Home

Awesome

AWS RDS Aurora Terraform module

Terraform module which creates AWS RDS Aurora resources.

SWUbanner

Available Features

Usage

module "cluster" {
  source  = "terraform-aws-modules/rds-aurora/aws"

  name           = "test-aurora-db-postgres96"
  engine         = "aurora-postgresql"
  engine_version = "14.5"
  instance_class = "db.r6g.large"
  instances = {
    one = {}
    2 = {
      instance_class = "db.r6g.2xlarge"
    }
  }

  vpc_id               = "vpc-12345678"
  db_subnet_group_name = "db-subnet-group"
  security_group_rules = {
    ex1_ingress = {
      cidr_blocks = ["10.20.0.0/20"]
    }
    ex1_ingress = {
      source_security_group_id = "sg-12345678"
    }
  }

  storage_encrypted   = true
  apply_immediately   = true
  monitoring_interval = 10

  enabled_cloudwatch_logs_exports = ["postgresql"]

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Cluster Instance Configuration

There are a couple different configuration methods that can be used to create instances within the cluster:

ℹ️ Only the pertinent attributes are shown for brevity

  1. Create homogenous cluster of any number of instances
  instance_class = "db.r6g.large"
  instances = {
    one   = {}
    two   = {}
    three = {}
  }
  1. Create homogenous cluster of instances w/ autoscaling enabled. This is redundant and we'll show why in the next example.

ℹ️ Autoscaling uses the instance class specified by instance_class.

  instance_class = "db.r6g.large"
  instances = {
    one   = {}
    two   = {}
    three = {}
  }

  autoscaling_enabled      = true
  autoscaling_min_capacity = 2
  autoscaling_max_capacity = 5
  1. Create homogeneous cluster scaled via autoscaling. At least one instance (writer) is required
  instance_class = "db.r6g.large"
  instances = {
    one = {}
  }

  autoscaling_enabled      = true
  autoscaling_min_capacity = 1
  autoscaling_max_capacity = 5

  1. Create heterogenous cluster to support mixed-use workloads

    It is common in this configuration to independently control the instance promotion_tier paired with endpoints to create custom endpoints directed at select instances or instance groups.

  instance_class = "db.r5.large"
  instances = {
    one = {
      instance_class      = "db.r5.2xlarge"
      publicly_accessible = true
    }
    two = {
      identifier     = "static-member-1"
      instance_class = "db.r5.2xlarge"
    }
    three = {
      identifier     = "excluded-member-1"
      instance_class = "db.r5.large"
      promotion_tier = 15
    }
  }
  1. Create heterogenous cluster to support mixed-use workloads w/ autoscaling enabled

ℹ️ Autoscaling uses the instance class specified by instance_class.

  instance_class = "db.r5.large"
  instances = {
    one = {
      instance_class      = "db.r5.2xlarge"
      publicly_accessible = true
    }
    two = {
      identifier     = "static-member-1"
      instance_class = "db.r5.2xlarge"
    }
    three = {
      identifier     = "excluded-member-1"
      instance_class = "db.r5.large"
      promotion_tier = 15
    }
  }

  autoscaling_enabled      = true
  autoscaling_min_capacity = 1
  autoscaling_max_capacity = 5

Conditional Creation

The following values are provided to toggle on/off creation of the associated resources as desired:

# This RDS cluster will not be created
module "cluster" {
  source  = "terraform-aws-modules/rds-aurora/aws"

  # Disable creation of cluster and all resources
  create = false

  # Disable creation of subnet group - provide a subnet group
  create_db_subnet_group = false

  # Disable creation of security group - provide a security group
  create_security_group = false

  # Disable creation of monitoring IAM role - provide a role ARN
  create_monitoring_role = false

  # ... omitted
}

Examples

Documentation

Terraform documentation is generated automatically using pre-commit hooks. Follow installation instructions here.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.0
<a name="requirement_aws"></a> aws>= 5.64

Providers

NameVersion
<a name="provider_aws"></a> aws>= 5.64

Modules

No modules.

