Terraform module which creates RDS resources on AWS.
Root module calls these modules which can also be used separately to create independent resources:
module "db" {
source = "terraform-aws-modules/rds/aws"
version = "~> 3.0"
identifier = "demodb"
engine = "mysql"
engine_version = "5.7.19"
instance_class = "db.t2.large"
allocated_storage = 5
name = "demodb"
username = "user"
password = "YourPwdShouldBeLongAndSecure!"
port = "3306"
iam_database_authentication_enabled = true
vpc_security_group_ids = ["sg-12345678"]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
# Enhanced Monitoring - see example for details on how to create the role
# by yourself, in case you don't want to create it automatically
monitoring_interval = "30"
monitoring_role_name = "MyRDSMonitoringRole"
create_monitoring_role = true
tags = {
Owner = "user"
Environment = "dev"
}
# DB subnet group
subnet_ids = ["subnet-12345678", "subnet-87654321"]
# DB parameter group
family = "mysql5.7"
# DB option group
major_engine_version = "5.7"
# Database Deletion Protection
deletion_protection = true
parameters = [
{
name = "character_set_client"
value = "utf8mb4"
},
{
name = "character_set_server"
value = "utf8mb4"
}
]
options = [
{
option_name = "MARIADB_AUDIT_PLUGIN"
option_settings = [
{
name = "SERVER_AUDIT_EVENTS"
value = "CONNECT"
},
{
name = "SERVER_AUDIT_FILE_ROTATIONS"
value = "37"
},
]
},
]
}
The following values are provided to toggle on/off creation of the associated resources as desired:
module "db" {
source = "terraform-aws-modules/rds/aws"
# Disable creation of RDS instance(s)
create_db_instance = false
# Disable creation of option group - provide an option group or default AWS default
create_db_option_group = false
# Disable creation of parameter group - provide a parameter group or default to AWS default
create_db_parameter_group = false
# Disable creation of subnet group - provide a subnet group
create_db_subnet_group = false
# Enable creation of monitoring IAM role
create_monitoring_role = true
# ... omitted
}
Users have the ability to:
option_group_name = "prod-instance-mysql-8.0"
option_group_use_name_prefix = false
option_group_name = "prod-instance-mysql-8.0"
create_db_option_group = false
option_group_name = "prod-instance-mysql-8.0" # must already exist in AWS
engine = "postgres"
option_group_name = "prod-instance-postgresql-11.0" # this will be ignored, no option group created
create_db_option_group = false
Users have the ability to:
parameter_group_name = "prod-instance-mysql-8.0"
parameter_group_use_name_prefix = false
parameter_group_name = "prod-instance-mysql-8.0"
create_db_parameter_group = false
parameter_group_name = "prod-instance-mysql-8.0" # must already exist in AWS
create_db_parameter_group = false
Name | Version |
---|---|
terraform | >= 0.12.26 |
aws | >= 2.49 |
random | >= 3.1 |
Name | Version |
---|---|
random | >= 3.1 |
Name | Source | Version |
---|---|---|
db_instance | ./modules/db_instance | |
db_option_group | ./modules/db_option_group | |
db_parameter_group | ./modules/db_parameter_group | |
db_subnet_group | ./modules/db_subnet_group |
Name | Type |
---|---|
random_password.master_password | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allocated_storage | The allocated storage in gigabytes | string |
null |
no |
allow_major_version_upgrade | Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible | bool |
false |
no |
apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool |
false |
no |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window | bool |
true |
no |
availability_zone | The Availability Zone of the RDS instance | string |
null |
no |
backup_retention_period | The days to retain backups for | number |
null |
no |
backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window | string |
null |
no |
ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string |
null |
no |
character_set_name | (Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | string |
null |
no |
copy_tags_to_snapshot | On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified) | bool |
false |
no |
create_db_instance | Whether to create a database instance | bool |
true |
no |
create_db_option_group | (Optional) Create a database option group | bool |
true |
no |
create_db_parameter_group | Whether to create a database parameter group | bool |
true |
no |
create_db_subnet_group | Whether to create a database subnet group | bool |
true |
no |
create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | bool |
false |
no |
create_random_password | Whether to create random password for RDS primary cluster | bool |
false |
no |
cross_region_replica | Specifies if the replica should be cross region. It allows the use of a subnet group in a region different than the master instance | bool |
