Terraform module which creates an AWS RDS Postgres.
- An existing VPC
- An existing DB subnet group
- An existing Postgres parameter group
- An existing RDS Enhanced Monitoring role
- Existing DB security groups
- The module will generate a random 16 characters long password.
- The module will output this password.
- Make sure that you change the password after the provisioning is successfully completed.
If replicate_source_db
parameter is defined, it indicates that the instance is meant to be a read replica.
These parameters will be inherited from the master's in the first creation stage:
- allocated_storage
- maintenance_window
- parameter_group_name
- vpc_security_group_ids
To apply different values for the parameters above, you have to re-apply the configuration after the first creation is finished.
Some default values are changed for read replica instance:
-
backup_retention_period = 0
Postgres read replica does not support automated backup. -
skip_final_snapshot = true
When deleting a read replica, a final snapshot cannot be created. -
copy_tags_to_snapshot = false
When deleting a read replica, a final snapshot is not created.
These steps need to be done in sequence:
-
Remove parameter
replicate_source_db
This is to indicate that the instance is meant to be a master instance. -
Add parameter
backup_retention_period = 0
We need to explicitly disable automated backup for now, otherwise Terraform will complain that a read replica does not support automated backup. -
Apply the configuration and wait for db instance to be successfully promoted to master
-
Remove parameter
availability_zone
We are usingmulti_az
parameter for master instance. -
Modify parameter
multi_az
This is to enable multi AZ. Either set it explicitly or leave as default. -
Modify parameter
backup_retention_period
This is to enable automated backup. Either set it explicitly or leave as default. -
Add parameter
backup_window
Either set it explicitly or leave as default. -
Modify other parameters as you would to a master instance
-
Apply the configuration again
This Terraform module have no dependencies to another modules
module "postgres" {
source = "github.com/traveloka/terraform-aws-rds-postgres?ref=v1.3.0"
product_domain = "txt"
service_name = "txtinv"
environment = "production"
description = "Postgres to store Transport Extranet (txt) inventory data"
instance_class = "db.t2.small"
engine_version = "9.6.6"
allocated_storage = 100
multi_az = true
# Change to valid security group id
vpc_security_group_ids = [
"sg-50036436"
]
# Change to valid db subnet group name
db_subnet_group_name = "tvlk-dev-rds-subnet-group"
# Change to valid parameter group name
parameter_group_name = "default.postgres9.6"
maintenance_window = "Mon:00:00-Mon:03:00"
backup_retention_period = 0
skip_final_snapshot = true
# Change to valid monitoring role arn
monitoring_role_arn = "arn:aws:iam::517530806209:role/rds-monitoring-role"
# Change to valid route 53 zone id
route53_zone_id = "Z32OEBZ2VZHSJZ"
}
Name | Version |
---|---|
terraform | >= 0.13 |
Name | Version |
---|---|
aws | n/a |
random | n/a |
No modules.
Name | Type |
---|---|
aws_db_instance.this | resource |
random_id.db_identifier | resource |
random_id.password | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_tags | The additional aws_db_instance tags that will be merged over the default tags | map(string) |
{} |
no |
allocated_storage | The allocated storage in gigabytes. For read replica, set the same value as master's | string |
n/a | yes |
allow_major_version_upgrade | Indicates that major version upgrades are allowed | string |
"false" |
no |
apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | string |
"false" |
no |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window | string |
"false" |
no |
availability_zone | The AZ for the RDS instance. It is recommended to only use this when creating a read replica instance | string |
"" |
no |
backup_retention_period | The days to retain backups for | string |
7 |
no |
backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Before and not overlap with maintenance_window | string |
"" |
no |
bastion_security_group_id | bastion security groups to associate | string |
n/a | yes |
ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string |
"rds-ca-2019" |
no |
copy_tags_to_snapshot | On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified) | string |
"true" |
no |
db_subnet_group_name | Name of DB subnet group | string |
"" |
no |
deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false | string |
false |
no |
description | The description of this RDS instance | string |
n/a | yes |
enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs | list(string) |
[] |
no |
engine_version | The postgres engine version | string |
"" |
no |
environment | The environment this RDS belongs to | string |
n/a | yes |
instance_class | The instance type of the RDS instance | string |
n/a | yes |
iops | The amount of provisioned IOPS. Setting this implies a storage_type of io1 | string |
"0" |
no |
kms_key_id | Specifies a custom KMS key to be used to encrypt | string |
"" |
no |
maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi' | string |
n/a | yes |
max_allocated_storage | The upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Set this value to be greater than or equal to allocated_storage or 0 to disable Storage Autoscaling. | string |
"0" |
no |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | string |
"60" |
no |
monitoring_role_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | string |
n/a | yes |
multi_az | Specifies if the RDS instance is multi-AZ | string |
"true" |
no |
parameter_group_name | Name of the DB parameter group to associate | string |
n/a | yes |
performance_insights_enabled | The values which defines if the performance insights for this db will be enabled or not | string |
"false" |
no |
pitr_restore_time | The date and time to restore from | string |
null |
no |
pitr_source_db_instance_automated_backups_arn | The ARN of the source database instance automated backups to restore from | string |
null |
no |
pitr_source_db_instance_identifier | The source database instance identifier to restore from | string |
null |
no |
pitr_source_dbi_resource_id | The resource ID of the source database instance automated backups to restore from | string |
null |
no |
pitr_use_latest_restorable_time | Specifies whether or not to restore the DB instance to the latest restorable backup time | string |
null |
no |
port | The port on which the DB accepts connections | string |
"5432" |
no |
product_domain | The name of the product domain this RDS belongs to | string |
n/a | yes |
replicate_source_db | The source db of read replica instance | string |
null |
no |
service_name | The name of the service this RDS belongs to, this will be part of the database identifier | string |
n/a | yes |
skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted | string |
"false" |
no |
snapshot_identifier | The snapshot ID used to restore the DB instance | string |
null |
no |
storage_encrypted | Specifies whether the DB instance is encrypted | string |
"true" |
no |
storage_type | One of standard (magnetic), gp2 (general purpose SSD), or io1 (provisioned IOPS SSD) | string |
"gp2" |
no |
username | Username for the master DB user | string |
"postgres" |
no |
vpc_security_group_ids | List of VPC security groups to associate | list(string) |
n/a | yes |
Name | Description |
---|---|
address | The address of the RDS instance |
arn | The ARN of the RDS instance |
availability_zone | The availability zone of the instance |
endpoint | The connection endpoint |
hosted_zone_id | The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record) |
id | The RDS instance ID |
password | The password for the DB |
resource_id | The RDS Resource ID of this instance |
This module accepting or open for any contributions from anyone, please see the CONTRIBUTING.md for more detail about how to contribute to this module.
This module is under Apache License 2.0 - see the LICENSE file for details.