Resources

NameType
aws_appautoscaling_policy.thisresource
aws_appautoscaling_target.thisresource
aws_cloudwatch_log_group.thisresource
aws_db_parameter_group.thisresource
aws_db_subnet_group.thisresource
aws_iam_role.rds_enhanced_monitoringresource
aws_iam_role_policy_attachment.rds_enhanced_monitoringresource
aws_rds_cluster.thisresource
aws_rds_cluster_activity_stream.thisresource
aws_rds_cluster_endpoint.thisresource
aws_rds_cluster_instance.thisresource
aws_rds_cluster_parameter_group.thisresource
aws_rds_cluster_role_association.thisresource
aws_secretsmanager_secret_rotation.thisresource
aws_security_group.thisresource
aws_security_group_rule.thisresource
aws_iam_policy_document.monitoring_rds_assume_roledata source
aws_partition.currentdata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_allocated_storage"></a> allocated_storageThe amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (This setting is required to create a Multi-AZ DB cluster)numbernullno
<a name="input_allow_major_version_upgrade"></a> allow_major_version_upgradeEnable to allow major engine version upgrades when changing engine versions. Defaults to falseboolfalseno
<a name="input_apply_immediately"></a> apply_immediatelySpecifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is falseboolnullno
<a name="input_auto_minor_version_upgrade"></a> auto_minor_version_upgradeIndicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default trueboolnullno
<a name="input_autoscaling_enabled"></a> autoscaling_enabledDetermines whether autoscaling of the cluster read replicas is enabledboolfalseno
<a name="input_autoscaling_max_capacity"></a> autoscaling_max_capacityMaximum number of read replicas permitted when autoscaling is enablednumber2no
<a name="input_autoscaling_min_capacity"></a> autoscaling_min_capacityMinimum number of read replicas permitted when autoscaling is enablednumber0no
<a name="input_autoscaling_policy_name"></a> autoscaling_policy_nameAutoscaling policy namestring"target-metric"no
<a name="input_autoscaling_scale_in_cooldown"></a> autoscaling_scale_in_cooldownCooldown in seconds before allowing further scaling operations after a scale innumber300no
<a name="input_autoscaling_scale_out_cooldown"></a> autoscaling_scale_out_cooldownCooldown in seconds before allowing further scaling operations after a scale outnumber300no
<a name="input_autoscaling_target_connections"></a> autoscaling_target_connectionsAverage number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connectionsnumber700no
<a name="input_autoscaling_target_cpu"></a> autoscaling_target_cpuCPU threshold which will initiate autoscalingnumber70no
<a name="input_availability_zones"></a> availability_zonesList of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform applylist(string)nullno
<a name="input_backtrack_window"></a> backtrack_windowThe target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours)numbernullno
<a name="input_backup_retention_period"></a> backup_retention_periodThe days to retain backups fornumbernullno
<a name="input_ca_cert_identifier"></a> ca_cert_identifierThe identifier of the CA certificate for the DB instancestringnullno
<a name="input_cloudwatch_log_group_class"></a> cloudwatch_log_group_classSpecified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESSstringnullno
<a name="input_cloudwatch_log_group_kms_key_id"></a> cloudwatch_log_group_kms_key_idThe ARN of the KMS Key to use when encrypting log datastringnullno
<a name="input_cloudwatch_log_group_retention_in_days"></a> cloudwatch_log_group_retention_in_daysThe number of days to retain CloudWatch logs for the DB instancenumber7no
<a name="input_cloudwatch_log_group_skip_destroy"></a> cloudwatch_log_group_skip_destroySet to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform stateboolnullno
<a name="input_cluster_ca_cert_identifier"></a> cluster_ca_cert_identifierThe CA certificate identifier to use for the DB cluster's server certificate. Currently only supported for multi-az DB clustersstringnullno
<a name="input_cluster_members"></a> cluster_membersList of RDS Instances that are a part of this clusterlist(string)nullno
<a name="input_cluster_performance_insights_enabled"></a> cluster_performance_insights_enabledValid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Clusterboolnullno
<a name="input_cluster_performance_insights_kms_key_id"></a> cluster_performance_insights_kms_key_idValid only for Non-Aurora Multi-AZ DB Clusters. Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (aws/rds)stringnullno
<a name="input_cluster_performance_insights_retention_period"></a> cluster_performance_insights_retention_periodValid only for Non-Aurora Multi-AZ DB Clusters. Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are 7, month * 31 (where month is a number of months from 1-23), and 731numbernullno
<a name="input_cluster_tags"></a> cluster_tagsA map of tags to add to only the cluster. Used for AWS Instance Scheduler taggingmap(string){}no
<a name="input_cluster_timeouts"></a> cluster_timeoutsCreate, update, and delete timeout configurations for the clustermap(string){}no
<a name="input_cluster_use_name_prefix"></a> cluster_use_name_prefixWhether to use name as a prefix for the clusterboolfalseno
<a name="input_copy_tags_to_snapshot"></a> copy_tags_to_snapshotCopy all Cluster tags to snapshotsboolnullno
<a name="input_create"></a> createWhether cluster should be created (affects nearly all resources)booltrueno
<a name="input_create_cloudwatch_log_group"></a> create_cloudwatch_log_groupDetermines whether a CloudWatch log group is created for each enabled_cloudwatch_logs_exportsboolfalseno
<a name="input_create_db_cluster_activity_stream"></a> create_db_cluster_activity_streamDetermines whether a cluster activity stream is created.boolfalseno
<a name="input_create_db_cluster_parameter_group"></a> create_db_cluster_parameter_groupDetermines whether a cluster parameter should be created or use existingboolfalseno
<a name="input_create_db_parameter_group"></a> create_db_parameter_groupDetermines whether a DB parameter should be created or use existingboolfalseno
<a name="input_create_db_subnet_group"></a> create_db_subnet_groupDetermines whether to create the database subnet group or use existingboolfalseno
<a name="input_create_monitoring_role"></a> create_monitoring_roleDetermines whether to create the IAM role for RDS enhanced monitoringbooltrueno
<a name="input_create_security_group"></a> create_security_groupDetermines whether to create security group for RDS clusterbooltrueno
<a name="input_database_name"></a> database_nameName for an automatically created database on cluster creationstringnullno
<a name="input_db_cluster_activity_stream_kms_key_id"></a> db_cluster_activity_stream_kms_key_idThe AWS KMS key identifier for encrypting messages in the database activity streamstringnullno
<a name="input_db_cluster_activity_stream_mode"></a> db_cluster_activity_stream_modeSpecifies the mode of the database activity stream. Database events such as a change or access generate an activity stream event. One of: sync, asyncstringnullno
<a name="input_db_cluster_db_instance_parameter_group_name"></a> db_cluster_db_instance_parameter_group_nameInstance parameter group to associate with all instances of the DB cluster. The db_cluster_db_instance_parameter_group_name is only valid in combination with allow_major_version_upgradestringnullno
<a name="input_db_cluster_instance_class"></a> db_cluster_instance_classThe compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database enginesstringnullno
<a name="input_db_cluster_parameter_group_description"></a> db_cluster_parameter_group_descriptionThe description of the DB cluster parameter group. Defaults to "Managed by Terraform"stringnullno
<a name="input_db_cluster_parameter_group_family"></a> db_cluster_parameter_group_familyThe family of the DB cluster parameter groupstring""no
<a name="input_db_cluster_parameter_group_name"></a> db_cluster_parameter_group_nameThe name of the DB cluster parameter groupstringnullno
<a name="input_db_cluster_parameter_group_parameters"></a> db_cluster_parameter_group_parametersA list of DB cluster parameters to apply. Note that parameters may differ from a family to an otherlist(map(string))[]no
<a name="input_db_cluster_parameter_group_use_name_prefix"></a> db_cluster_parameter_group_use_name_prefixDetermines whether the DB cluster parameter group name is used as a prefixbooltrueno
<a name="input_db_parameter_group_description"></a> db_parameter_group_descriptionThe description of the DB parameter group. Defaults to "Managed by Terraform"stringnullno