false |
no |
db_instance_tags | Additional tags for the DB instance | map(string) |
{} |
no |
db_option_group_tags | Additional tags for the DB option group | map(string) |
{} |
no |
db_parameter_group_tags | Additional tags for the DB parameter group | map(string) |
{} |
no |
db_subnet_group_description | Description of the DB subnet group to create | string |
"" |
no |
db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string |
null |
no |
db_subnet_group_tags | Additional tags for the DB subnet group | map(string) |
{} |
no |
db_subnet_group_use_name_prefix | Determines whether to use subnet_group_name as is or create a unique name beginning with the subnet_group_name as the prefix |
bool |
true |
no |
delete_automated_backups | Specifies whether to remove automated backups immediately after the DB instance is deleted | bool |
true |
no |
deletion_protection | The database can't be deleted when this value is set to true. | bool |
false |
no |
domain | The ID of the Directory Service Active Directory domain to create the instance in | string |
null |
no |
domain_iam_role_name | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | string |
null |
no |
enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) |
[] |
no |
engine | The database engine to use | string |
"" |
no |
engine_version | The engine version to use | string |
null |
no |
family | The family of the DB parameter group | string |
"" |
no |
final_snapshot_identifier | The name of your final DB snapshot when this DB instance is deleted. | string |
null |
no |
final_snapshot_identifier_prefix | The name which is prefixed to the final snapshot on cluster destroy | string |
"final" |
no |
iam_database_authentication_enabled | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | bool |
false |
no |
identifier | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | string |
n/a | yes |
instance_class | The instance type of the RDS instance | string |
null |
no |
iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' | number |
0 |
no |
kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used | string |
null |
no |
license_model | License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 | string |
null |
no |
maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | string |
null |
no |
major_engine_version | Specifies the major version of the engine that this option group should be associated with | string |
"" |
no |
max_allocated_storage | Specifies the value for Storage Autoscaling | number |
0 |
no |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | number |
0 |
no |
monitoring_role_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero. | string |
null |
no |
monitoring_role_description | Description of the monitoring IAM role | string |
null |
no |
monitoring_role_name | Name of the IAM role which will be created when create_monitoring_role is enabled. | string |
"rds-monitoring-role" |
no |
multi_az | Specifies if the RDS instance is multi-AZ | bool |
false |
no |
name | The DB name to create. If omitted, no database is created initially | string |
null |
no |
option_group_description | The description of the option group | string |
"" |
no |
option_group_name | Name of the option group | string |
null |
no |
option_group_timeouts | Define maximum timeout for deletion of aws_db_option_group resource |
map(string) |
{ |
no |
option_group_use_name_prefix | Determines whether to use option_group_name as is or create a unique name beginning with the option_group_name as the prefix |
bool |
true |
no |
options | A list of Options to apply. | any |
[] |
no |
parameter_group_description | Description of the DB parameter group to create | string |
"" |
no |
parameter_group_name | Name of the DB parameter group to associate or create | string |
null |
no |
parameter_group_use_name_prefix | Determines whether to use parameter_group_name as is or create a unique name beginning with the parameter_group_name as the prefix |
bool |
true |
no |
parameters | A list of DB parameters (map) to apply | list(map(string)) |
[] |
no |
password | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | string |
"" |
no |
performance_insights_enabled | Specifies whether Performance Insights are enabled | bool |
false |
no |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. | string |
null |
no |
performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number |
7 |
no |
port | The port on which the DB accepts connections | string |
null |
no |
publicly_accessible | Bool to control if instance is publicly accessible | bool |
false |
no |
random_password_length | (Optional) Length of random password to create. (default: 10) | number |
10 |
no |
replicate_source_db | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. | string |
null |
no |
restore_to_point_in_time | Restore to a point in time (MySQL is NOT supported) | map(string) |
null |
no |
s3_import | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) |
null |
no |
skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier | bool |
false |
no |
snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | string |
null |
no |
storage_encrypted | Specifies whether the DB instance is encrypted | bool |
false |
no |
storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. | string |
null |
no |
subnet_ids | A list of VPC subnet IDs | list(string) |
[] |
no |
tags | A mapping of tags to assign to all resources | map(string) |
{} |
no |
timeouts | (Optional) Updated Terraform resource management timeouts. Applies to aws_db_instance in particular to permit resource management times |
map(string) |
{ |
no |
timezone | (Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | string |
null |
no |
username | Username for the master DB user | string |
null |
no |
vpc_security_group_ids | List of VPC security groups to associate | list(string) |
[] |
no |
Name | Description |
---|---|
db_instance_address | The address of the RDS instance |
db_instance_arn | The ARN of the RDS instance |
db_instance_availability_zone | The availability zone of the RDS instance |
db_instance_ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance |
db_instance_domain | The ID of the Directory Service Active Directory domain the instance is joined to |
db_instance_domain_iam_role_name | The name of the IAM role to be used when making API calls to the Directory Service. |
db_instance_endpoint | The connection endpoint |
db_instance_hosted_zone_id | The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record) |
db_instance_id | The RDS instance ID |
db_instance_name | The database name |
db_instance_password | The database password (this password may be old, because Terraform doesn't track it after initial creation) |
db_instance_port | The database port |
db_instance_resource_id | The RDS Resource ID of this instance |
db_instance_status | The RDS instance status |
db_instance_username | The master username for the database |
db_master_password | The master password |
db_option_group_arn | The ARN of the db option group |
db_option_group_id | The db option group id |
db_parameter_group_arn | The ARN of the db parameter group |
db_parameter_group_id | The db parameter group id |
db_subnet_group_arn | The ARN of the db subnet group |
db_subnet_group_id | The db subnet group name |
enhanced_monitoring_iam_role_arn | The Amazon Resource Name (ARN) specifying the monitoring role |
enhanced_monitoring_iam_role_name | The name of the monitoring role |
Module is maintained by Anton Babenko with help from these awesome contributors.
Apache 2 Licensed. See LICENSE for full details.
我问,因为我不想在我的开发环境(使用terraform或云形成)中存储明文密码,而是由相应的AWS组件透明地解密的加密值. 解决方法: 如果您想使用CLI执行此操作,则始终可以使用KMS密钥加密密码,然后运行两个命令来解密密码并创建数据库. 所以像这样的东西可能有效: aws rds create-instance ... \ --master-username admin-user \ --ma
作者:KubeVela 社区 KubeVela 目前已经支持了 AWS、Azure、GCP、阿里云、腾讯云、百度云、UCloud 等云厂商,也提供了简单快捷的命令行工具[1]引入云服务商的云资源,但是在 KubeVela 里一个一个地支持云服务商的云资源不利于快速满足用户对于云资源的需求,本文提供了一个方案,用不到 100 行代码快速引入 AWS 前 50 最受欢迎的云资源。 同时,我们也期望用户
aws账户 iam用户 My last post compared different infrastructure tools for creating users and letting them assume roles for cross-account access. I received a few questions about the underlying problem that
Terraform AWS frontend module Collection of Terraform modules for frontend app deployment on AWS. List of submodules Frontend app Maintainers Bartłomiej Wójtowicz (@qbart) Łukasz Pawlik (@LukeP91) LIC
Terraform Provider for AWS Website: terraform.io Tutorials: learn.hashicorp.com Forum: discuss.hashicorp.com Chat: gitter Mailing List: Google Groups The Terraform AWS provider is a plugin for Terrafo
AWS VPC Terraform module Terraform module which creates VPC resources on AWS. Usage module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "my-vpc" cidr = "10.0.0.0/16" azs = [
Mastodon on AWS with Terraform Terraform module for mastodon service deploy Will deploy an ec2 instance with mastodon and run the service. Requirements AWS account EC2 domain with Route53 Terraform Us
AWS Identity and Access Management (IAM) Terraform module Features Cross-account access. Define IAM roles using iam_assumable_role or iam_assumable_roles submodules in "resource AWS accounts (prod, st
AWS Terraform module which runs Atlantis on AWS Fargate Atlantis is tool which provides unified workflow for collaborating on Terraform through GitHub, GitLab and Bitbucket Cloud. This repository cont