Aurora Module
This module creates an Amazon Aurora, a MySQL and PostgreSQL compatible relational database built for the cloud.
What Is Amazon Aurora?
Amazon Aurora is a fully managed relational database engine that's compatible with MySQL and PostgreSQL. The code, tools, and applications you use today with your existing MySQL and PostgreSQL databases can be used with Aurora. With some workloads, Aurora can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.
How do you connect to the database?
This module provides the connection details as Terraform output variables:
- Cluster endpoint: The endpoint for the whole cluster. You should always use this URL for writes, as it points to the primary.
- Instance endpoints: A comma-separated list of all DB instance URLs in the cluster, including the primary and all read replicas. Use these URLs for reads (see "How do you scale this DB?" below).
- Port: The port to use to connect to the endpoints above.
For more info, see Aurora endpoints.
You can programmatically extract these variables in your Terraform templates and pass them to other resources (e.g.
pass them to User Data in your EC2 instances). You'll also see the variables at the end of each terraform apply
call
or if you run terraform output
.
How do you scale this database?
- Storage: Aurora manages storage for you, automatically growing cluster volume in 10GB increments up to 64TB.
- Vertical scaling: To scale vertically (i.e. bigger DB instances with more CPU and RAM), use the
instance_type
input variable. For a list of AWS RDS server types, see Aurora Pricing. - Horizontal scaling: To scale horizontally, you can add more replicas using the
instance_count
input variable, and Aurora will automatically deploy the new instances, sync them to the primary, and make them available as read replicas.
For more info, see Managing an Amazon Aurora DB Cluster.
How do you configure this module?
This module allows you to configure a number of parameters, such as backup windows, maintenance window, port number, and encryption. For a list of all available variables and their descriptions, see variables.tf.
How do you create a cross-region read replica cluster?
After creating a primary cluster, create another cluster in the secondary region and pass the cluster ARN and region of the primary cluster:
module "replica" {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v1.0.8"
# ... other parameters omitted ...
replication_source_identifier = "arn:aws:rds:us-east-2:123456789012:cluster:example"
source_region = "us-east-2"
}
See the example here for more details.
How do you destroy a cross-region read replica?
You must first promote it to a primary cluster, then destroy it.
You can promote it via the RDS Console (Actions → Promote), or
with aws rds promote-read-replica-db-cluster --db-cluster-identifier <identifier>
.
After that, run terraform destroy
as you normally would.
Known Issues
Requires terraform provider version 1.32 or newer due to the serverless options
DBInstance not found
As of August 29, 2017, Terraform 0.10.x has an issue where when you apply an RDS Aurora Instance for the first time, you may sometimes receive the following error:
aws_rds_cluster.cluster_with_encryption: Error modifying DB Instance aurora-test: DBInstanceNotFound: DBInstance not found: aurora-test
status code: 404, request id: 040094aa-8c62-11e7-baa6-0d7ac77494f1
This error occurs because Terraform first creates the database cluster, then creates one or more database instances, and then queries the AWS API for the IDs of those database instances. But Terraform does not wait long enough for the AWS API to propagate these instances to all AWS API endpoints, so AWS initially replies that the given database instance name was not found.
Fortunately, this issue has a simple fix. After waiting a few seconds, the AWS API will not return the database
instances that we expect, so simply re-run terraform apply
and the operation should complete successfully.
Limitations with Aurora Serverless
The following limitations apply to Aurora Serverless :
- The port number for connections must be:
3306
for Aurora MySQL5432
for Aurora PostgreSQL
- You can't give an Aurora Serverless DB cluster a public IP address. You can access an Aurora Serverless DB cluster only from within a virtual private cloud (VPC) based on the Amazon VPC service.
- A connection to an Aurora Serverless DB cluster is closed automatically if it stays open for longer than one day.
- Aurora Replicas
- Amazon RDS Performance Insights
For more info on limitations, see Limitations of Aurora Serverless.
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S AURORA MODULE
# ------------------------------------------------------------------------------------------------------
module "aurora" {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.2"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# How many instances to launch. RDS will automatically pick a leader and