<a name="input_db_parameter_group_family"></a> db_parameter_group_familyThe family of the DB parameter groupstring""no
<a name="input_db_parameter_group_name"></a> db_parameter_group_nameThe name of the DB parameter groupstringnullno
<a name="input_db_parameter_group_parameters"></a> db_parameter_group_parametersA list of DB parameters to apply. Note that parameters may differ from a family to an otherlist(map(string))[]no
<a name="input_db_parameter_group_use_name_prefix"></a> db_parameter_group_use_name_prefixDetermines whether the DB parameter group name is used as a prefixbooltrueno
<a name="input_db_subnet_group_name"></a> db_subnet_group_nameThe name of the subnet group name (existing or created)string""no
<a name="input_delete_automated_backups"></a> delete_automated_backupsSpecifies whether to remove automated backups immediately after the DB cluster is deletedboolnullno
<a name="input_deletion_protection"></a> deletion_protectionIf the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is falseboolnullno
<a name="input_domain"></a> domainThe ID of the Directory Service Active Directory domain to create the instance instringnullno
<a name="input_domain_iam_role_name"></a> domain_iam_role_name(Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Servicestringnullno
<a name="input_enable_global_write_forwarding"></a> enable_global_write_forwardingWhether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster's primary clusterboolnullno
<a name="input_enable_http_endpoint"></a> enable_http_endpointEnable HTTP endpoint (data API). Only valid when engine_mode is set to serverlessboolnullno
<a name="input_enable_local_write_forwarding"></a> enable_local_write_forwardingWhether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.boolnullno
<a name="input_enabled_cloudwatch_logs_exports"></a> enabled_cloudwatch_logs_exportsSet of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresqllist(string)[]no
<a name="input_endpoints"></a> endpointsMap of additional cluster endpoints and their attributes to be createdany{}no
<a name="input_engine"></a> engineThe name of the database engine to be used for this DB cluster. Defaults to aurora. Valid Values: aurora, aurora-mysql, aurora-postgresqlstringnullno
<a name="input_engine_lifecycle_support"></a> engine_lifecycle_supportThe life cycle type for this DB instance. This setting is valid for cluster types Aurora DB clusters and Multi-AZ DB clusters. Valid values are open-source-rds-extended-support, open-source-rds-extended-support-disabled. Default value is open-source-rds-extended-support.stringnullno
<a name="input_engine_mode"></a> engine_modeThe database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless. Defaults to: provisionedstring"provisioned"no
<a name="input_engine_native_audit_fields_included"></a> engine_native_audit_fields_includedSpecifies whether the database activity stream includes engine-native audit fields. This option only applies to an Oracle DB instance. By default, no engine-native audit fields are includedboolfalseno
<a name="input_engine_version"></a> engine_versionThe database engine version. Updating this argument results in an outagestringnullno
<a name="input_final_snapshot_identifier"></a> final_snapshot_identifierThe name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be madestringnullno
<a name="input_global_cluster_identifier"></a> global_cluster_identifierThe global cluster identifier specified on aws_rds_global_clusterstringnullno
<a name="input_iam_database_authentication_enabled"></a> iam_database_authentication_enabledSpecifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabledboolnullno
<a name="input_iam_role_description"></a> iam_role_descriptionDescription of the monitoring rolestringnullno
<a name="input_iam_role_force_detach_policies"></a> iam_role_force_detach_policiesWhether to force detaching any policies the monitoring role has before destroying itboolnullno
<a name="input_iam_role_managed_policy_arns"></a> iam_role_managed_policy_arnsSet of exclusive IAM managed policy ARNs to attach to the monitoring rolelist(string)nullno
<a name="input_iam_role_max_session_duration"></a> iam_role_max_session_durationMaximum session duration (in seconds) that you want to set for the monitoring rolenumbernullno
<a name="input_iam_role_name"></a> iam_role_nameFriendly name of the monitoring rolestringnullno
<a name="input_iam_role_path"></a> iam_role_pathPath for the monitoring rolestringnullno
<a name="input_iam_role_permissions_boundary"></a> iam_role_permissions_boundaryThe ARN of the policy that is used to set the permissions boundary for the monitoring rolestringnullno
<a name="input_iam_role_use_name_prefix"></a> iam_role_use_name_prefixDetermines whether to use iam_role_name as is or create a unique name beginning with the iam_role_name as the prefixboolfalseno
<a name="input_iam_roles"></a> iam_rolesMap of IAM roles and supported feature names to associate with the clustermap(map(string)){}no
<a name="input_instance_class"></a> instance_classInstance type to use at master instance. Note: if autoscaling_enabled is true, this will be the same instance class used on instances created by autoscalingstring""no
<a name="input_instance_timeouts"></a> instance_timeoutsCreate, update, and delete timeout configurations for the cluster instance(s)map(string){}no
<a name="input_instances"></a> instancesMap of cluster instances and any specific/overriding attributes to be createdany{}no
<a name="input_instances_use_identifier_prefix"></a> instances_use_identifier_prefixDetermines whether cluster instance identifiers are used as prefixesboolfalseno
<a name="input_iops"></a> iopsThe amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB clusternumbernullno
<a name="input_is_primary_cluster"></a> is_primary_clusterDetermines whether cluster is primary cluster with writer instance (set to false for global cluster and replica clusters)booltrueno
<a name="input_kms_key_id"></a> kms_key_idThe ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to truestringnullno
<a name="input_manage_master_user_password"></a> manage_master_user_passwordSet to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is providedbooltrueno
<a name="input_manage_master_user_password_rotation"></a> manage_master_user_password_rotationWhether to manage the master user password rotation. Setting this value to false after previously having been set to true will disable automatic rotation.boolfalseno
<a name="input_master_password"></a> master_passwordPassword for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Required unless manage_master_user_password is set to true or unless snapshot_identifier or replication_source_identifier is provided or unless a global_cluster_identifier is provided when the cluster is the secondary cluster of a global databasestringnullno
<a name="input_master_user_password_rotate_immediately"></a> master_user_password_rotate_immediatelySpecifies whether to rotate the secret immediately or wait until the next scheduled rotation window.boolnullno
<a name="input_master_user_password_rotation_automatically_after_days"></a> master_user_password_rotation_automatically_after_daysSpecifies the number of days between automatic scheduled rotations of the secret. Either master_user_password_rotation_automatically_after_days or master_user_password_rotation_schedule_expression must be specifiednumbernullno
<a name="input_master_user_password_rotation_duration"></a> master_user_password_rotation_durationThe length of the rotation window in hours. For example, 3h for a three hour window.stringnullno
<a name="input_master_user_password_rotation_schedule_expression"></a> master_user_password_rotation_schedule_expressionA cron() or rate() expression that defines the schedule for rotating your secret. Either master_user_password_rotation_automatically_after_days or master_user_password_rotation_schedule_expression must be specifiedstringnullno
<a name="input_master_user_secret_kms_key_id"></a> master_user_secret_kms_key_idThe Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS keystringnullno
<a name="input_master_username"></a> master_usernameUsername for the master DB user. Required unless snapshot_identifier or replication_source_identifier is provided or unless a global_cluster_identifier is provided when the cluster is the secondary cluster of a global databasestringnullno
<a name="input_monitoring_interval"></a> monitoring_intervalThe interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disable. Default is 0number0no
<a name="input_monitoring_role_arn"></a> monitoring_role_arnIAM role used by RDS to send enhanced monitoring metrics to CloudWatchstring""no
<a name="input_name"></a> nameName used across resources createdstring""no
<a name="input_network_type"></a> network_typeThe type of network stack to use (IPV4 or DUAL)stringnullno
<a name="input_performance_insights_enabled"></a> performance_insights_enabledSpecifies whether Performance Insights is enabled or notboolnullno
<a name="input_performance_insights_kms_key_id"></a> performance_insights_kms_key_idThe ARN for the KMS key to encrypt Performance Insights datastringnullno
<a name="input_performance_insights_retention_period"></a> performance_insights_retention_periodAmount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)numbernullno
<a name="input_port"></a> portThe port on which the DB accepts connectionsstringnullno
<a name="input_predefined_metric_type"></a> predefined_metric_typeThe metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnectionsstring"RDSReaderAverageCPUUtilization"no
<a name="input_preferred_backup_window"></a> preferred_backup_windowThe daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTCstring"02:00-03:00"no
<a name="input_preferred_maintenance_window"></a> preferred_maintenance_windowThe weekly time range during which system maintenance can occur, in (UTC)string"sun:05:00-sun:06:00"no
<a name="input_publicly_accessible"></a> publicly_accessibleDetermines whether instances are publicly accessible. Default falseboolnullno
<a name="input_putin_khuylo"></a> putin_khuyloDo you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!booltrueno
<a name="input_replication_source_identifier"></a> replication_source_identifierARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replicastringnullno
<a name="input_restore_to_point_in_time"></a> restore_to_point_in_timeMap of nested attributes for cloning Aurora clustermap(string){}no
<a name="input_s3_import"></a> s3_importConfiguration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported)map(string){}no
<a name="input_scaling_configuration"></a> scaling_configurationMap of nested attributes with scaling properties. Only valid when engine_mode is set to serverlessmap(string){}no
<a name="input_security_group_description"></a> security_group_descriptionThe description of the security group. If value is set to empty string it will contain cluster name in the descriptionstringnullno
<a name="input_security_group_name"></a> security_group_nameThe security group name. Default value is (var.name)string""no
<a name="input_security_group_rules"></a> security_group_rulesMap of security group rules to add to the cluster security group createdany{}no
<a name="input_security_group_tags"></a> security_group_tagsAdditional tags for the security groupmap(string){}no
<a name="input_security_group_use_name_prefix"></a> security_group_use_name_prefixDetermines whether the security group name (var.name) is used as a prefixbooltrueno
<a name="input_serverlessv2_scaling_configuration"></a> serverlessv2_scaling_configurationMap of nested attributes with serverless v2 scaling properties. Only valid when engine_mode is set to provisionedmap(string){}no
<a name="input_skip_final_snapshot"></a> skip_final_snapshotDetermines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is createdboolfalseno
<a name="input_snapshot_identifier"></a> snapshot_identifierSpecifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshotstringnullno
<a name="input_source_region"></a> source_regionThe source region for an encrypted replica DB clusterstringnullno
<a name="input_storage_encrypted"></a> storage_encryptedSpecifies whether the DB cluster is encrypted. The default is truebooltrueno
<a name="input_storage_type"></a> storage_typeDetermines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ: aurora, "" (default, both refer to Aurora Standard), aurora-iopt1 (Aurora I/O Optimized). Valid values for Multi-AZ: io1 (default).stringnullno
<a name="input_subnets"></a> subnetsList of subnet IDs used by database subnet group createdlist(string)[]no
<a name="input_tags"></a> tagsA map of tags to add to all resourcesmap(string){}no
<a name="input_vpc_id"></a> vpc_idID of the VPC where to create security groupstring""no
<a name="input_vpc_security_group_ids"></a> vpc_security_group_idsList of VPC security groups to associate to the cluster in addition to the security group createdlist(string)[]no

Outputs

NameDescription
<a name="output_additional_cluster_endpoints"></a> additional_cluster_endpointsA map of additional cluster endpoints and their attributes
<a name="output_cluster_arn"></a> cluster_arnAmazon Resource Name (ARN) of cluster
<a name="output_cluster_ca_certificate_identifier"></a> cluster_ca_certificate_identifierCA identifier of the CA certificate used for the DB instance's server certificate
<a name="output_cluster_ca_certificate_valid_till"></a> cluster_ca_certificate_valid_tillExpiration date of the DB instance’s server certificate
<a name="output_cluster_database_name"></a> cluster_database_nameName for an automatically created database on cluster creation
<a name="output_cluster_endpoint"></a> cluster_endpointWriter endpoint for the cluster
<a name="output_cluster_engine_version_actual"></a> cluster_engine_version_actualThe running version of the cluster database
<a name="output_cluster_hosted_zone_id"></a> cluster_hosted_zone_idThe Route53 Hosted Zone ID of the endpoint
<a name="output_cluster_id"></a> cluster_idThe RDS Cluster Identifier
<a name="output_cluster_instances"></a> cluster_instancesA map of cluster instances and their attributes
<a name="output_cluster_master_password"></a> cluster_master_passwordThe database master password
<a name="output_cluster_master_user_secret"></a> cluster_master_user_secretThe generated database master user secret when manage_master_user_password is set to true
<a name="output_cluster_master_username"></a> cluster_master_usernameThe database master username
<a name="output_cluster_members"></a> cluster_membersList of RDS Instances that are a part of this cluster
<a name="output_cluster_port"></a> cluster_portThe database port
<a name="output_cluster_reader_endpoint"></a> cluster_reader_endpointA read-only endpoint for the cluster, automatically load-balanced across replicas
<a name="output_cluster_resource_id"></a> cluster_resource_idThe RDS Cluster Resource ID
<a name="output_cluster_role_associations"></a> cluster_role_associationsA map of IAM roles associated with the cluster and their attributes
<a name="output_db_cluster_activity_stream_kinesis_stream_name"></a> db_cluster_activity_stream_kinesis_stream_nameThe name of the Amazon Kinesis data stream to be used for the database activity stream
<a name="output_db_cluster_cloudwatch_log_groups"></a> db_cluster_cloudwatch_log_groupsMap of CloudWatch log groups created and their attributes
<a name="output_db_cluster_parameter_group_arn"></a> db_cluster_parameter_group_arnThe ARN of the DB cluster parameter group created
<a name="output_db_cluster_parameter_group_id"></a> db_cluster_parameter_group_idThe ID of the DB cluster parameter group created
<a name="output_db_cluster_secretsmanager_secret_rotation_enabled"></a> db_cluster_secretsmanager_secret_rotation_enabledSpecifies whether automatic rotation is enabled for the secret
<a name="output_db_parameter_group_arn"></a> db_parameter_group_arnThe ARN of the DB parameter group created
<a name="output_db_parameter_group_id"></a> db_parameter_group_idThe ID of the DB parameter group created
<a name="output_db_subnet_group_name"></a> db_subnet_group_nameThe db subnet group name
<a name="output_enhanced_monitoring_iam_role_arn"></a> enhanced_monitoring_iam_role_arnThe Amazon Resource Name (ARN) specifying the enhanced monitoring role
<a name="output_enhanced_monitoring_iam_role_name"></a> enhanced_monitoring_iam_role_nameThe name of the enhanced monitoring role
<a name="output_enhanced_monitoring_iam_role_unique_id"></a> enhanced_monitoring_iam_role_unique_idStable and unique string identifying the enhanced monitoring role
<a name="output_security_group_id"></a> security_group_idThe security group ID of the cluster
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

Additional information for users from Russia and Belarus