当前位置: 首页 > 软件库 > 云计算 > >

terraform-aws-rds

授权协议 Apache-2.0 License
开发语言 C/C++
所属分类 云计算
软件类型 开源软件
地区 不详
投 递 者 艾自强
操作系统 跨平台
开源组织
适用人群 未知
 软件概览

AWS RDS Terraform module

Terraform module which creates RDS resources on AWS.

Root module calls these modules which can also be used separately to create independent resources:

Usage

module "db" {
  source  = "terraform-aws-modules/rds/aws"
  version = "~> 3.0"

  identifier = "demodb"

  engine            = "mysql"
  engine_version    = "5.7.19"
  instance_class    = "db.t2.large"
  allocated_storage = 5

  name     = "demodb"
  username = "user"
  password = "YourPwdShouldBeLongAndSecure!"
  port     = "3306"

  iam_database_authentication_enabled = true

  vpc_security_group_ids = ["sg-12345678"]

  maintenance_window = "Mon:00:00-Mon:03:00"
  backup_window      = "03:00-06:00"

  # Enhanced Monitoring - see example for details on how to create the role
  # by yourself, in case you don't want to create it automatically
  monitoring_interval = "30"
  monitoring_role_name = "MyRDSMonitoringRole"
  create_monitoring_role = true

  tags = {
    Owner       = "user"
    Environment = "dev"
  }

  # DB subnet group
  subnet_ids = ["subnet-12345678", "subnet-87654321"]

  # DB parameter group
  family = "mysql5.7"

  # DB option group
  major_engine_version = "5.7"

  # Database Deletion Protection
  deletion_protection = true

  parameters = [
    {
      name = "character_set_client"
      value = "utf8mb4"
    },
    {
      name = "character_set_server"
      value = "utf8mb4"
    }
  ]

  options = [
    {
      option_name = "MARIADB_AUDIT_PLUGIN"

      option_settings = [
        {
          name  = "SERVER_AUDIT_EVENTS"
          value = "CONNECT"
        },
        {
          name  = "SERVER_AUDIT_FILE_ROTATIONS"
          value = "37"
        },
      ]
    },
  ]
}

Conditional creation

The following values are provided to toggle on/off creation of the associated resources as desired:

module "db" {
  source = "terraform-aws-modules/rds/aws"

  # Disable creation of RDS instance(s)
  create_db_instance = false

  # Disable creation of option group - provide an option group or default AWS default
  create_db_option_group = false

  # Disable creation of parameter group - provide a parameter group or default to AWS default
  create_db_parameter_group = false

  # Disable creation of subnet group - provide a subnet group
  create_db_subnet_group = false

  # Enable creation of monitoring IAM role
  create_monitoring_role = true

  # ... omitted
}

Option Groups

Reference

Users have the ability to:

  • Create an option group with the name provided:
option_group_name            = "prod-instance-mysql-8.0"
  option_group_use_name_prefix = false
  • Create an option group using a unique prefix beginning with the name provided:
option_group_name = "prod-instance-mysql-8.0"
  • Pass the name of an option group to use that has been created outside of the module:
create_db_option_group = false
  option_group_name      = "prod-instance-mysql-8.0" # must already exist in AWS
  • Skip creating an option group for PostgreSQL entirely as that is not supported
engine            = "postgres"
  option_group_name = "prod-instance-postgresql-11.0" # this will be ignored, no option group created
  • Use a default option group provided by AWS
create_db_option_group = false

Parameter Groups

Reference

Users have the ability to:

  • Create a parameter group with the name provided:
parameter_group_name            = "prod-instance-mysql-8.0"
  parameter_group_use_name_prefix = false
  • Create a parameter group using a unique prefix beginning with the name provided:
parameter_group_name = "prod-instance-mysql-8.0"
  • Pass the name of a parameter group to use that has been created outside of the module:
create_db_parameter_group = false
  parameter_group_name   = "prod-instance-mysql-8.0" # must already exist in AWS
  • Use a default parameter group provided by AWS
create_db_parameter_group = false

Examples

Notes

  1. This module does not create RDS security group. Use terraform-aws-security-group module for this.

Requirements

Name Version
terraform >= 0.12.26
aws >= 2.49
random >= 3.1

Providers

Name Version
random >= 3.1

Modules

Name Source Version
db_instance ./modules/db_instance
db_option_group ./modules/db_option_group
db_parameter_group ./modules/db_parameter_group
db_subnet_group ./modules/db_subnet_group

