Skip to main content
Sponsor @cloudposse

Module: rds-cluster-instance-group

Terraform module to provision an RDS Aurora instance group for MySQL or Postgres along with a dedicated endpoint.

Use this module together with our terraform-aws-rds-cluster to provision pools of RDS instances. This is useful for creating reporting clusters that don't impact the production databases.

Supports Amazon Aurora Serverless.

Usage

Basic example

module "rds_cluster_replicas" {
  source             = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
  name               = "postgres"
  namespace          = "eg"
  stage              = "dev"
  attributes         = ["replicas"]
  cluster_identifier = "eg-dev-db"
  cluster_size       = "2"
  db_port            = "5432"
  instance_type      = "db.r4.large"
  vpc_id             = "vpc-xxxxxxxx"
  security_groups    = ["sg-xxxxxxxx"]
  subnets            = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
  zone_id            = "Zxxxxxxxx"
}

With cluster parameters

module "rds_cluster_reporting" {
  source             = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
  cluster_size       = "2"
  namespace          = "eg"
  stage              = "dev"
  name               = "db"
  attributes         = ["reporting"]
  cluster_identifier = "eg-dev-db"
  instance_type      = "db.t2.small"
  vpc_id             = "vpc-xxxxxxx"
  security_groups    = ["sg-xxxxxxxx"]
  subnets            = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
  zone_id            = "Zxxxxxxxx"

  cluster_parameters = [
    {
      name  = "character_set_client"
      value = "utf8"
    },
    {
      name  = "character_set_connection"
      value = "utf8"
    },
    {
      name  = "character_set_database"
      value = "utf8"
    },
    {
      name  = "character_set_results"
      value = "utf8"
    },
    {
      name  = "character_set_server"
      value = "utf8"
    },
    {
      name  = "collation_connection"
      value = "uft8_bin"
    },
    {
      name  = "collation_server"
      value = "uft8_bin"
    },
    {
      name         = "lower_case_table_names"
      value        = "1"
      apply_method = "pending-reboot"
    },
    {
      name         = "skip-character-set-client-handshake"
      value        = "1"
      apply_method = "pending-reboot"
    },
  ]
}

With enhanced monitoring

# create IAM role for monitoring
resource "aws_iam_role" "enhanced_monitoring" {
  name               = "rds-cluster-example-1"
  assume_role_policy = "${data.aws_iam_policy_document.enhanced_monitoring.json}"
}

# Attach Amazon's managed policy for RDS enhanced monitoring
resource "aws_iam_role_policy_attachment" "enhanced_monitoring" {
  role       = "${aws_iam_role.enhanced_monitoring.name}"
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
}

# allow rds to assume this role
data "aws_iam_policy_document" "enhanced_monitoring" {
  statement {
      actions = [
      "sts:AssumeRole",
    ]

    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["monitoring.rds.amazonaws.com"]
    }
  }
}

module "rds_cluster_reporting" {
  source             = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
  cluster_size       = "2"
  namespace          = "eg"
  stage              = "dev"
  name               = "db"
  attributes         = ["reporting"]
  cluster_identifier = "eg-dev-db"
  db_port            = "5432"
  instance_type      = "db.r4.large"
  vpc_id             = "vpc-xxxxxxx"
  security_groups    = ["sg-xxxxxxxx"]
  subnets            = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
  zone_id            = "Zxxxxxxxx"

  # enable monitoring every 30 seconds
  rds_monitoring_interval = "30"

  # reference iam role created above
  rds_monitoring_role_arn = "${aws_iam_role.enhanced_monitoring.arn}"
}

Variables

Required Variables

cluster_identifier (string) required

The cluster identifier

subnets (list) required

List of VPC subnet IDs

vpc_id (string) required

VPC ID to create the cluster in (e.g. vpc-a22222ee)

Optional Variables

allowed_cidr_blocks (list) optional

List of CIDR blocks allowed to access


Default value: [ ]

apply_immediately (string) optional

Specifies whether any cluster modifications are applied immediately, or during the next maintenance window


Default value: "true"

cluster_family (string) optional

The family of the DB cluster parameter group


Default value: "aurora5.6"

cluster_size (string) optional

Number of DB instances to create in the cluster


Default value: "2"

custom_endpoint_type (string) optional

The type of the endpoint. One of: READER, ANY


Default value: "READER"

db_port (string) optional

Database port


Default value: "3306"

db_subnet_group_name (string) optional

A DB subnet group to associate with this DB instance. NOTE: This must match the db_subnet_group_name of the attached aws_rds_cluster.


Default value: ""

engine (string) optional

The name of the database engine to be used for this DB cluster. Valid values: aurora, aurora-mysql, aurora-postgresql


Default value: "aurora"

instance_parameters (list) optional

List of DB instance parameters to apply


Default value: [ ]

instance_type (string) optional

Instance type to use


Default value: "db.t2.small"

promotion_tier (string) optional

Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer (values can range from 0-15).


Default value: "15"

publicly_accessible (string) optional

Set to true if you want your cluster to be publicly accessible (such as via QuickSight)


Default value: "false"

rds_monitoring_interval (string) optional

Interval in seconds that metrics are collected, 0 to disable (values can only be 0, 1, 5, 10, 15, 30, 60)


Default value: "0"

rds_monitoring_role_arn (string) optional

The ARN for the IAM role that can send monitoring metrics to CloudWatch Logs


Default value: ""

security_group_ids (list) optional

The IDs of the security groups from which to allow ingress traffic to the DB instances


Default value: [ ]

security_groups (list) optional

List of security groups to be allowed to connect to the DB instances


Default value: [ ]

storage_encrypted (string) optional

Specifies whether the DB cluster is encrypted. The default is false for provisioned engine_mode and true for serverless engine_mode


Default value: "true"

zone_id (string) optional

Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS record for the cluster endpoint


Default value: ""

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

name (string) required

Name of the application
Required: Yes

Default value: ``

namespace (string) required

Namespace (e.g. eg or cp)
Required: Yes

Default value: ``

stage (string) required

Stage (e.g. prod, dev, staging)
Required: Yes

Default value: ``

attributes (list) optional

Additional attributes (e.g. 1)
Required: No

Default value:

[
  "replicas"
]
delimiter (string) optional

Delimiter to be used between name, namespace, stage and attributes
Required: No

Default value: "-"

enabled (string) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: "true"

tags (map) optional

Additional tags (e.g. map(BusinessUnit,XYZ)
Required: No

Default value: { }

Outputs

endpoint

The endpoint for the Aurora cluster, automatically load-balanced across replicas

hostname

The DNS address for the endpoint of the Aurora cluster

Dependencies

Providers

  • aws

Modules

NameVersionSourceDescription
dnstags/0.2.5git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.gitn/a
labeltags/0.3.5git::https://github.com/cloudposse/terraform-null-label.gitn/a

Resources

The following resources are used by this module:

Data Sources

The following data sources are used by this module: