Create and manage an RDS PostgreSQL instance. Includes the ability to manage the master password in Secrets Manager or SSM and manage the security group that controls RDS access.
| Name | Version |
|---|---|
| terraform | >= 0.12.19 |
| aws | >= 5 |
| random | >= 2.2.0 |
| Name | Version |
|---|---|
| aws | 4.56.0 |
| random | 3.4.3 |
| Name | Source | Version |
|---|---|---|
| password | rhythmictech/secretsmanager-random-secret/aws | ~>1.2.0 |
| Name | Type |
|---|---|
| aws_db_instance.this | resource |
| aws_db_instance.this_ignore | resource |
| aws_db_parameter_group.this | resource |
| aws_iam_role.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.allow_groups | resource |
| aws_security_group_rule.allow_ipv4_cidrs | resource |
| aws_security_group_rule.allow_ipv6_cidrs | resource |
| aws_ssm_parameter.password | resource |
| random_password.password | resource |
| aws_iam_policy_document.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_cidr_blocks | CIDR blocks allowed to reach the database | list(string) |
[] |
no |
| allowed_ipv6_cidr_blocks | IPv6 CIDR blocks allowed to reach the database | list(string) |
[] |
no |
| allowed_security_groups | IDs of security groups allowed to reach the database (not Names) | list(string) |
[] |
no |
| backup_retention_period | How long to keep RDS backups (in days) | string |
5 |
no |
| cloudwatch_log_exports | Log types to export to CloudWatch | list(string) |
[ |
no |
| create_secretmanager_secret | True to create a secretmanager secret containing DB password (not used if password is set) |
bool |
true |
no |
| create_ssm_secret | True to create a SSM Parameter SecretString containing DB password (not used if password is set) |
bool |
false |
no |
| database_name | Name of the initial database to create. (null for none) | string |
null |
no |
| enable_deletion_protection | If true, deletion protection will be turned on for the RDS instance(s) |
bool |
true |
no |
| engine_version | Version of database engine to use | string |
"11.5" |
no |
| final_snapshot_identifier | name of final snapshot (will be computed automatically if not specified) | string |
null |
no |
| iam_database_authentication_enabled | True to enable IAM DB authentication | bool |
false |
no |
| identifier | DB identifier (not recommended, only used if identifier_prefix is not null) |
string |
null |
no |
| identifier_prefix | DB identifier prefix (will be generated by AWS automatically if not specified) | string |
null |
no |
| ignore_engine_version_and_password_changes | Ignore changes to the var.engine_version and the db password that might be caused by automatic upgrades |
bool |
true |
no |
| instance_class | What instance type to use | string |
n/a | yes |
| monitoring_interval | Monitoring interval in seconds (0 to disable enhanced monitoring) |
number |
0 |
no |
| monitoring_role_arn | Enhanced Monitoring ARN (if monitoring_interval > 0 and this is omitted, a role will be created automatically) |
string |
null |
no |
| multi_az | whether to make database multi-az | bool |
true |
no |
| name | common name for resources in this module | string |
"mysql-postgres" |
no |
| parameter_group_family | Parameter Group Family. Need to make explicit for Postgres 9.x | string |
"" |
no |
| parameters | Database parameters (will create parameter group if not null) | list(object({ |
[ |
no |
| pass_version | Increment to force master user password change (not used if password is set) |
number |
1 |
no |
| password | Master password (if not set, one will be generated dynamically) | string |
null |
no |
| password_length | Master password length (not used if password is set) |
number |
30 |
no |
| performance_insights_enabled | If true, performance insights will be enabled | bool |
false |
no |
| port | Port the database should listen on | number |
5432 |
no |
| skip_final_snapshot | If true no final snapshot will be taken on termination | bool |
false |
no |
| ssm_path | Custom path for SSM parameter, only takes effect if create_ssm_secret is true. |
string |
"" |
no |
| storage | How much storage is available to the database | string |
20 |
no |
| storage_encrypted | Encrypt DB storage | bool |
true |
no |
| storage_type | What storage backend to use (gp2 or standard. io1 not supported) |
string |
"gp2" |
no |
| subnet_group_name | name of DB subnet group to place DB in | string |
n/a | yes |
| tags | Tags to apply to supported resources | map(string) |
{} |
no |
| username | Username of master user | string |
"postgres" |
no |
| vpc_id | ID of VPC resources will be created in | string |
n/a | yes |
| Name | Description |
|---|---|
| address | RDS database address |
| instance_connection_info | Object containing connection info |
| instance_id | Instance ID of RDS DB |
| password_secretsmanager_arn | The ARN of the SecretManager Secret. |
| password_secretsmanager_version | The unique identifier of the version of the secret. |
| password_ssm_parameter_arn | The ARN of the SecretManager Secret. |
| password_ssm_parameter_name | The name of the parameter. |
| password_ssm_parameter_version | The unique identifier of the version of the secret. |
| username | The master username for the database. |