# configure the others as replicas.
instance_count = <number>
# The instance type from an Amazon Aurora supported instance class based on a
# selected engine_mode. Amazon Aurora supports 2 types of instance classes:
# Memory Optimized (db.r) and Burstable Performance (db.t). Aurora Global
# Clusters require instance class of either db.r5 (latest) or db.r4 (current).
# See AWS documentation on Amazon Aurora supported instance class types:
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html#Concepts.DBInstanceClass.Types
instance_type = <string>
# The name used to namespace all resources created by these templates,
# including the cluster and cluster instances (e.g. drupaldb). Must be unique
# in this region. Must be a lowercase string.
name = <string>
# A list of subnet ids where the database instances should be deployed. In the
# standard Gruntwork VPC setup, these should be the private persistence subnet
# ids. This is ignored if create_subnet_group=false.
subnet_ids = <list(string)>
# The id of the VPC in which this DB should be deployed.
vpc_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of CIDR-formatted IP address ranges that can connect to this DB. In
# the standard Gruntwork VPC setup, these should be the CIDR blocks of the
# private app subnets, plus the private subnets in the mgmt VPC.
allow_connections_from_cidr_blocks = []
# Specifies a list of Security Groups to allow connections from.
allow_connections_from_security_groups = []
# Enable to allow major engine version upgrades when changing engine versions.
allow_major_version_upgrade = false
# Specifies whether any cluster modifications are applied immediately, or
# during the next maintenance window. Note that cluster modifications may
# cause degraded performance or downtime.
apply_immediately = false
# Configure the auto minor version upgrade behavior. This is applied to the
# cluster instances and indicates if the automatic minor version upgrade of
# the engine is allowed. Default value is true.
auto_minor_version_upgrade = true
# The description of the aws_db_security_group that is created. Defaults to
# 'Security group for the var.name DB' if not specified.
aws_db_security_group_description = null
# The name of the aws_db_security_group that is created. Defaults to var.name
# if not specified.
aws_db_security_group_name = null
# The description of the aws_db_subnet_group that is created. Defaults to
# 'Subnet group for the var.name DB' if not specified.
aws_db_subnet_group_description = null
# The name of the aws_db_subnet_group that is created, or an existing one to
# use if create_subnet_group is false. Defaults to var.name if not specified.
aws_db_subnet_group_name = null
# Window to allow Aurora Backtrack a special, in-place, destructive rollback
# for the entire cluster. Must be specified in seconds. 0=disabled, to maximum
# of 259200
backtrack_window = null
# How many days to keep backup snapshots around before cleaning them up
backup_retention_period = 21
# The Certificate Authority (CA) certificate bundle to use on the Aurora DB
# instances.
ca_cert_identifier = null
# List of IAM role ARNs to attach to the cluster. Be sure these roles exists.
# They will not be created here. Serverless aurora does not support attaching
# IAM roles.
cluster_iam_roles = []
# Amount of time, in minutes, to allow for DB maintenance windows for the
# cluster instances
cluster_instances_maintenance_duration_minutes = 120
# The cluster instances maintenance window start in RFC 3339 timestamp (date
# and time) format. The default starts at "wed:00:00-wed:02:00". Can have any
# date from any year, only the day of the week will be used. Performance may
# be degraded or there may even be a downtime during maintenance windows.
cluster_instances_maintenance_window_start_timestamp = "2017-11-22T00:00:00Z"
# Amount of time, in minutes, between maintenance windows of the cluster
# instances
cluster_instances_minutes_between_maintenance_windows = 180
# A map of tags to apply to the Aurora RDS Cluster. The key is the tag name
# and the value is the tag value.
cluster_tags = {}
# Copy all the Aurora cluster tags to snapshots. Default is false.
copy_tags_to_snapshot = false
# If false, the DB will bind to aws_db_subnet_group_name and the CIDR will be
# ignored (allow_connections_from_cidr_blocks).
create_subnet_group = true
# Timeout for DB creating
creating_timeout = "120m"
# A map of custom tags to apply to the Aurora RDS Instance and the Security
# Group created for it. The key is the tag name and the value is the tag
# value.
custom_tags = {}
# A cluster parameter group to associate with the cluster. Parameters in a DB
# cluster parameter group apply to every DB instance in a DB cluster.
db_cluster_parameter_group_name = null
# An instance parameter group to associate with the cluster instances.
# Parameters in a DB parameter group apply to a single DB instance in an
# Aurora DB cluster.
db_instance_parameter_group_name = null
# The name for your database of up to 8 alpha-numeric characters. If you do
# not provide a name, Amazon RDS will not create a database in the DB cluster
# you are creating.
db_name = null
# Timeout for DB deleting
deleting_timeout = "120m"
# If the DB instance should have deletion protection enabled. The database
# can't be deleted when this value is set to true.
deletion_protection = false
# If true, enables the HTTP endpoint used for Data API. Only valid when
# engine_mode is set to serverless.
enable_http_endpoint = null
# If non-empty, the Aurora cluster will export the specified logs to
# Cloudwatch. Must be zero or more of: audit, error, general and slowquery
enabled_cloudwatch_logs_exports = []
# The name of the database engine to be used for this DB cluster. Valid
# Values: aurora-mysql (for MySQL 5.7-compatible Aurora), and
# aurora-postgresql
engine = "aurora-mysql"
# The DB engine mode of the DB cluster: either provisioned, serverless,
# parallelquery, multimaster or global which only applies for global database
# clusters created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
# versions, the clusters in a global database use provisioned engine mode..
# Limitations and requirements apply to some DB engine modes. See AWS
# documentation:
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraSettingUp.html
engine_mode = "provisioned"
# The Amazon Aurora DB engine version for the selected engine and engine_mode.
# Note: Starting with Aurora MySQL 2.03.2, Aurora engine versions have the
# following syntax <mysql-major-version>.mysql_aurora.<aurora-mysql-version>.
# e.g. 5.7.mysql_aurora.2.08.1.
engine_version = null
# The name of the final_snapshot_identifier. Defaults to
# var.name-final-snapshot if not specified.
final_snapshot_name = null
# Global cluster identifier when creating the global secondary cluster.
global_cluster_identifier = null
# Specifies whether mappings of AWS Identity and Access Management (IAM)
# accounts to database accounts is enabled. Disabled by default.
iam_database_authentication_enabled = false
# A map of tags to apply to the Aurora RDS Instances. The key is the tag name
# and the value is the tag value.
instance_tags = {}
# The ARN of a KMS key that should be used to encrypt data on disk. Only used
# if var.storage_encrypted is true. If you leave this null, the default RDS
# KMS key for the account will be used.
kms_key_arn = null
# Set to true to allow RDS to manage the master user password in Secrets
# Manager. Cannot be set if password is provided.
manage_master_user_password = null
# The password for the master user. Required unless this is a secondary
# database in a global Aurora cluster. If var.snapshot_identifier is
# non-empty, this value is ignored.
master_password = null
# The Amazon Web Services KMS key identifier is the key ARN, key ID, alias
# ARN, or alias name for the KMS key. To use a KMS key in a different Amazon
# Web Services account, specify the key ARN or alias ARN. If not specified,
# the default KMS key for your Amazon Web Services account is used.
master_user_secret_kms_key_id = null
# The username for the master user. Required unless this is a secondary
# database in a global Aurora cluster.
master_username = null
# The interval, in seconds, between points when Enhanced Monitoring metrics
# are collected for the DB instance. To disable collecting Enhanced Monitoring
# metrics, specify 0. Allowed values: 0, 1, 5, 15, 30, 60. Enhanced Monitoring
# metrics are useful when you want to see how different processes or threads
# on a DB instance use the CPU.
monitoring_interval = 0
# The ARN for the IAM role that permits RDS to send enhanced monitoring
# metrics to CloudWatch Logs. Be sure this role exists. It will not be created
# here. You must specify a MonitoringInterval value other than 0 when you
# specify a MonitoringRoleARN value that is not empty string.
monitoring_role_arn = null
# Specifies whether Performance Insights is enabled or not. On Aurora MySQL,
# Performance Insights is not supported on db.t2 or db.t3 DB instance classes.
performance_insights_enabled = false
# The ARN for the KMS key to encrypt Performance Insights data.
performance_insights_kms_key_id = null
# The amount of time in days to retain Performance Insights data. Either 7 (7
# days) or 731 (2 years). When specifying
# performance_insights_retention_period, performance_insights_enabled needs to
# be set to true. Defaults to `7`.
performance_insights_retention_period = null
# The port the DB will listen on (e.g. 3306)
port = 3306
# The daily time range during which automated backups are created (e.g.
# 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup
# runs.
preferred_backup_window = "06:00-07:00"
# The weekly day and time range during which cluster maintenance can occur
# (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or
# there may even be a downtime during maintenance windows. For cluster
# instance maintenance, see
# "cluster_instances_maintenance_window_start_timestamp"
preferred_maintenance_window = "sun:07:00-sun:08:00"
# If you wish to make your database accessible from the public Internet, set
# this flag to true (WARNING: NOT RECOMMENDED FOR PRODUCTION USAGE!!). The
# default is false, which means the database is only accessible from within
# the VPC, which is much more secure.
publicly_accessible = false
# Whether to enable read replica auto scaling
read_replica_scaling_enabled = false
# Max capacity of the read replica.
read_replica_scaling_max_capacity = null
# The predefine metric type that determine the scaling operation.
read_replica_scaling_metric_type = "RDSReaderAverageCPUUtilization"
# The predefine metric value that determine the scaling operation.
read_replica_scaling_metric_value = null
# Min capacity of the read replica.
read_replica_scaling_min_capacity = null
# ARN of a source DB cluster or DB instance if this DB cluster is to be
# created as a Read Replica.
replication_source_identifier = null
# If non-empty, the Aurora cluster will be restored from the given source
# cluster using the latest restorable time. Can only be used if
# snapshot_identifier is null. For more information see
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html
restore_source_cluster_identifier = null
# Only used if 'restore_source_cluster_identifier' is non-empty. Date and time
# in UTC format to restore the database cluster to (e.g,
# 2009-09-07T23:45:00Z). When null, the latest restorable time will be used.
restore_to_time = null
# Only used if 'restore_source_cluster_identifier' is non-empty. Type of
# restore to be performed. Valid options are 'full-copy' and 'copy-on-write'.
restore_type = null
# Whether to enable automatic pause. A DB cluster can be paused only when it's
# idle (it has no connections). If a DB cluster is paused for more than seven
# days, the DB cluster might be backed up with a snapshot. In this case, the
# DB cluster is restored when there is a request to connect to it.
scaling_configuration_auto_pause = true
# The maximum capacity. The maximum capacity must be greater than or equal to
# the minimum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128,
# and 256.
scaling_configuration_max_capacity = 256
# The maximum capacity for an Aurora DB cluster in provisioned DB engine mode.
# The maximum capacity must be greater than or equal to the minimum capacity.
# Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
scaling_configuration_max_capacity_V2 = 128
# The minimum capacity. The minimum capacity must be lesser than or equal to
# the maximum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128,
# and 256.
scaling_configuration_min_capacity = 2
# The minimum capacity for an Aurora DB cluster in provisioned DB engine mode.
# The minimum capacity must be lesser than or equal to the maximum capacity.
# Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
scaling_configuration_min_capacity_V2 = 0.5
# The time, in seconds, before an Aurora DB cluster in serverless mode is
# paused. Valid values are 300 through 86400.
scaling_configuration_seconds_until_auto_pause = 300
# The action to take when the timeout is reached. Valid values:
# ForceApplyCapacityChange, RollbackCapacityChange. Defaults to
# RollbackCapacityChange.
scaling_configuration_timeout_action = "RollbackCapacityChange"
# Determines whether a final DB snapshot is created before the DB instance is
# deleted. Be very careful setting this to true; if you do, and you delete
# this DB instance, you will not have any backups of the data!
skip_final_snapshot = false
# If non-empty, the Aurora cluster will be restored from the given Snapshot
# ID. This is the Snapshot ID you'd find in the RDS console, e.g:
# rds:production-2015-06-26-06-05.
snapshot_identifier = null
# Source region for global secondary cluster (if creating a global cluster) or
# the master cluster (if creating a read replica cluster).
source_region = null
# Specifies whether the DB cluster uses encryption for data at rest in the
# underlying storage for the DB, its automated backups, Read Replicas, and
# snapshots. Uses the default aws/rds key in KMS.
storage_encrypted = true
# Specifies the storage type to be associated with the DB cluster. For Aurora
# DB clusters, storage_type modifications can be done in-place. For Multi-AZ
# DB Clusters, the iops argument must also be set. Valid values are:
# aurora-iopt1 (Aurora DB Clusters); io1 (Multi-AZ DB Clusters).
storage_type = null
# Timeout for DB updating
updating_timeout = "120m"
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S AURORA MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.2"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# How many instances to launch. RDS will automatically pick a leader and
# configure the others as replicas.
instance_count = <number>
# The instance type from an Amazon Aurora supported instance class based on a
# selected engine_mode. Amazon Aurora supports 2 types of instance classes:
# Memory Optimized (db.r) and Burstable Performance (db.t). Aurora Global
# Clusters require instance class of either db.r5 (latest) or db.r4 (current).
# See AWS documentation on Amazon Aurora supported instance class types:
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html#Concepts.DBInstanceClass.Types
instance_type = <string>
# The name used to namespace all resources created by these templates,
# including the cluster and cluster instances (e.g. drupaldb). Must be unique
# in this region. Must be a lowercase string.
name = <string>
# A list of subnet ids where the database instances should be deployed. In the
# standard Gruntwork VPC setup, these should be the private persistence subnet
# ids. This is ignored if create_subnet_group=false.
subnet_ids = <list(string)>
# The id of the VPC in which this DB should be deployed.
vpc_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of CIDR-formatted IP address ranges that can connect to this DB. In
# the standard Gruntwork VPC setup, these should be the CIDR blocks of the
# private app subnets, plus the private subnets in the mgmt VPC.
allow_connections_from_cidr_blocks = []
# Specifies a list of Security Groups to allow connections from.
allow_connections_from_security_groups = []
# Enable to allow major engine version upgrades when changing engine versions.
allow_major_version_upgrade = false
# Specifies whether any cluster modifications are applied immediately, or
# during the next maintenance window. Note that cluster modifications may
# cause degraded performance or downtime.
apply_immediately = false
# Configure the auto minor version upgrade behavior. This is applied to the
# cluster instances and indicates if the automatic minor version upgrade of
# the engine is allowed. Default value is true.
auto_minor_version_upgrade = true
# The description of the aws_db_security_group that is created. Defaults to
# 'Security group for the var.name DB' if not specified.
aws_db_security_group_description = null
# The name of the aws_db_security_group that is created. Defaults to var.name
# if not specified.
aws_db_security_group_name = null
# The description of the aws_db_subnet_group that is created. Defaults to
# 'Subnet group for the var.name DB' if not specified.
aws_db_subnet_group_description = null
# The name of the aws_db_subnet_group that is created, or an existing one to
# use if create_subnet_group is false. Defaults to var.name if not specified.
aws_db_subnet_group_name = null
# Window to allow Aurora Backtrack a special, in-place, destructive rollback
# for the entire cluster. Must be specified in seconds. 0=disabled, to maximum
# of 259200
backtrack_window = null
# How many days to keep backup snapshots around before cleaning them up
backup_retention_period = 21
# The Certificate Authority (CA) certificate bundle to use on the Aurora DB
# instances.
ca_cert_identifier = null
# List of IAM role ARNs to attach to the cluster. Be sure these roles exists.
# They will not be created here. Serverless aurora does not support attaching
# IAM roles.
cluster_iam_roles = []
# Amount of time, in minutes, to allow for DB maintenance windows for the
# cluster instances
cluster_instances_maintenance_duration_minutes = 120
# The cluster instances maintenance window start in RFC 3339 timestamp (date
# and time) format. The default starts at "wed:00:00-wed:02:00". Can have any
# date from any year, only the day of the week will be used. Performance may
# be degraded or there may even be a downtime during maintenance windows.
cluster_instances_maintenance_window_start_timestamp = "2017-11-22T00:00:00Z"
# Amount of time, in minutes, between maintenance windows of the cluster
# instances
cluster_instances_minutes_between_maintenance_windows = 180
# A map of tags to apply to the Aurora RDS Cluster. The key is the tag name
# and the value is the tag value.
cluster_tags = {}
# Copy all the Aurora cluster tags to snapshots. Default is false.
copy_tags_to_snapshot = false
# If false, the DB will bind to aws_db_subnet_group_name and the CIDR will be
# ignored (allow_connections_from_cidr_blocks).
create_subnet_group = true
# Timeout for DB creating
creating_timeout = "120m"
# A map of custom tags to apply to the Aurora RDS Instance and the Security
# Group created for it. The key is the tag name and the value is the tag
# value.
custom_tags = {}
# A cluster parameter group to associate with the cluster. Parameters in a DB
# cluster parameter group apply to every DB instance in a DB cluster.
db_cluster_parameter_group_name = null
# An instance parameter group to associate with the cluster instances.
# Parameters in a DB parameter group apply to a single DB instance in an
# Aurora DB cluster.
db_instance_parameter_group_name = null
# The name for your database of up to 8 alpha-numeric characters. If you do
# not provide a name, Amazon RDS will not create a database in the DB cluster
# you are creating.
db_name = null
# Timeout for DB deleting
deleting_timeout = "120m"
# If the DB instance should have deletion protection enabled. The database
# can't be deleted when this value is set to true.
deletion_protection = false
# If true, enables the HTTP endpoint used for Data API. Only valid when
# engine_mode is set to serverless.
enable_http_endpoint = null
# If non-empty, the Aurora cluster will export the specified logs to
# Cloudwatch. Must be zero or more of: audit, error, general and slowquery
enabled_cloudwatch_logs_exports = []
# The name of the database engine to be used for this DB cluster. Valid
# Values: aurora-mysql (for MySQL 5.7-compatible Aurora), and
# aurora-postgresql
engine = "aurora-mysql"
# The DB engine mode of the DB cluster: either provisioned, serverless,
# parallelquery, multimaster or global which only applies for global database
# clusters created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
# versions, the clusters in a global database use provisioned engine mode..
# Limitations and requirements apply to some DB engine modes. See AWS
# documentation:
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraSettingUp.html
engine_mode = "provisioned"
# The Amazon Aurora DB engine version for the selected engine and engine_mode.
# Note: Starting with Aurora MySQL 2.03.2, Aurora engine versions have the
# following syntax <mysql-major-version>.mysql_aurora.<aurora-mysql-version>.
# e.g. 5.7.mysql_aurora.2.08.1.
engine_version = null
# The name of the final_snapshot_identifier. Defaults to
# var.name-final-snapshot if not specified.
final_snapshot_name = null
# Global cluster identifier when creating the global secondary cluster.
global_cluster_identifier = null
# Specifies whether mappings of AWS Identity and Access Management (IAM)
# accounts to database accounts is enabled. Disabled by default.
iam_database_authentication_enabled = false
# A map of tags to apply to the Aurora RDS Instances. The key is the tag name
# and the value is the tag value.
instance_tags = {}
# The ARN of a KMS key that should be used to encrypt data on disk. Only used
# if var.storage_encrypted is true. If you leave this null, the default RDS
# KMS key for the account will be used.
kms_key_arn = null
# Set to true to allow RDS to manage the master user password in Secrets
# Manager. Cannot be set if password is provided.
manage_master_user_password = null
# The password for the master user. Required unless this is a secondary
# database in a global Aurora cluster. If var.snapshot_identifier is
# non-empty, this value is ignored.
master_password = null
# The Amazon Web Services KMS key identifier is the key ARN, key ID, alias
# ARN, or alias name for the KMS key. To use a KMS key in a different Amazon
# Web Services account, specify the key ARN or alias ARN. If not specified,
# the default KMS key for your Amazon Web Services account is used.
master_user_secret_kms_key_id = null
# The username for the master user. Required unless this is a secondary
# database in a global Aurora cluster.
master_username = null
# The interval, in seconds, between points when Enhanced Monitoring metrics
# are collected for the DB instance. To disable collecting Enhanced Monitoring
# metrics, specify 0. Allowed values: 0, 1, 5, 15, 30, 60. Enhanced Monitoring
# metrics are useful when you want to see how different processes or threads
# on a DB instance use the CPU.
monitoring_interval = 0
# The ARN for the IAM role that permits RDS to send enhanced monitoring
# metrics to CloudWatch Logs. Be sure this role exists. It will not be created
# here. You must specify a MonitoringInterval value other than 0 when you
# specify a MonitoringRoleARN value that is not empty string.
monitoring_role_arn = null
# Specifies whether Performance Insights is enabled or not. On Aurora MySQL,
# Performance Insights is not supported on db.t2 or db.t3 DB instance classes.
performance_insights_enabled = false
# The ARN for the KMS key to encrypt Performance Insights data.
performance_insights_kms_key_id = null
# The amount of time in days to retain Performance Insights data. Either 7 (7
# days) or 731 (2 years). When specifying
# performance_insights_retention_period, performance_insights_enabled needs to
# be set to true. Defaults to `7`.
performance_insights_retention_period = null
# The port the DB will listen on (e.g. 3306)
port = 3306
# The daily time range during which automated backups are created (e.g.
# 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup
# runs.
preferred_backup_window = "06:00-07:00"
# The weekly day and time range during which cluster maintenance can occur
# (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or
# there may even be a downtime during maintenance windows. For cluster
# instance maintenance, see
# "cluster_instances_maintenance_window_start_timestamp"
preferred_maintenance_window = "sun:07:00-sun:08:00"
# If you wish to make your database accessible from the public Internet, set
# this flag to true (WARNING: NOT RECOMMENDED FOR PRODUCTION USAGE!!). The
# default is false, which means the database is only accessible from within
# the VPC, which is much more secure.
publicly_accessible = false
# Whether to enable read replica auto scaling
read_replica_scaling_enabled = false
# Max capacity of the read replica.
read_replica_scaling_max_capacity = null
# The predefine metric type that determine the scaling operation.
read_replica_scaling_metric_type = "RDSReaderAverageCPUUtilization"
# The predefine metric value that determine the scaling operation.
read_replica_scaling_metric_value = null
# Min capacity of the read replica.
read_replica_scaling_min_capacity = null
# ARN of a source DB cluster or DB instance if this DB cluster is to be
# created as a Read Replica.
replication_source_identifier = null
# If non-empty, the Aurora cluster will be restored from the given source
# cluster using the latest restorable time. Can only be used if
# snapshot_identifier is null. For more information see
# https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html
restore_source_cluster_identifier = null
# Only used if 'restore_source_cluster_identifier' is non-empty. Date and time
# in UTC format to restore the database cluster to (e.g,
# 2009-09-07T23:45:00Z). When null, the latest restorable time will be used.
restore_to_time = null
# Only used if 'restore_source_cluster_identifier' is non-empty. Type of
# restore to be performed. Valid options are 'full-copy' and 'copy-on-write'.
restore_type = null
# Whether to enable automatic pause. A DB cluster can be paused only when it's
# idle (it has no connections). If a DB cluster is paused for more than seven
# days, the DB cluster might be backed up with a snapshot. In this case, the
# DB cluster is restored when there is a request to connect to it.
scaling_configuration_auto_pause = true
# The maximum capacity. The maximum capacity must be greater than or equal to
# the minimum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128,
# and 256.
scaling_configuration_max_capacity = 256
# The maximum capacity for an Aurora DB cluster in provisioned DB engine mode.
# The maximum capacity must be greater than or equal to the minimum capacity.
# Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
scaling_configuration_max_capacity_V2 = 128
# The minimum capacity. The minimum capacity must be lesser than or equal to
# the maximum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128,
# and 256.
scaling_configuration_min_capacity = 2
# The minimum capacity for an Aurora DB cluster in provisioned DB engine mode.
# The minimum capacity must be lesser than or equal to the maximum capacity.
# Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
scaling_configuration_min_capacity_V2 = 0.5
# The time, in seconds, before an Aurora DB cluster in serverless mode is
# paused. Valid values are 300 through 86400.
scaling_configuration_seconds_until_auto_pause = 300
# The action to take when the timeout is reached. Valid values:
# ForceApplyCapacityChange, RollbackCapacityChange. Defaults to
# RollbackCapacityChange.
scaling_configuration_timeout_action = "RollbackCapacityChange"
# Determines whether a final DB snapshot is created before the DB instance is
# deleted. Be very careful setting this to true; if you do, and you delete
# this DB instance, you will not have any backups of the data!
skip_final_snapshot = false
# If non-empty, the Aurora cluster will be restored from the given Snapshot
# ID. This is the Snapshot ID you'd find in the RDS console, e.g:
# rds:production-2015-06-26-06-05.
snapshot_identifier = null
# Source region for global secondary cluster (if creating a global cluster) or
# the master cluster (if creating a read replica cluster).
source_region = null
# Specifies whether the DB cluster uses encryption for data at rest in the
# underlying storage for the DB, its automated backups, Read Replicas, and
# snapshots. Uses the default aws/rds key in KMS.
storage_encrypted = true
# Specifies the storage type to be associated with the DB cluster. For Aurora
# DB clusters, storage_type modifications can be done in-place. For Multi-AZ
# DB Clusters, the iops argument must also be set. Valid values are:
# aurora-iopt1 (Aurora DB Clusters); io1 (Multi-AZ DB Clusters).
storage_type = null
# Timeout for DB updating
updating_timeout = "120m"
}
Reference
- Inputs
- Outputs
Required
instance_count
numberHow many instances to launch. RDS will automatically pick a leader and configure the others as replicas.
instance_type
stringThe instance type from an Amazon Aurora supported instance class based on a selected engine_mode. Amazon Aurora supports 2 types of instance classes: Memory Optimized (db.r) and Burstable Performance (db.t). Aurora Global Clusters require instance class of either db.r5 (latest) or db.r4 (current). See AWS documentation on Amazon Aurora supported instance class types: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html#Concepts.DBInstanceClass.Types
name
stringThe name used to namespace all resources created by these templates, including the cluster and cluster instances (e.g. drupaldb). Must be unique in this region. Must be a lowercase string.
subnet_ids
list(string)A list of subnet ids where the database instances should be deployed. In the standard Gruntwork VPC setup, these should be the private persistence subnet ids. This is ignored if create_subnet_group=false.
vpc_id
stringThe id of the VPC in which this DB should be deployed.
Optional
allow_connections_from_cidr_blocks
list(string)A list of CIDR-formatted IP address ranges that can connect to this DB. In the standard Gruntwork VPC setup, these should be the CIDR blocks of the private app subnets, plus the private subnets in the mgmt VPC.
[]
allow_connections_from_security_groups
list(string)Specifies a list of Security Groups to allow connections from.
[]
Enable to allow major engine version upgrades when changing engine versions.
false
Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Note that cluster modifications may cause degraded performance or downtime.
false
Configure the auto minor version upgrade behavior. This is applied to the cluster instances and indicates if the automatic minor version upgrade of the engine is allowed. Default value is true.
true
The description of the aws_db_security_group that is created. Defaults to 'Security group for the name
DB' if not specified.
null
The name of the aws_db_security_group that is created. Defaults to name
if not specified.
null
The description of the aws_db_subnet_group that is created. Defaults to 'Subnet group for the name
DB' if not specified.
null
aws_db_subnet_group_name
stringThe name of the aws_db_subnet_group that is created, or an existing one to use if create_subnet_group is false. Defaults to name
if not specified.
null
backtrack_window
numberWindow to allow Aurora Backtrack a special, in-place, destructive rollback for the entire cluster. Must be specified in seconds. 0=disabled, to maximum of 259200
null
backup_retention_period
numberHow many days to keep backup snapshots around before cleaning them up
21
ca_cert_identifier
stringThe Certificate Authority (CA) certificate bundle to use on the Aurora DB instances.
null
cluster_iam_roles
list(string)List of IAM role ARNs to attach to the cluster. Be sure these roles exists. They will not be created here. Serverless aurora does not support attaching IAM roles.
[]
Amount of time, in minutes, to allow for DB maintenance windows for the cluster instances
120
The cluster instances maintenance window start in RFC 3339 timestamp (date and time) format. The default starts at 'wed:00:00-wed:02:00'. Can have any date from any year, only the day of the week will be used. Performance may be degraded or there may even be a downtime during maintenance windows.
"2017-11-22T00:00:00Z"
Amount of time, in minutes, between maintenance windows of the cluster instances
180
cluster_tags
map(string)A map of tags to apply to the Aurora RDS Cluster. The key is the tag name and the value is the tag value.
{}
Copy all the Aurora cluster tags to snapshots. Default is false.
false
If false, the DB will bind to aws_db_subnet_group_name and the CIDR will be ignored (allow_connections_from_cidr_blocks).
true
creating_timeout
stringTimeout for DB creating
"120m"
custom_tags
map(string)A map of custom tags to apply to the Aurora RDS Instance and the Security Group created for it. The key is the tag name and the value is the tag value.
{}
A cluster parameter group to associate with the cluster. Parameters in a DB cluster parameter group apply to every DB instance in a DB cluster.
null
An instance parameter group to associate with the cluster instances. Parameters in a DB parameter group apply to a single DB instance in an Aurora DB cluster.
null
db_name
stringThe name for your database of up to 8 alpha-numeric characters. If you do not provide a name, Amazon RDS will not create a database in the DB cluster you are creating.
null
deleting_timeout
stringTimeout for DB deleting
"120m"
If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true.
false
If true, enables the HTTP endpoint used for Data API. Only valid when engine_mode is set to serverless.
null
enabled_cloudwatch_logs_exports
list(string)If non-empty, the Aurora cluster will export the specified logs to Cloudwatch. Must be zero or more of: audit, error, general and slowquery
[]
engine
stringThe name of the database engine to be used for this DB cluster. Valid Values: aurora-mysql (for MySQL 5.7-compatible Aurora), and aurora-postgresql
"aurora-mysql"
engine_mode
stringThe DB engine mode of the DB cluster: either provisioned, serverless, parallelquery, multimaster or global which only applies for global database clusters created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL versions, the clusters in a global database use provisioned engine mode.. Limitations and requirements apply to some DB engine modes. See AWS documentation: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraSettingUp.html
"provisioned"
engine_version
stringThe Amazon Aurora DB engine version for the selected engine and engine_mode. Note: Starting with Aurora MySQL 2.03.2, Aurora engine versions have the following syntax <mysql-major-version>.mysql_aurora.<aurora-mysql-version>. e.g. 5.7.mysql_aurora.2.08.1.
