_tags_to_snapshot	Copy all Cluster tags to snapshots.	bool	false	no
create_monitoring_role	Whether to create the IAM role for RDS enhanced monitoring	bool	true	no
create_parameter_group	Whether to create parameter groups for RDS cluster and RDS instances	bool	true	no
create_security_group	Whether to create security group for RDS cluster	bool	true	no
database_name	Name for an automatically created database on cluster creation	string	""	no
db_cluster_parameter_group_name	The name of a DB Cluster parameter group to use	string	null	no
db_parameter_group_name	The name of a DB parameter group to use	string	null	no
db_subnet_group_name	The existing subnet group name to use	string	""	no
deletion_protection	If the DB instance should have deletion protection enabled	bool	false	no
enable_global_cluster	Set this variable to true if DB Cluster is going to be part of a Global Cluster.	bool	false	no
enable_http_endpoint	Whether or not to enable the Data API for a serverless Aurora database engine.	bool	false	no
enabled_cloudwatch_logs_exports	List of object which define log types to export to AWS Cloudwatch. See in examples.	list(any)	[]	no
engine	Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql	string	"aurora"	no
engine_mode	The database engine mode. Valid values: global, parallelquery, provisioned, serverless.	string	"provisioned"	no
engine_parameter_family	The database engine paramater group family	string	"aurora-mysql8.0"	no
engine_version	Aurora database engine version.	string	"8.0.mysql_aurora.3.03.1"	no
final_snapshot_identifier_prefix	The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too.	string	"final"	no
global_cluster_identifier	The global cluster identifier specified on aws_rds_global_cluster	string	""	no
iam_database_authentication_enabled	Specifies whether IAM Database authentication should be enabled or not. Not all versions and instances are supported. Refer to the AWS documentation to see which versions are supported.	bool	true	no
iam_roles	A Map of ARNs for the IAM roles to associate to the RDS Cluster.	map(map(string))	{}	no
instance_type	Instance type to use	string	n/a	yes
instances_parameters	Individual settings for instances.	list(string)	[]	no
iops	Amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.	number	null	no
kms_key_id	The ARN for the KMS encryption key if one is set to the cluster.	string	null	no
manage_master_user_password	Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is provided.	bool	true	no
master_password	Master DB password	string	""	no
master_user_secret_kms_key_id	Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.	string	null	no
master_username	Master DB username	string	"root"	no
monitoring_interval	The interval (seconds) between points when Enhanced Monitoring metrics are collected. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.	number	0	no
monitoring_role_arn	IAM role for RDS to send enhanced monitoring metrics to CloudWatch	string	null	no
name_prefix	Prefix Name used across all resources	string	n/a	yes
network_type	Network type of the cluster. Valid values: IPV4, DUAL.	string	null	no
parameters	A list of parameter objects	list(object({ name = string value = string }))	[]	no
performance_insights_enabled	specifies whether performance insights is enabled or not.	bool	false	no
performance_insights_kms_key_id	the arn for the kms key to encrypt performance insights data.	string	null	no
performance_insights_retention_period	amount of time in days to retain performance insights data. valid values are 7, 731 (2 years) or a multiple of 31. when specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true.	number	null	no
permissions_boundary	The ARN of the policy that is used to set the permissions boundary for the role.	string	null	no
port	The port on which to accept connections	string	""	no
predefined_metric_type	The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections.	string	"RDSReaderAverageCPUUtilization"	no
preferred_backup_window	When to perform DB backups	string	"02:00-03:00"	no
preferred_cluster_maintenance_window	When to perform maintenance on the cluster	string	"sun:05:00-sun:06:00"	no
preferred_instance_maintenance_window	When to perform maintenance on the instances	string	"sun:05:00-sun:06:00"	no
publicly_accessible	Whether the DB should have a public IP address	bool	false	no
replica_count	Number of reader nodes to create. If replica_scale_enable is true, the value of replica_scale_min is used instead.	number	1	no
replica_scale_connections	Average number of connections to trigger autoscaling at. Default value is 70% of db.r4.large's default max_connections	number	700	no
replica_scale_cpu	CPU usage to trigger autoscaling at	number	70	no
replica_scale_enabled	Whether to enable autoscaling for RDS Aurora (MySQL) read replicas	bool	false	no
replica_scale_in_cooldown	Cooldown in seconds before allowing further scaling operations after a scale in	number	300	no
replica_scale_max	Maximum number of replicas to allow scaling for	number	2	no
replica_scale_min	Minimum number of replicas to allow scaling for	number	0	no
replica_scale_out_cooldown	Cooldown in seconds before allowing further scaling operations after a scale out	number	300	no
replication_source_identifier	ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica.	string	null	no
restore_to_point_in_time	Restore to point in time configuration. See docs for arguments https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#restore_to_point_in_time-argument-reference	map(string)	{}	no
s3_import	Restore from a Percona XtraBackup stored in S3 bucket. Only Aurora MySQL is supported.	map(string)	null	no
scaling_configuration	Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless	map(string)	{}	no
security_group_description	The description of the security group. If value is set to empty string it will contain cluster name in the description.	string	""	no
serverlessv2_scaling_configuration	Nested attribute with scaling properties for ServerlessV2. Only valid when engine_mode is set to provisioned	map(string)	{}	no
skip_final_snapshot	Should a final snapshot be created on cluster destroy	bool	false	no
snapshot_identifier	DB snapshot to create this database from	string	null	no
source_region	The source region for an encrypted replica DB cluster.	string	null	no
storage_encrypted	Specifies whether the underlying storage layer should be encrypted	bool	true	no
subnets	List of subnet IDs to use	list(string)	[]	no
tags	A map of tags to add to all resources.	map(string)	{}	no
vpc_id	VPC ID	string	n/a	yes
vpc_security_group_ids	List of VPC security groups to associate to the cluster in addition to the SG that can be created in this module.	list(string)	[]	no

Outputs

Name	Description
rds_cluster_arn	The ID of the aurora cluster
rds_cluster_endpoint	The cluster endpoint
rds_cluster_id	The ID of the cluster
rds_cluster_instance_arns	A list of all cluster instance ARNs
rds_cluster_instance_dbi_resource_ids	A list of all the region-unique, immutable identifiers for the DB instances
rds_cluster_instance_endpoints	A list of all cluster instance endpoints
rds_cluster_instance_ids	A list of all cluster instance ids
rds_cluster_master_password	The master password
rds_cluster_master_username	The master username
rds_cluster_port	The port
rds_cluster_reader_endpoint	The cluster reader endpoint
rds_cluster_resource_id	The Resource ID of the cluster
security_group_id	The security group ID of the cluster

License

See LICENSE for full details.

Pre-commit hooks

Install dependencies

• pre-commit
• terraform-docs required for terraform_docs hooks.
• TFLint required for terraform_tflint hook.

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog