Skip to content

schubergphilis/terraform-aws-mcaf-aurora

Repository files navigation

terraform-aws-mcaf-aurora

Terraform module to create an AWS RDS Aurora cluster.

IMPORTANT: We do not pin modules to versions in our examples. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable.

Usage

Default behaviour of this module is to create a two-node cluster, a writer and a reader for high availability.

This can be changed by updating var.instance_count. By default all instances use the same settings. To configure settings per instance, use var.instance_config.

NOTE: keys in var.instance_count start from 1. See the endpoints-and-instance-config example to see it used.

Requirements

Name Version
terraform >= 1.8
aws >= 5.81.0

Providers

Name Version
aws >= 5.81.0

Modules

Name Source Version
rds_enhanced_monitoring_role schubergphilis/mcaf-role/aws ~> 0.4.0

Resources

Name Type
aws_db_parameter_group.default resource
aws_db_subnet_group.default resource
aws_rds_cluster.default resource
aws_rds_cluster_endpoint.default resource
aws_rds_cluster_instance.first resource
aws_rds_cluster_instance.rest resource
aws_rds_cluster_parameter_group.default resource
aws_rds_global_cluster.default resource
aws_security_group.default resource
aws_vpc_security_group_ingress_rule.default resource
aws_kms_alias.rds data source
aws_subnet.selected data source

Inputs

Name Description Type Default Required
engine The engine type of the Aurora cluster string n/a yes
name The name for the Aurora Cluster string n/a yes
subnet_ids List of subnet IDs to deploy Aurora in list(string) n/a yes
allocated_storage The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (Required for Multi-AZ DB cluster) number null no
allow_major_version_upgrade Enable to allow major engine version upgrades when changing engine versions bool false no
apply_immediately Specifies whether any cluster modifications are applied immediately bool true no
auto_minor_version_upgrade Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window bool true no
auto_pause Whether to enable automatic pause bool true no
backtrack_window The target backtrack window, in seconds. Only available for mysql engines. Must be between 0 (disabled) and 259200 (72 hours) number 0 no
backup_retention_period Number of days to retain backups for number 7 no
ca_cert_identifier Identifier of the CA certificate for the DB instance string "rds-ca-rsa2048-g1" no
cluster_family The family of the DB cluster parameter group string null no
cluster_parameters A list of cluster DB parameters to apply
list(object({
apply_method = optional(string, "immediate")
name = string
value = string
}))
[
{
"apply_method": "pending-reboot",
"name": "character_set_server",
"value": "utf8"
},
{
"apply_method": "pending-reboot",
"name": "character_set_client",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "require_secure_transport",
"value": "ON"
}
]
no
database The name of the first database to be created when the cluster is created string null no
database_parameters A list of instance DB parameters to apply
list(object({
apply_method = optional(string, "immediate")
name = string
value = string
}))
null no
db_cluster_instance_class The compute and memory capacity of each DB instance in the Multi-AZ DB cluster. Only set this variable if you are deploying a Multi-AZ DB cluster. (Required for Multi-AZ DB cluster) string null no
deletion_protection A boolean indicating if the DB instance should have deletion protection enable bool true no
enable_cloudwatch_logs_exports Set to false to disable logging to cloudwatch bool true no
enable_http_endpoint Enable Aurora Serverless HTTP endpoint (Data API) bool false no
enabled_cloudwatch_logs_exports List of log types to export to cloudwatch, by default all supported types are exported list(string) null no
endpoints A map of additional cluster endpoints to be created
map(object({
excluded_members = optional(list(string), [])
static_members = optional(list(string), [])
type = string
}))
{} no
engine_mode The engine mode of the Aurora cluster string "provisioned" no
engine_version The engine version of the Aurora cluster string null no
final_snapshot_identifier Identifier of the final snapshot to create before deleting the cluster string null no
global_database_primary Whether the cluster is part of a global database as the primary cluster bool false no
global_database_secondary Whether the cluster is part of a global database as the seconday cluster
object({
global_cluster_identifier = string
enable_global_write_forwarding = optional(bool, true)
})
null no
iam_database_authentication_enabled Specify if mapping AWS IAM accounts to database accounts is enabled. bool true no
iam_roles A list of IAM Role ARNs to associate with the cluster list(string) null no
instance_class The class of RDS instances to attach to the cluster instances (not used when engine_mode set to serverless) string null no
instance_config Map of instance specific settings that override values set elsewhere in the module, map keys should match instance number
map(object({
instance_class = optional(string, null)
promotion_tier = optional(number, null)
}))
null no
instance_count The number of RDS instances to attach (not used when engine_mode set to serverless) number 2 no
iops The amount of Provisioned IOPS to be initially allocated for each DB instance. (Required for Multi-AZ DB cluster) number null no
kms_key_id ARN of KMS key to encrypt storage and performance insights data string null no
manage_master_user Set to false to provide a custom password using master_password bool true no
master_password Password for the master DB user, must set manage_master_user to false if specifying a custom password string null no
master_user_secret_kms_key_id ID of KMS key to encrypt the master user Secrets Manager secret string null no
master_username Username for the master DB user string null no
max_capacity The maximum capacity of the serverless cluster number 8 no
min_capacity The minimum capacity of the serverless cluster number 1 no
monitoring_interval The interval (seconds) for collecting enhanced monitoring metrics string null no
parameter_group_name The name for the DB / RDS cluster parameter groups string null no
performance_insights Specifies whether Performance Insights is enabled or not bool true no
performance_insights_retention_period Amount of time in days to retain Performance Insights data, must be 7, 731 (2 years) or a multiple of 31 number 7 no
permissions_boundary The ARN of the policy that is used to set the permissions boundary for the role string null no
preferred_backup_window The daily time range during which automated backups are created, in UTC e.g. 04:00-09:00 string null no
preferred_maintenance_window The weekly time range during which system maintenance can occur, in UTC e.g. wed:04:00-wed:04:30 string null no
publicly_accessible Control if instances in cluster are publicly accessible string false no
seconds_until_auto_pause The time, in seconds, before an Aurora Serverless DB cluster is paused number 1800 no
security_group_ingress_rules Security Group ingress rules
list(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = string
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
}))
[] no
snapshot_identifier Database snapshot identifier to create the database from string null no
storage_encrypted Specifies whether the DB cluster is encrypted bool true no
storage_type Specifies the storage type to be associated with the DB cluster. (Required for Multi-AZ DB cluster) string null no
tags A mapping of tags to assign to the bucket map(string) null no
timeout_action The action to take when the timeout is reached string "RollbackCapacityChange" no

Outputs

Name Description
arn ARN of the Aurora cluster
cluster_identifier The RDS Cluster Identifier
cluster_resource_id The RDS Cluster Resource ID
custom_endpoints The DNS addresses of the custom endpoints.
database Name of the first database created when the cluster was created
endpoint DNS address of the RDS instance
global_cluster_identifier If the cluster is the primary of a global cluster, the global cluster ID
global_cluster_writer_endpoint If the cluster is the primary of a global cluster, the global cluster writer endpoint
id ID of the Aurora cluster
instance_ids Aurora instances IDs
master_user_secret The generated database master user secret when var.manage_master_user is set to true
master_username Username for the master DB user
port Port on which the DB accepts connections
reader_endpoint A load-balanced read-only endpoint for the Aurora cluster
security_group_id The securitiry group id that is attached to the Aurora cluster

Licensing

100% Open Source and licensed under the Apache License Version 2.0. See LICENSE for full details.