AWS RDS Aurora Terraform module

Terraform module which creates RDS Aurora resources on AWS.

These types of resources are supported:

• RDS Cluster
• RDS Cluster Instance
• DB Subnet Group
• Application AutoScaling Policy
• Application AutoScaling Target

Available features

• Autoscaling of replicas
• Enhanced Monitoring
• Optional cloudwatch alarms

Usage

module "db" {
  source                          = "terraform-aws-modules/rds-aurora/aws"
  name                            = "test-aurora-db-postgres96"
  engine                          = "aurora-postgresql"
  engine_version                  = "9.6.3"
  vpc_id                          = "vpc-12345678"
  subnet_ids                      = ["subnet-12345678", "subnet-87654321"]
  azs                             = ["eu-west-1a", "eu-west-1b"]
  replica_count                   = 1
  allowed_security_groups         = ["sg-12345678"]
  instance_type                   = "db.r4.large"
  db_parameter_group_name         = "default"
  db_cluster_parameter_group_name = "default"

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Examples

• PostgreSQL: A simple example with VPC and PostgreSQL cluster.
• MySQL: A simple example with VPC and MySQL cluster.
• Production: A production ready PostgreSQL cluster with enhanced monitoring, autoscaling and cloudwatch alarms.

Documentation generation

Documentation should be modified within main.tf and generated using terraform-docs. Generate them like so:

go get github.com/segmentio/terraform-docs
terraform-docs md ./ | cat -s | perl -e "print reverse(<>)" | tail -n +2 | perl -e "print reverse(<>)" >> README.md

Requirements

Name	Version
aws	>= 3.63.0

Providers

Name	Version
aws	>= 3.63.0
random	n/a

Modules

No modules.

Resources

Name	Type
aws_appautoscaling_policy.autoscaling_read_replica_count	resource
aws_appautoscaling_target.read_replica_count	resource
aws_cloudwatch_log_group.this	resource
aws_cloudwatch_metric_alarm.aurora_replica_lag	resource
aws_cloudwatch_metric_alarm.cpu_utilization_reader	resource
aws_cloudwatch_metric_alarm.cpu_utilization_writer	resource
aws_cloudwatch_metric_alarm.database_connections_reader	resource
aws_cloudwatch_metric_alarm.database_connections_writer	resource
aws_cloudwatch_metric_alarm.disk_queue_depth	resource
aws_cloudwatch_metric_alarm.freeable_memory_reader	resource
aws_cloudwatch_metric_alarm.freeable_memory_writer	resource
aws_cloudwatch_metric_alarm.swap_usage_reader	resource
aws_cloudwatch_metric_alarm.swap_usage_writer	resource
aws_db_subnet_group.main	resource
aws_iam_role.rds_enhanced_monitoring	resource
aws_iam_role_policy_attachment.rds_enhanced_monitoring	resource
aws_rds_cluster.main	resource
aws_rds_cluster_instance.data_reader	resource
aws_rds_cluster_instance.instance	resource
aws_route53_record.data_reader	resource
aws_route53_record.default	resource
aws_route53_record.reader	resource
aws_security_group.main	resource
aws_security_group_rule.default_ingress	resource
aws_ssm_parameter.superuser_name	resource
aws_ssm_parameter.superuser_password	resource
random_id.master_password	resource
random_id.snapshot_identifier	resource
aws_iam_policy_document.monitoring_rds_assume_role	data source

Inputs

Name	Description	Type	Default	Required
allow_major_version_upgrade	Determines whether or not major version upgrades are permitted	bool	false	no
allowed_security_groups	A list of Security Group ID's to allow access to.	list	[]	no
apply_immediately	Determines whether or not any DB modifications are applied immediately, or during the maintenance window	bool	false	no
auto_minor_version_upgrade	Determines whether minor engine upgrades will be performed automatically in the maintenance window	bool	true	no
backup_retention_period	How long to keep backups for (in days)	number	7	no
ca_cert_identifier	The identifier of the CA certificate for the DB instances	string	""	no
cloudwatch_alarm_actions	Actions for cloudwatch alarms. e.g. an SNS topic	list(string)	[]	no
cloudwatch_alarm_default_thresholds	Override default thresholds for CloudWatch alarms. See cloudwatch_alarm_default_thresholds in cloudwatch.tf for valid keys	map(string)	{}	no
cloudwatch_create_alarms	Whether to enable CloudWatch alarms - requires cw_sns_topic is specified	bool	false	no
cloudwatch_log_group_retention_in_days	The number of days to retain CloudWatch logs for the DB instance	number	1	no
create_cloudwatch_log_group	Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports	bool	false	no
create_data_reader	Specifies if a data reader node is created.	bool	false	no
create_resources	Whether to create the Aurora cluster and related resources	bool	true	no
create_timeout	Timeout used for Cluster creation	string	"120m"	no
data_reader_endpoint_suffix	Suffix for the Route53 record pointing to the cluster data reader endpoint. Only used if route53_zone_id is passed also	string	"-data-reader"	no
data_reader_instance_type	Instance type to use for data reader node	string	"db.r4.large"	no
data_reader_parameter_group_name	Data reader node db parameter group	string	""	no
data_reader_route53_prefix	If specified a data reader route53 record will be created	string	""	no
data_reader_route53_zone_id	If specified a data reader route53 record will be created	string	""	no
data_reader_tags	A map of tags to add to data reader resources.	map(string)	{}	no
db_cluster_db_instance_parameter_group_name	Instance parameter group to associate with all instances of the DB cluster. The db_instance_parameter_group_name parameter is only valid in combination with the allow_major_version_upgrade parameter.	any	null	no
db_cluster_parameter_group_name	The name of a DB Cluster parameter group to use	string	"default.aurora5.6"	no
db_parameter_group_name	The name of a DB parameter group to use	string	"default.aurora5.6"	no
delete_timeout	Timeout used for destroying cluster. This includes any cleanup task during the destroying process.	string	"120m"	no
deletion_protection	The database can't be deleted when this value is set to true.	bool	true	no
enabled_cloudwatch_logs_exports	Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql (PostgreSQL).	list(any)	[]	no
engine	Aurora database engine type, currently aurora, aurora-mysql or aurora-postgresql	string	"aurora"	no
engine_version	Aurora database engine version.	string	"5.6.10a"	no
extra_security_groups	A list of Security Group IDs to add to the cluster	list	[]	no
final_snapshot_identifier_prefix	The prefix name to use when creating a final snapshot on cluster destroy, appends a random 8 digits to name to ensure it's unique too.	string	"final-"	no
identifier_prefix	Prefix for cluster and instance identifier	string	""	no
instance_type	Instance type to use	string	"db.r4.large"	no
kms_key_id	The ARN for the KMS encryption key if one is set to the cluster.	string	""	no
monitoring_interval	The interval (seconds) between points when Enhanced Monitoring metrics are collected	number	0	no
name	Name given resources	string	n/a	yes
password	Master DB password	string	""	no
performance_insights_enabled	Specifies whether Performance Insights is enabled or not.	string	false	no
performance_insights_kms_key_id	The ARN for the KMS key to encrypt Performance Insights data.	string	""	no
port	The port on which to accept connections	string	""	no
preferred_backup_window	When to perform DB backups for the cluster	string	"02:00-03:00"	no
preferred_backup_window_instance	When to perform DB backups for instances	string	""	no
preferred_maintenance_window	When to perform DB maintenance for the cluster	string	"sun:05:00-sun:06:00"	no
preferred_maintenance_window_instance	When to perform DB maintenance for instances	string	""	no
prefix_master_creds_ssm	SSM parameter prefix for master user credentials	string	"/database-controller"	no
publicly_accessible	Whether the DB should have a public IP address	bool	false	no
reader_endpoint_suffix	Suffix for the Route53 record pointing to the cluster reader endpoint. Only used if route53_zone_id is passed also	string	"-ro"	no
replica_autoscaling	Whether to enable autoscaling for RDS Aurora (MySQL) read replicas	string	false	no
replica_count	Number of reader nodes to create. If replica_scale_enable is true, the value of replica_scale_min is used instead.	number	1	no
replica_scale_cpu	CPU usage to trigger autoscaling at	string	70	no
replica_scale_in_cooldown	Cooldown in seconds before allowing further scaling operations after a scale in	string	300	no
replica_scale_max	Maximum number of replicas to allow scaling for	string	0	no
replica_scale_min	Maximum number of replicas to allow scaling for	string	1	no
replica_scale_out_cooldown	Cooldown in seconds before allowing further scaling operations after a scale out	string	300	no
route53_record_appendix	Will be appended to the route53 record. Only used if route53_zone_id is passed also	string	".rds"	no
route53_record_ttl	TTL of route53 record. Only used if route53_zone_id is passed also	string	60	no
route53_zone_id	If specified a route53 record will be created	string	""	no
security_group_name_prefix	Prefix for security group name	string	"aurora-"	no
skip_final_snapshot	Should a final snapshot be created on cluster destroy	bool	false	no
snapshot_identifier	DB snapshot to create this database from	string	""	no
storage_encrypted	Specifies whether the underlying storage layer should be encrypted	bool	false	no
store_master_creds_ssm	Whether to store master user and password in SSM	bool	false	no
subnet_ids	List of subnet IDs to use	list(string)	n/a	yes
tags	A map of tags to add to all resources.	map(string)	{}	no
update_timeout	Timeout used for Cluster modifications	string	"120m"	no
username	Master DB username	string	"root"	no
vpc_id	VPC ID	string	n/a	yes

Outputs

Name	Description
cluster_endpoint	The cluster endpoint
cluster_id	The ID of the cluster
cluster_master_password	The master password
cluster_master_username	The master username
cluster_port	The port
cluster_reader_endpoint	The cluster reader endpoint