Skip to main content
Version: Next



Terraform module which creates RDS Aurora resources on AWS



allow_major_version_upgradeEnable to allow major engine version upgrades when changing engine versions. Defaults to falseboolfalse
allowed_cidr_blocksA list of CIDR blocks which are allowed to access the databaselist(string)false
allowed_security_groupsA list of Security Group ID's to allow access tolist(string)false
apply_immediatelySpecifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is falseboolfalse
auto_minor_version_upgradeIndicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default trueboolfalse
autoscaling_enabledDetermines whether autoscaling of the cluster read replicas is enabledboolfalse
autoscaling_max_capacityMaximum number of read replicas permitted when autoscaling is enablednumberfalse
autoscaling_min_capacityMinimum number of read replicas permitted when autoscaling is enablednumberfalse
autoscaling_scale_in_cooldownCooldown in seconds before allowing further scaling operations after a scale innumberfalse
autoscaling_scale_out_cooldownCooldown in seconds before allowing further scaling operations after a scale outnumberfalse
autoscaling_target_connectionsAverage number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connectionsnumberfalse
autoscaling_target_cpuCPU threshold which will initiate autoscalingnumberfalse
backtrack_windowThe target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours)numberfalse
backup_retention_periodThe days to retain backups for. Default 7numberfalse
ca_cert_identifierThe identifier of the CA certificate for the DB instancestringfalse
cluster_tagsA map of tags to add to only the cluster. Used for AWS Instance Scheduler taggingmap(string)false
cluster_timeoutsCreate, update, and delete timeout configurations for the clustermap(string)false
copy_tags_to_snapshotCopy all Cluster tags to snapshotsboolfalse
create_clusterWhether cluster should be created (affects nearly all resources)boolfalse
create_db_subnet_groupDetermines whether to create the database subnet group or use existingboolfalse
create_monitoring_roleDetermines whether to create the IAM role for RDS enhanced monitoringboolfalse
create_random_passwordDetermines whether to create random password for RDS primary clusterboolfalse
create_security_groupDetermines whether to create security group for RDS clusterboolfalse
database_nameName for an automatically created database on cluster creationstringfalse
db_cluster_db_instance_parameter_group_nameInstance parameter group to associate with all instances of the DB cluster. The db_cluster_db_instance_parameter_group_name is only valid in combination with allow_major_version_upgradestringfalse
db_cluster_parameter_group_nameA cluster parameter group to associate with the clusterstringfalse
db_parameter_group_nameThe name of the DB parameter group to associate with instancesstringfalse
db_subnet_group_nameThe name of the subnet group name (existing or created)stringfalse
deletion_protectionIf the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is falseboolfalse
enable_global_write_forwardingWhether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster's primary clusterboolfalse
enable_http_endpointEnable HTTP endpoint (data API). Only valid when engine_mode is set to serverlessboolfalse
enabled_cloudwatch_logs_exportsSet of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresqllist(string)false
endpointsMap of additional cluster endpoints and their attributes to be createdanyfalse
engineThe name of the database engine to be used for this DB cluster. Defaults to aurora. Valid Values: aurora, aurora-mysql, aurora-postgresqlstringfalse
engine_modeThe database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless. Defaults to: provisionedstringfalse
engine_versionThe database engine version. Updating this argument results in an outagestringfalse
final_snapshot_identifier_prefixThe prefix name to use when creating a final snapshot on cluster destroy; a 8 random digits are appended to name to ensure it's uniquestringfalse
global_cluster_identifierThe global cluster identifier specified on aws_rds_global_clusterstringfalse
iam_database_authentication_enabledSpecifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabledboolfalse
iam_role_descriptionDescription of the monitoring rolestringfalse
iam_role_force_detach_policiesWhether to force detaching any policies the monitoring role has before destroying itboolfalse
iam_role_managed_policy_arnsSet of exclusive IAM managed policy ARNs to attach to the monitoring rolelist(string)false
iam_role_max_session_durationMaximum session duration (in seconds) that you want to set for the monitoring rolenumberfalse
iam_role_nameFriendly name of the monitoring rolestringfalse
iam_role_pathPath for the monitoring rolestringfalse
iam_role_permissions_boundaryThe ARN of the policy that is used to set the permissions boundary for the monitoring rolestringfalse
iam_role_use_name_prefixDetermines whether to use iam_role_name as is or create a unique name beginning with the iam_role_name as the prefixboolfalse
iam_rolesMap of IAM roles and supported feature names to associate with the clustermap(map(string))false
instance_classInstance type to use at master instance. Note: if autoscaling_enabled is true, this will be the same instance class used on instances created by autoscalingstringfalse
instance_timeoutsCreate, update, and delete timeout configurations for the cluster instance(s)map(string)false
instancesMap of cluster instances and any specific/overriding attributes to be createdanyfalse
instances_use_identifier_prefixDetermines whether cluster instance identifiers are used as prefixesboolfalse
is_primary_clusterDetermines whether cluster is primary cluster with writer instance (set to false for global cluster and replica clusters)boolfalse
kms_key_idThe ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to truestringfalse
master_passwordPassword for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to falsestringfalse
master_usernameUsername for the master DB userstringfalse
monitoring_intervalThe interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disble. Default is 0numberfalse
monitoring_role_arnIAM role used by RDS to send enhanced monitoring metrics to CloudWatchstringfalse
nameName used across resources createdstringfalse
performance_insights_enabledSpecifies whether Performance Insights is enabled or notboolfalse
performance_insights_kms_key_idThe ARN for the KMS key to encrypt Performance Insights datastringfalse
performance_insights_retention_periodAmount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years)numberfalse
portThe port on which the DB accepts connectionsstringfalse
predefined_metric_typeThe metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnectionsstringfalse
preferred_backup_windowThe daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTCstringfalse
preferred_maintenance_windowThe weekly time range during which system maintenance can occur, in (UTC)stringfalse
publicly_accessibleDetermines whether instances are publicly accessible. Default falseboolfalse
putin_khuyloDo you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info:!boolfalse
random_password_lengthLength of random password to create. Defaults to 10numberfalse
replication_source_identifierARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replicastringfalse
restore_to_point_in_timeMap of nested attributes for cloning Aurora clustermap(string)false
s3_importConfiguration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported)map(string)false
scaling_configurationMap of nested attributes with scaling properties. Only valid when engine_mode is set to serverlessmap(string)false
security_group_descriptionThe description of the security group. If value is set to empty string it will contain cluster name in the descriptionstringfalse
security_group_egress_rulesA map of security group egress rule defintions to add to the security group createdmap(any)false
security_group_tagsAdditional tags for the security groupmap(string)false
skip_final_snapshotDetermines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is createdboolfalse
snapshot_identifierSpecifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshotstringfalse
source_regionThe source region for an encrypted replica DB clusterstringfalse
storage_encryptedSpecifies whether the DB cluster is encrypted. The default is trueboolfalse
subnetsList of subnet IDs used by database subnet group createdlist(string)false
tagsA map of tags to add to all resourcesmap(string)false
vpc_idID of the VPC where to create security groupstringfalse
vpc_security_group_idsList of VPC security groups to associate to the cluster in addition to the SG we create in this modulelist(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse


nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse