Skip to content

pbs/terraform-aws-rds-module

BranchesTags

Repository files navigation

PBS TF RDS Module

Installation

Using the Repo Source

Use this URL for the source of the module. See the usage examples below for more details.

github.com/pbs/terraform-aws-rds-module?ref=0.4.1

Alternative Installation Methods

More information can be found on these install methods and more in the documentation here.

Usage

This module provisions a basic RDS cluster.

When the RDS cluster is created, a sensitive output variable db_admin_password is present that can be used to connect to the database as the user specified by db_admin_user (it's admin by default). It is highly recommended that this password be rotated out as quickly as possible after provisioning the database, and that the value is not stored or used afterwards. Use this admin user to create a new database user with restricted permissions to a single database for application connectivity.

This module also assumes that connections are established through a private DNS record stored in the output variable db_cluster_dns. This makes it so that adjustments to the database can be made in a fashion that is transparent to application configurations. If you would like to disable this functionality, pass in false to the create_dns variable.

Using the use_proxy variable will also provision an RDS proxy that can be used to proxy connections to the database. This is useful for applications that might spawn many short lived connections to the database. The proxy will pool those connections, protecting the cluster.

Integrate this module like so:

module "rds" {
  source = "github.com/pbs/terraform-aws-rds-module?ref=0.4.1"

  # Required Parameters
  private_hosted_zone = "example.local"

  # Tagging Parameters
  organization = var.organization
  environment  = var.environment
  product      = var.product
  repo         = var.repo

  # Optional Parameters
}

Adding This Version of the Module

If this repo is added as a subtree, then the version of the module should be close to the version shown here:

0.4.1

Note, however that subtrees can be altered as desired within repositories.

Further documentation on usage can be found here.

Below is automatically generated documentation on this Terraform module using terraform-docs

Requirements

Name Version
terraform >= 1.3.2
aws >= 4.12.0
random >= 3.1.0

Providers

Name Version
aws 5.24.0
random 3.5.1

Modules

No modules.

Resources

Name Type
aws_db_proxy.proxy resource
aws_db_proxy_default_target_group.default_target_group resource
aws_db_proxy_endpoint.reader resource
aws_db_proxy_target.target resource
aws_db_subnet_group.subnet_group resource
aws_iam_role.proxy_role resource
aws_iam_role_policy.proxy_policy resource
aws_rds_cluster.db resource
aws_rds_cluster_instance.reader resource
aws_rds_cluster_instance.writer resource
aws_route53_record.primary resource
aws_route53_record.reader resource
aws_secretsmanager_secret.proxy_secret resource
aws_secretsmanager_secret_version.proxy_secret_version resource
aws_security_group.proxy_sg resource
aws_security_group.sg resource
aws_security_group_rule.egress resource
aws_security_group_rule.proxy_egress resource
aws_security_group_rule.proxy_to_db resource
random_password.password resource
aws_availability_zones.available data source
aws_default_tags.common_tags data source
aws_iam_policy_document.proxy_policy data source
aws_kms_key.proxy_kms_key data source
aws_rds_engine_version.engine_version data source
aws_region.current data source
aws_route53_zone.private_hosted_zone data source
aws_subnets.private_subnets data source
aws_vpc.vpc data source

Inputs

Name Description Type Default Required
environment Environment (sharedtools, dev, staging, qa, prod) string n/a yes
organization Organization using this module. Used to prefix tags so that they are easily identified as being from your organization string n/a yes
product Tag used to group resources according to product string n/a yes
repo Tag used to point to the repo using this module string n/a yes
apply_immediately Apply changes immediately. If false, will apply updates during the next maintenance window. bool false no
availability_zones Availability zones to be used by this RDS cluster list(string) null no
backup_retention_period Backup retention period number 7 no
create_dns Whether to create a DNS record bool true no
db_admin_password Admin password for the DB string null no
db_admin_username Admin username for the DB string "admin" no
db_cluster_parameter_group_name DB cluster parameter group name string null no
deletion_protection Deletion protection bool true no
dns_ttl TTL for DNS record number 300 no
egress_cidr_blocks List of CIDR blocks to assign to the egress rule of the security group. If null, egress_security_group_ids must be used. list(string) 
[
  "10.0.0.0/8"
]
 no
egress_source_sg_id List of security group ID to assign to the egress rule of the security group. If null, egress_cidr_blocks must be used. string null no
engine Engine to use for the DB string "aurora-mysql" no
engine_mode Engine mode of the RDS cluster string "provisioned" no
engine_preferred_versions Engine preferred versions of the RDS cluster list(string) 
[
  "8.0.mysql_aurora.3.02.0"
]
 no
engine_version Engine version of the RDS cluster. If null, one will be looked up based on preferred versions. string null no
final_snapshot_identifier Final snapshot identifier string null no
instance_class Instance class string "db.serverless" no
max_capacity Maximum capacity for the cluster number 16 no
min_capacity Minimum capacity for the cluster number 0.5 no
name Name of the RDS Module. If null, will default to product. string null no
port Port for the DB number null no
preferred_backup_window Preferred backup window string "04:00-04:30" no
preferred_maintenance_window Preferred maintenance window string "sun:05:00-sun:06:00" no
private_hosted_zone Private hosted zone for account string null no
private_subnets Private subnets list(string) null no
proxy_debug_logging Enable debug logging for RDS proxy bool false no
proxy_engine_family Engine family for RDS proxy string "MYSQL" no
proxy_iam_auth Enable IAM authentication for RDS proxy string "DISABLED" no
proxy_idle_client_timeout Idle client timeout for RDS proxy number 1800 no
proxy_kms_key_id KMS key ID for RDS proxy. By default, uses the alias for the account's default KMS key for Secrets Manager. string "alias/aws/secretsmanager" no
proxy_name Name of the RDS proxy. If null, will default to local.name. string null no
proxy_password Password for RDS proxy string null no
proxy_require_tls Require TLS for RDS proxy bool false no
proxy_username Username for RDS proxy string null no
reader_count Number of reader instances to provision number 1 no
skip_final_snapshot Skip final snapshot bool false no
snapshot_identifier Snapshot identifier string null no
tags Extra tags map(string) {} no
use_prefix Create bucket with prefix instead of explicit name bool true no
use_proxy Use RDS proxy bool false no
vpc_id VPC ID string null no

Outputs

Name Description
db_admin_password Admin password for DB
db_admin_username Admin username for DB
db_cluster_dns Private DNS record for the DB Cluster endpoint (if create_dns is true, otherwise the endpoint itself)
db_cluster_reader_dns Private DNS record for the DB Cluster reader endpoint (if create_dns is true, otherwise the endpoint itself)
name Name of the DB
sg_id Security group ID for DB

About

Standard PBS TF RDS Module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 35

0.4.1 Latest
Oct 18, 2024
+ 34 releases

Packages

No packages published

Contributors 5

Languages