null
final_snapshot_name
stringThe name of the final_snapshot_identifier. Defaults to name
-final-snapshot if not specified.
null
Global cluster identifier when creating the global secondary cluster.
null
Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Disabled by default.
false
instance_tags
map(string)A map of tags to apply to the Aurora RDS Instances. The key is the tag name and the value is the tag value.
{}
kms_key_arn
stringThe ARN of a KMS key that should be used to encrypt data on disk. Only used if storage_encrypted
is true. If you leave this null, the default RDS KMS key for the account will be used.
null
Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password is provided.
null
master_password
stringThe password for the master user. Required unless this is a secondary database in a global Aurora cluster. If snapshot_identifier
is non-empty, this value is ignored.
null
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.
null
master_username
stringThe username for the master user. Required unless this is a secondary database in a global Aurora cluster.
null
monitoring_interval
numberThe interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Allowed values: 0, 1, 5, 15, 30, 60. Enhanced Monitoring metrics are useful when you want to see how different processes or threads on a DB instance use the CPU.
0
monitoring_role_arn
stringThe ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Be sure this role exists. It will not be created here. You must specify a MonitoringInterval value other than 0 when you specify a MonitoringRoleARN value that is not empty string.
null
Specifies whether Performance Insights is enabled or not. On Aurora MySQL, Performance Insights is not supported on db.t2 or db.t3 DB instance classes.
false
The ARN for the KMS key to encrypt Performance Insights data.
null
The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). When specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true. Defaults to 7
.
null
port
numberThe port the DB will listen on (e.g. 3306)
3306
preferred_backup_window
stringThe daily time range during which automated backups are created (e.g. 04:00-09:00). Time zone is UTC. Performance may be degraded while a backup runs.
"06:00-07:00"
The weekly day and time range during which cluster maintenance can occur (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or there may even be a downtime during maintenance windows. For cluster instance maintenance, see 'cluster_instances_maintenance_window_start_timestamp'
"sun:07:00-sun:08:00"
If you wish to make your database accessible from the public Internet, set this flag to true (WARNING: NOT RECOMMENDED FOR PRODUCTION USAGE!!). The default is false, which means the database is only accessible from within the VPC, which is much more secure.
false
Whether to enable read replica auto scaling
false
Max capacity of the read replica.
null
The predefine metric type that determine the scaling operation.
"RDSReaderAverageCPUUtilization"
The predefine metric value that determine the scaling operation.
null
Min capacity of the read replica.
null
ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica.
null
If non-empty, the Aurora cluster will be restored from the given source cluster using the latest restorable time. Can only be used if snapshot_identifier is null. For more information see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html
null
restore_to_time
stringOnly used if 'restore_source_cluster_identifier' is non-empty. Date and time in UTC format to restore the database cluster to (e.g, 2009-09-07T23:45:00Z). When null, the latest restorable time will be used.
null
restore_type
stringOnly used if 'restore_source_cluster_identifier' is non-empty. Type of restore to be performed. Valid options are 'full-copy' and 'copy-on-write'.
null
Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it.
true
The maximum capacity. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256.
256
The maximum capacity for an Aurora DB cluster in provisioned DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
128
The minimum capacity. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256.
2
The minimum capacity for an Aurora DB cluster in provisioned DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are in a range of 0.5 up to 128 in steps of 0.5.
0.5
The time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are 300 through 86400.
300
The action to take when the timeout is reached. Valid values: ForceApplyCapacityChange, RollbackCapacityChange. Defaults to RollbackCapacityChange.
"RollbackCapacityChange"
Determines whether a final DB snapshot is created before the DB instance is deleted. Be very careful setting this to true; if you do, and you delete this DB instance, you will not have any backups of the data!
false
snapshot_identifier
stringIf non-empty, the Aurora cluster will be restored from the given Snapshot ID. This is the Snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.
null
source_region
stringSource region for global secondary cluster (if creating a global cluster) or the master cluster (if creating a read replica cluster).
null
Specifies whether the DB cluster uses encryption for data at rest in the underlying storage for the DB, its automated backups, Read Replicas, and snapshots. Uses the default aws/rds key in KMS.
true
storage_type
stringSpecifies the storage type to be associated with the DB cluster. For Aurora DB clusters, storage_type modifications can be done in-place. For Multi-AZ DB Clusters, the iops argument must also be set. Valid values are: aurora-iopt1 (Aurora DB Clusters); io1 (Multi-AZ DB Clusters).
null
updating_timeout
stringTimeout for DB updating
"120m"