Resources

Name Type
random_password.master_password resource

Inputs

Name Description Type Default Required
allocated_storage The allocated storage in gigabytes string null no
allow_major_version_upgrade Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible bool false no
apply_immediately Specifies whether any database modifications are applied immediately, or during the next maintenance window bool false no
auto_minor_version_upgrade Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window bool true no
availability_zone The Availability Zone of the RDS instance string null no
backup_retention_period The days to retain backups for number null no
backup_window The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window string null no
ca_cert_identifier Specifies the identifier of the CA certificate for the DB instance string null no
character_set_name (Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. string null no
copy_tags_to_snapshot On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified) bool false no
create_db_instance Whether to create a database instance bool true no
create_db_option_group (Optional) Create a database option group bool true no
create_db_parameter_group Whether to create a database parameter group bool true no
create_db_subnet_group Whether to create a database subnet group bool true no
create_monitoring_role Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. bool false no
create_random_password Whether to create random password for RDS primary cluster bool false no
cross_region_replica Specifies if the replica should be cross region. It allows the use of a subnet group in a region different than the master instance bool false no
db_instance_tags Additional tags for the DB instance map(string) {} no
db_option_group_tags Additional tags for the DB option group map(string) {} no
db_parameter_group_tags Additional tags for the DB parameter group map(string) {} no
db_subnet_group_description Description of the DB subnet group to create string "" no
db_subnet_group_name Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC string null no
db_subnet_group_tags Additional tags for the DB subnet group map(string) {} no
db_subnet_group_use_name_prefix Determines whether to use subnet_group_name as is or create a unique name beginning with the subnet_group_name as the prefix bool true no
delete_automated_backups Specifies whether to remove automated backups immediately after the DB instance is deleted bool true no
deletion_protection The database can't be deleted when this value is set to true. bool false no
domain The ID of the Directory Service Active Directory domain to create the instance in string null no
domain_iam_role_name (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service string null no
enabled_cloudwatch_logs_exports List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). list(string) [] no
engine The database engine to use string "" no
engine_version The engine version to use string null no
family The family of the DB parameter group string "" no
final_snapshot_identifier The name of your final DB snapshot when this DB instance is deleted. string null no
final_snapshot_identifier_prefix The name which is prefixed to the final snapshot on cluster destroy string "final" no
iam_database_authentication_enabled Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled bool false no
identifier The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier string n/a yes
instance_class The instance type of the RDS instance string null no
iops The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' number 0 no
kms_key_id The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used string null no
license_model License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 string null no
maintenance_window The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' string null no
major_engine_version Specifies the major version of the engine that this option group should be associated with string "" no
max_allocated_storage Specifies the value for Storage Autoscaling number 0 no
monitoring_interval The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. number 0 no
monitoring_role_arn The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero. string null no
monitoring_role_description Description of the monitoring IAM role string null no
monitoring_role_name Name of the IAM role which will be created when create_monitoring_role is enabled. string "rds-monitoring-role" no
multi_az Specifies if the RDS instance is multi-AZ bool false no
name The DB name to create. If omitted, no database is created initially string null no
option_group_description The description of the option group string "" no
option_group_name Name of the option group string null no
option_group_timeouts Define maximum timeout for deletion of aws_db_option_group resource map(string)
{
"delete": "15m"
}
no
option_group_use_name_prefix Determines whether to use option_group_name as is or create a unique name beginning with the option_group_name as the prefix bool true no
options A list of Options to apply. any [] no
parameter_group_description Description of the DB parameter group to create string "" no
parameter_group_name Name of the DB parameter group to associate or create string null no
parameter_group_use_name_prefix Determines whether to use parameter_group_name as is or create a unique name beginning with the parameter_group_name as the prefix bool true no
parameters A list of DB parameters (map) to apply list(map(string)) [] no
password Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file string "" no
performance_insights_enabled Specifies whether Performance Insights are enabled bool false no
performance_insights_kms_key_id The ARN for the KMS key to encrypt Performance Insights data. string null no
performance_insights_retention_period The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). number 7 no
port The port on which the DB accepts connections string null no
publicly_accessible Bool to control if instance is publicly accessible bool false no
random_password_length (Optional) Length of random password to create. (default: 10) number 10 no
replicate_source_db Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. string null no
restore_to_point_in_time Restore to a point in time (MySQL is NOT supported) map(string) null no
s3_import Restore from a Percona Xtrabackup in S3 (only MySQL is supported) map(string) null no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier bool false no
snapshot_identifier Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. string null no
storage_encrypted Specifies whether the DB instance is encrypted bool false no
storage_type One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. string null no
subnet_ids A list of VPC subnet IDs list(string) [] no
tags A mapping of tags to assign to all resources map(string) {} no
timeouts (Optional) Updated Terraform resource management timeouts. Applies to aws_db_instance in particular to permit resource management times map(string)
{
"create": "40m",
"delete": "40m",
"update": "80m"
}
no
timezone (Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. string null no
username Username for the master DB user string null no
vpc_security_group_ids List of VPC security groups to associate list(string) [] no

Outputs

Name Description
db_instance_address The address of the RDS instance
db_instance_arn The ARN of the RDS instance
db_instance_availability_zone The availability zone of the RDS instance
db_instance_ca_cert_identifier Specifies the identifier of the CA certificate for the DB instance
db_instance_domain The ID of the Directory Service Active Directory domain the instance is joined to
db_instance_domain_iam_role_name The name of the IAM role to be used when making API calls to the Directory Service.
db_instance_endpoint The connection endpoint
db_instance_hosted_zone_id The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)
db_instance_id The RDS instance ID
db_instance_name The database name
db_instance_password The database password (this password may be old, because Terraform doesn't track it after initial creation)
db_instance_port The database port
db_instance_resource_id The RDS Resource ID of this instance
db_instance_status The RDS instance status
db_instance_username The master username for the database
db_master_password The master password
db_option_group_arn The ARN of the db option group
db_option_group_id The db option group id
db_parameter_group_arn The ARN of the db parameter group
db_parameter_group_id The db parameter group id
db_subnet_group_arn The ARN of the db subnet group
db_subnet_group_id The db subnet group name
enhanced_monitoring_iam_role_arn The Amazon Resource Name (ARN) specifying the monitoring role
enhanced_monitoring_iam_role_name The name of the monitoring role

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

  • 我问,因为我不想在我的开发环境(使用terraform或云形成)中存储明文密码,而是由相应的AWS组件透明地解密的加密值. 解决方法: 如果您想使用CLI执行此操作,则始终可以使用KMS密钥加密密码,然后运行两个命令来解密密码并创建数据库. 所以像这样的东西可能有效: aws rds create-instance ... \ --master-username admin-user \ --ma

  • 作者:KubeVela 社区 KubeVela 目前已经支持了 AWS、Azure、GCP、阿里云、腾讯云、百度云、UCloud 等云厂商,也提供了简单快捷的命令行工具[1]引入云服务商的云资源,但是在 KubeVela 里一个一个地支持云服务商的云资源不利于快速满足用户对于云资源的需求,本文提供了一个方案,用不到 100 行代码快速引入 AWS 前 50 最受欢迎的云资源。 同时,我们也期望用户

  • aws账户 iam用户 My last post compared different infrastructure tools for creating users and letting them assume roles for cross-account access. I received a few questions about the underlying problem that

 相关资料
  • Terraform AWS frontend module Collection of Terraform modules for frontend app deployment on AWS. List of submodules Frontend app Maintainers Bartłomiej Wójtowicz (@qbart) Łukasz Pawlik (@LukeP91) LIC

  • Terraform Provider for AWS Website: terraform.io Tutorials: learn.hashicorp.com Forum: discuss.hashicorp.com Chat: gitter Mailing List: Google Groups The Terraform AWS provider is a plugin for Terrafo

  • AWS VPC Terraform module Terraform module which creates VPC resources on AWS. Usage module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "my-vpc" cidr = "10.0.0.0/16" azs = [

  • Mastodon on AWS with Terraform Terraform module for mastodon service deploy Will deploy an ec2 instance with mastodon and run the service. Requirements AWS account EC2 domain with Route53 Terraform Us

  • AWS Identity and Access Management (IAM) Terraform module Features Cross-account access. Define IAM roles using iam_assumable_role or iam_assumable_roles submodules in "resource AWS accounts (prod, st

  • AWS Terraform module which runs Atlantis on AWS Fargate Atlantis is tool which provides unified workflow for collaborating on Terraform through GitHub, GitLab and Bitbucket Cloud. This repository cont