Skip to content

Latest commit

 

History

History
174 lines (148 loc) · 17.9 KB

README.md

File metadata and controls

174 lines (148 loc) · 17.9 KB

This terraform module allows to create aws rds cluster by using various engine types and configurations, it allows also to enable/create rds cluster attached rds proxy

module upgrade guide

  • from <1.4.0 versions to >=1.4.0 version upgrade
    • make sure you moved the state of "db" underlying module by using command like following 
      terraform state mv module.<rds-module-name>.module.db module.<rds-module-name>.module.db[0]
    • if you had no storage_type set explicitly then set it to "gp2"

How to use (more examples/tests can be found in ./tests folder)

Case 1. Create Security group and create RDS

data "aws_vpc" "main" {
  id = "vpc-xxxxxxx"
}

module "rds" {
    source  = "dasmeta/rds/aws"
    version = "1.4.0"

    allocated_storage    = 20
    storage_type         = "gp2"
    engine               = "mysql"
    engine_version       = "5.7.26"
    instance_class       = "db.t2.micro"
    identifier           = "db"
    db_name              = "db"
    db_username          = "root"
    db_password          = "some-password"
    parameter_group_name = "default.mysql5.7"
    vpc_id               = "${data.aws_vpc.main.id}"
    subnet_ids           = ["subnet-xxxxxxxx","subnet-xxxxxx"]
}

Case 2. Create RDS and pass custom/external created security group ids

module "rds" {
    source  = "dasmeta/rds/aws"
    version = "1.4.0"

    allocated_storage    = 20
    storage_type         = "gp2"
    engine               = "mysql"
    engine_version       = "5.7.26"
    instance_class       = "db.t2.micro"
    identifier           = "db"
    db_name              = "db"
    db_username          = "root"
    db_password          = "some-password"
    parameter_group_name = "default.mysql5.7"

    vpc_id                 = "vpc-xxxxxxxxxxxx"
    subnet_ids             = ["subnet-xxxxxxx","subnet-xxxxxxxx"]

    create_security_group = false
    vpc_security_group_ids = ["sg-xxxxxxxxx"]
}

contribution

please enable git hooks by running the following command

git config --global core.hooksPath ./githooks # enables git hooks globally

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

Name Source Version
cloudwatch_metric_filters dasmeta/monitoring/aws//modules/cloudwatch-log-based-metrics 1.13.2
cw_alerts dasmeta/monitoring/aws//modules/alerts 1.3.5
db terraform-aws-modules/rds/aws 6.10.0
db_aurora terraform-aws-modules/rds-aurora/aws 9.11.0
proxy ./modules/proxy n/a
security_group terraform-aws-modules/security-group/aws 5.2.0

Resources

Name Type
aws_db_instance.database data source
aws_ec2_instance_type.this data source
aws_vpc.this data source

Inputs

Name Description Type Default Required
alarms n/a 
object({
    enabled       = optional(bool, true)
    sns_topic     = string
    custom_values = optional(any, {})
  })
 n/a yes
allocated_storage The allocated storage in gigabytes number 20 no
apply_immediately Specifies whether any database modifications are applied immediately, or during the next maintenance window bool false no
aurora_configs The aws rd aurora specific configurations 
object({
    engine_mode                        = optional(string, "provisioned") # The database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless(serverless is deprecated)
    autoscaling_enabled                = optional(bool, false)           # Whether autoscaling enabled
    autoscaling_min_capacity           = optional(number, 0)             # Min number of read replicas
    autoscaling_max_capacity           = optional(number, 2)             # Max number of read replicas permitted
    instances                          = optional(any, {})               # Cluster instances configs
    serverlessv2_scaling_configuration = optional(any, {})               # for enabling serverless-2(the serverless-1(engine_mode=serverless, scaling_configuration is set) is deprecated), valid when engine_mode is set to provisioned
  })
 {} no
backup_retention_period The days to retain backups for number 35 no
backup_window The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window string "03:00-06:00" no
cloudwatch_log_group_retention_in_days The number of days to retain CloudWatch logs for the DB instance number 30 no
create_cloudwatch_log_group Determines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exports bool true no
create_db_option_group Create a database option group bool false no
create_db_parameter_group Whether to create a database parameter group bool false no
create_db_subnet_group Whether to create a database subnet group bool true no
create_monitoring_role Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs bool false no
create_security_group Whether to create security group and attach ingress/egress rules which will be used for rds instances(and rds proxy if we enabled it), if you already have one and do not want to create new security group you can explicitly set this variable to false and pass group id by using var.vpc_security_group_ids bool true no
db_instance_tags Additional tags for the DB instance map(any) {} no
db_name The DB name to create. If omitted, no database is created initially string n/a yes
db_option_group_tags Additional tags for the DB option group map(any) {} no
db_parameter_group_tags n/a map(any) {} no
db_password Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file string n/a yes
db_subnet_group_name Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC string null no
db_subnet_group_tags Additional tags for the DB parameter group map(any) {} no
db_subnet_group_use_name_prefix Determines whether to use subnet_group_name as is or create a unique name beginning with the subnet_group_name as the prefix bool false no
db_username Username for the master DB user string n/a yes
deletion_protection The database can't be deleted when this value is set to true bool false no
egress_with_cidr_blocks n/a list(map(string)) [] no
enabled_cloudwatch_logs_exports List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL) list(string) [] no
engine The database engine to use string "mysql" no
engine_version The engine version to use string "5.7.26" no
iam_database_authentication_enabled Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled bool true no
identifier Specifies the identifier of the CA certificate for the DB instance string n/a yes
ingress_with_cidr_blocks n/a list(map(string)) [] no
instance_class The instance type of the RDS instance string "db.t3.micro" no
maintenance_window The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' string "Mon:00:00-Mon:03:00" no
major_engine_version Specifies the major version of the engine that this option group should be associated with string "5.7" no
manage_master_user_password Set to true to allow RDS to manage the master user password in Secrets Manager bool false no
max_allocated_storage Specifies the value for Storage Autoscaling number 100 no
monitoring_interval The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60 number 0 no
monitoring_role_name Name of the IAM role which will be created when create_monitoring_role is enabled string null no
multi_az Specifies if the RDS instance is multi-AZ bool true no
options A list of Options to apply list(any) 
[
  {
    "option_name": "MARIADB_AUDIT_PLUGIN",
    "option_settings": [
      {
        "name": "SERVER_AUDIT_EVENTS",
        "value": "CONNECT"
      },
      {
        "name": "SERVER_AUDIT_FILE_ROTATIONS",
        "value": "37"
      }
    ]
  }
]
 no
parameter_group_name Name of the DB parameter group to associate or create string "default.mysql5.7" no
parameters A list of DB parameters (map) to apply 
list(object({
    name         = string
    value        = string
    context      = optional(string, "instance")  # The context where parameter will be used, supported values are "instance" and "cluster"
    apply_method = optional(string, "immediate") # The apply method for parameter, supported values are "immediate" and "pending-reboot"
  }))
 [] no
port The port on which the DB accepts connections number null no
proxy The aws rds proxy specific configurations 
object({
    enabled             = optional(bool, false)                     # whether rds proxy is enabled
    endpoints           = optional(any, {})                         # map of {: } additional proxy endpoints(by default we have already one read/write endpoint), for more info check resource doc https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_proxy_endpoint
    client_auth_type    = optional(string, "MYSQL_NATIVE_PASSWORD") # The type of authentication the proxy uses for connections from clients
    iam_auth            = optional(string, "DISABLED")              # Whether IAM auth enabled
    target_db_cluster   = optional(bool, true)                      # Whether the target db is cluster
    debug_logging       = optional(bool, false)                     # Whether enhanced logging is enabled
    idle_client_timeout = optional(number, 1800)                    # The timeout of idle connections, default is 30 minutes
  })
 {} no
publicly_accessible Whether the database is accessible publicly. Note that if you need to enable this you have to place db on public subnets bool false no
security_group_description n/a string "MySQL security group" no
security_group_name n/a string "db_security_group" no
set_vpc_security_group_rules Whether to automatically add security group rules allowing access to db from vpc network bool true no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted bool false no
slow_queries n/a 
object({
    enabled        = optional(bool, true)
    query_duration = optional(number, 3)
  })
 
{
  "enabled": true,
  "query_duration": 3
}
 no
storage_encrypted Specifies whether the DB instance is encrypted bool false no
storage_type One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not string null no
subnet_ids A list of VPC subnet IDs list(string) n/a yes
tags A mapping of tags to assign to all resources map(any) {} no
vpc_id n/a string "" no
vpc_security_group_ids List of VPC security groups to associate list(string) [] no

Outputs

Name Description
db_instance_address The address of the RDS instance
db_instance_arn The ARN of the RDS instance
db_instance_cloudwatch_log_groups Map of CloudWatch log groups created and their attributes
db_instance_endpoint The connection endpoint
db_instance_port The database port
db_password DB password
db_username DB username