© Copyright 2025, Intel Corporation
This code creates an Amazon Aurora instance and RDS cluster for MySQL. The instance is created on an Intel Icelake instance R6i.large by default. The instance is pre-configured with parameters within the database parameter group that is optimized for Intel architecture. The goal of this module is to get you started with a database configured to run best on Intel architecture. As you configure your application's environment, choose the configurations for your infrastructure that matches your application's requirements. The MySQL Optimizations were based off Intel Xeon Tuning Guide
Choosing Amazon EC2 Memory-Optimized R6i Instances over R5n Instances Improves Decision Support Performance by up to 1.36x
AWS MySQL Performance Data - Following Data is Specific to MySQL and the Results May Vary for Aurora Module
Process up to 1.33x more MySQL database transactions with the 3rd Generation Intel® Xeon® Scalable Processor (Ice Lake) vs. previous generation
Handle up to 1.32x more MySQL transactions per minute with AWS M6i 3rd Generation Intel® Xeon® Scalable Processor (Ice Lake) vs. previous generation
Get better price per performance($$/per) value by selecting Intel® Xeon® Scalable Processor vs. ARM
See examples folder for complete examples.
By default, you will only have to pass three variables
db_password
subnet_id
vpc_idvariables.tf
variable "db_password" {
description = "Password for the master database user."
type = string
sensitive = true
}main.tf
module "optimized-aurora-server" {
source = "intel/aws-aurora-mysql/intel"
db_password = var.db_password
subnet_id = "<ENTER YOUR SUBNET ID>"
vpc_id = "<YOUR-VPC-ID-HERE>"
}Run terraform
export TF_VAR_db_password ='<USE_A_STRONG_PASSWORD>'
terraform init
terraform plan
terraform apply- Check the variables.tf file for incoming ports allowed to connect to the database instance. The variable name is ingress_cidr_blocks. Currently it is defaulted to be open to the world like 0.0.0.0/0. Before runing the code, configure it based on specific security policies and requirements within the environment it is being implemented
- Check if you getting errors while running this Terraform code due to AWS defined soft limits or hard limits within your AWS account. Please work with your AWS support team to resolve limit constraints
- Using HashiCorp Modules alongside green-blue deployment allows for a secure and efficient deployment process. The modules can be easily integrated into both the active and inactive environments, ensuring consistency across both environments.
- Instance - If you apply the instances will shut down immediately and restart, creating service interruption.
- Platform - If you apply, it will wait for the next maintenance window to change the instance & configuration. You can force apply with additional TF code.
| Name | Version |
|---|---|
| aws | 5.31.0 |
| Name | Version |
|---|---|
| aws | 5.31.0 |
| random | n/a |
No modules.
| Name | Type |
|---|---|
| aws_rds_cluster.default | resource |
| aws_rds_cluster_instance.cluster_instances | resource |
| aws_rds_cluster_parameter_group.rds | resource |
| random_id.rid | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_major_version_upgrades | Flag that specifices if major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible. | bool |
false |
no |
| auto_minor_version_upgrades | Flag that specifies if minor engine upgrades will be applied automatically to the DB instance during the maintenance window. | bool |
true |
no |
| availability_zones | Name of the Availability Zone the DB instance is located in. | list(string) |
null |
no |
| aws_security_group_name | security group name for the rds | string |
"mysql_rds" |
no |
| backup_retention_period | Specifies the number of days for which automatic DB snapshots are retained. | number |
5 |
no |
| cluster_identifier | If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of. | string |
"aurora-cluster-demo" |
no |
| cluster_instance_identifier | The identifier of the cluster instances. | string |
"aurora-cluster-instance-demo" |
no |
| create_security_group | Flag that allows for the creation of a security group that allows access to the instance. Please use this for non-production use cases only. | bool |
false |
no |
| create_subnet_group | Flag that allows for the creation of a subnet group that allows public access. | bool |
true |
no |
| database_name | Contains the name of the initial database of this instance that was provided at create time | string |
"mydb" |
no |
| db_allocated_storage | Allocated storage for AWS database instance. | number |
200 |
no |
| db_apply_immediately | Flag that specifies whether any database modifications are applied immediately, or during the next maintenance window. | bool |
false |
no |
| db_automated_backup_arn | The ARN of the automated backup from which to restore. Required if source_db_instance_identifier or source_dbi_resource_id is not specified. | string |
null |
no |
| db_backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: 09:46-10:16. Must not overlap with maintenance_window. |
string |
null |
no |
| db_ca_cert_identifier | The identifier of the CA certificate for the DB instance. | string |
null |
no |
| db_cloudwatch_logs_export | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. | list(string) |
[] |
no |
| db_custom_iam_profile | The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. | string |
null |
no |
| db_deletion_protection | Flag that specifies whether the DB instance is protected from deletion. | bool |
false |
no |
| db_domain | The ID of the Directory Service Active Directory domain to create the instance in. | string |
null |
no |
| db_domain_iam_role | (Required if db_domain is provided) The name of the IAM role to be used when making API calls to the Directory Service. | string |
null |
no |
| db_encryption | Flag that specifies whether the DB instance is encrypted. | bool |
true |
no |
| db_iam_authentication | Flag that specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. | bool |
false |
no |
| db_iops | The amount of provisioned IOPS. Setting this implies a storage_type of io1. | number |
10000 |
no |
| db_maintenance_window | The window to perform maintenance in. Syntax: ddd:hh24:mi-ddd:hh24:mi | string |
null |
no |
| db_max_allocated_storage | When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to allocated_storage. Must be greater than or equal to allocated_storage or 0 to disable Storage Autoscaling. | number |
10000 |
no |
| db_monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | string |
0 |
no |
| db_monitoring_role_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | string |
null |
no |
| db_option_group | Option group name to associate with the database instance. | string |
null |
no |
| db_parameter_group_family | Family identifier for the RDS database parameter group. | string |
"aurora-mysql5.7" |
no |
| db_parameter_group_name | Name for the RDS database parameter group. | string |
"aurora-mysql" |
no |
| db_parameters | Intel Cloud optimizations for Xeon processors | object({ |
{ |
no |
| db_password | Password for the master database user. | string |
n/a | yes |
| db_performance_insights | Flag that specifies whether Performance Insights are enabled. | bool |
false |
no |
| db_performance_retention_period | Amount of time in days to retain Performance Insights data.Valid values are 7, 731 (2 years) or a multiple of 31. | string |
null |
no |
| db_port | The port on which the DB accepts connections. | number |
null |
no |
| db_publicly_accessible | Flag to indicate whether the database will be publicly accessible. | bool |
false |
no |
| db_replicate_source_db | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms_key_id. | string |
null |
no |
| db_restore_time | The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. | string |
null |
no |
| db_snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console. | string |
null |
no |
| db_source_db_instance_id | The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if source_db_instance_automated_backups_arn or source_dbi_resource_id is not specified. | string |
null |
no |
| db_source_dbi_resource_id | The resource ID of the source DB instance from which to restore. Required if source_db_instance_identifier or source_db_instance_automated_backups_arn is not specified. | string |
null |
no |
| db_storage_type | The storage type that will be set on the instance. If db_iops is set then this will be set to io1 | string |
"io1" |
no |
| db_subnet_group_name | Database subnet group name. | string |
null |
no |
| db_subnet_group_tag | Tag for the database subnet group. | map(string) |
{ |
no |
| db_timeouts | Map of timeouts that can be adjusted when executing the module. This allows you to customize how long certain operations are allowed to take before being considered to have failed. | object({ |
{ |
no |
| db_use_latest_restore_time | Flag that indicates whether the DB instance is restored from the latest backup time. | bool |
null |
no |
| egress_cidr_blocks | Egress CIDR block for the RDS security group. | list(string) |
[ |
no |
| egress_from_port | Starting egress port for the RDS security group. | number |
3306 |
no |
| egress_protocol | Egress protocol for the port defined in the RDS security group. | string |
"tcp" |
no |
| egress_to_port | Ending egress port for the RDS security group. | number |
3306 |
no |
| engine | Database engine version for AWS database instance. | string |
"aurora-mysql" |
no |
| engine_version | Database engine version for AWS database instance. | string |
"5.7.mysql_aurora.2.11.2" |
no |
| family | The family of the DB cluster parameter group. | string |
"aurora5.6" |
no |
| final_snapshot_prefix | The name which is prefixed to the final snapshot on database termination. | string |
"mysql-snap-" |
no |
| ingress_cidr_blocks | Ingress CIDR block for the RDS security group. | list(string) |
[ |
no |
| ingress_from_port | Starting ingress port for the RDS security group. | number |
3306 |
no |
| ingress_protocol | Ingress protocol for the port defined in the RDS security group. | string |
"tcp" |
no |
| ingress_to_port | Ending ingress port for the RDS security group. | number |
3306 |
no |
| instance_class | The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines | string |
"db.r6i.large" |
no |
| kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. | string |
null |
no |
| master_username | Contains the master username for the DB instance. | string |
"foo" |
no |
| multi_az | Flag that specifies if the RDS instance is multi_az. | bool |
true |
no |
| name | The name of the DB cluster parameter group. | string |
"rds-cluster-pg" |
no |
| preferred_backup_window | Specifies the daily time range during which automated backups are created. | string |
"07:00-09:00" |
no |
| rds_security_group_tag | Map of tags for the RDS security group. | map(string) |
{ |
no |
| security_group_ids | List of existing AWS security groups that will be attached to the RDS instance. | list(string) |
null |
no |
| skip_final_snapshot | Flag to indicate whether a final snapshot will be skipped upon database termination. | bool |
true |
no |
| subnet_id | The ID of the subnet where the EC2 instance will be launched. | string |
n/a | yes |
| tags | A mapping of tags to assign to all resources. | map(string) |
{} |
no |
| vpc_id | VPC ID within which the database resource will be created. | string |
n/a | yes |
| Name | Description |
|---|---|
| availability_zones | Name of the Availability Zone the DB instance is located in. |
| backup_retention_period | Specifies the number of days for which automatic DB snapshots are retained. |
| cluster_identifier | Identifier of the aws_rds_cluster in which to launch this instance. |
| cluster_identifier1 | Identifier of the aws_rds_cluster in which to launch this instance. |
| cluster_identifier_default | If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of. |
| count | To make multiple instances and join them all to the same RDS Cluster. |
| database_name | Contains the name of the initial database of this instance that was provided at create time. |
| db_allocated_storage | Storage that was allocated to the instance when it configured. |
| db_arn | ARN of the database instance. |
| db_endpoint | Connection endpoint for the database instance that has been created. |
| db_engine | The database engine used by the RDS cluster. |
| db_instance_id | The identifier of the RDS cluster instance. |
| db_kms_key_id | KMS key that is configured on the database instance if storage encryption is enabled. |
| db_name | Name of the database that was created (if specified) during instance creation. |
| db_port | The port on which the RDS cluster is accessible. |
| dbi_resource_id | Region-unique, immutable identifier for the DB instance. |
| dbi_resource_id1 | Region-unique, immutable identifier for the DB instance. |
| engine | Database engine version for AWS database instance. |
| engine_default | Default engine to use. |
| engine_version | Database engine version for AWS database instance. |
| engine_version_default | Default engine version to use. |
| family | The family of the DB cluster parameter group. |
| identifier | Identifier for the RDS instance, if omitted, Terraform will assign a random, unique identifier. |
| identifier1 | Identifier for the RDS instance, if omitted, Terraform will assign a random, unique identifier. |
| instance_class | The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines. |
| kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. |
| name | The name of the DB cluster parameter group. |
| preferred_backup_window | Specifies the daily time range during which automated backups are created. |
| skip_final_snapshot | Flag to indicate whether a final snapshot will be skipped upon database termination. |