terraform-aws-rds-postgres

Create and manage an RDS PostgreSQL instance. Includes the ability to manage the master password in Secrets Manager or SSM and manage the security group that controls RDS access.

Requirements

Name	Version
terraform	>= 0.12.19
aws	>= 2.69
random	>= 2.2.0

Providers

Name	Version
aws	>= 2.69
random	>= 2.2.0

Inputs

Name	Description	Type	Default	Required
instance_class	What instance type to use	string	n/a	yes
subnet_group_name	name of DB subnet group to place DB in	string	n/a	yes
vpc_id	ID of VPC resources will be created in	string	n/a	yes
allowed_cidr_blocks	CIDR blocks allowed to reach the database	list(string)	[]	no
allowed_ipv6_cidr_blocks	IPv6 CIDR blocks allowed to reach the database	list(string)	[]	no
allowed_security_groups	IDs of security groups allowed to reach the database (not Names)	list(string)	[]	no
backup_retention_period	How long to keep RDS backups (in days)	string	5	no
cloudwatch_log_exports	Log types to export to CloudWatch	list(string)	[ "postgresql", "upgrade" ]	no
create_secretmanager_secret	True to create a secretmanager secret containing DB password (not used if password is set)	bool	true	no
create_ssm_secret	True to create a SSM Parameter SecretString containing DB password (not used if password is set)	bool	false	no
database_name	Name of the initial database to create. (null for none)	string	null	no
enable_deletion_protection	If true, deletion protection will be turned on for the RDS instance(s)	bool	true	no
engine_version	Version of database engine to use	string	"11.5"	no
final_snapshot_identifier	name of final snapshot (will be computed automatically if not specified)	string	null	no
iam_database_authentication_enabled	True to enable IAM DB authentication	bool	false	no
identifier	DB identifier (not recommended, only used if identifier_prefix is not null)	string	null	no
identifier_prefix	DB identifier prefix (will be generated by AWS automatically if not specified)	string	null	no
monitoring_interval	Monitoring interval in seconds (0 to disable enhanced monitoring)	number	0	no
monitoring_role_arn	Enhanced Monitoring ARN (if monitoring_interval > 0 and this is omitted, a role will be created automatically)	string	null	no
multi_az	whether to make database multi-az	bool	true	no
name	common name for resources in this module	string	"mysql-postgres"	no
parameter_group_family	Parameter Group Family. Need to make explicit for Postgres 9.x	string	""	no
parameters	Database parameters (will create parameter group if not null)	list(object({ name = string value = string }))	[ { "name": "client_encoding", "value": "UTF8" } ]	no
pass_version	Increment to force master user password change (not used if password is set)	number	1	no
password	Master password (if not set, one will be generated dynamically)	string	null	no
password_length	Master password length (not used if password is set)	number	30	no
performance_insights_enabled	If true, performance insights will be enabled	bool	false	no
port	Port the database should listen on	number	5432	no
skip_final_snapshot	If true no final snapshot will be taken on termination	bool	false	no
ssm_path	Custom path for SSM parameter, only takes effect if create_ssm_secret is true.	string	""	no
storage	How much storage is available to the database	string	20	no
storage_encrypted	Encrypt DB storage	bool	true	no
storage_type	What storage backend to use (gp2 or standard. io1 not supported)	string	"gp2"	no
tags	Tags to apply to supported resources	map(string)	{}	no
username	Username of master user	string	"postgres"	no

Outputs

Name	Description
address	RDS database address
instance_connection_info	Object containing connection info
instance_id	Instance ID of RDS DB
password_secretsmanager_arn	The ARN of the SecretManager Secret.
password_secretsmanager_version	The unique identifier of the version of the secret.
password_ssm_parameter_arn	The ARN of the SecretManager Secret.
password_ssm_parameter_name	The name of the parameter.
password_ssm_parameter_version	The unique identifier of the version of the secret.
username	The master username for the database.