Module: rds-cluster-instance-group
Terraform module to provision an RDS Aurora instance group for MySQL or Postgres along with a dedicated endpoint.
Use this module together with our terraform-aws-rds-cluster to provision pools of RDS instances. This is useful for creating reporting clusters that don't impact the production databases.
Supports Amazon Aurora Serverless.
Usage
module "rds_cluster_replicas" {
source = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
name = "postgres"
namespace = "eg"
stage = "dev"
attributes = ["replicas"]
cluster_identifier = "eg-dev-db"
cluster_size = "2"
db_port = "5432"
instance_type = "db.r4.large"
vpc_id = "vpc-xxxxxxxx"
security_groups = ["sg-xxxxxxxx"]
subnets = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
zone_id = "Zxxxxxxxx"
}
module "rds_cluster_reporting" {
source = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
cluster_size = "2"
namespace = "eg"
stage = "dev"
name = "db"
attributes = ["reporting"]
cluster_identifier = "eg-dev-db"
instance_type = "db.t2.small"
vpc_id = "vpc-xxxxxxx"
security_groups = ["sg-xxxxxxxx"]
subnets = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
zone_id = "Zxxxxxxxx"
cluster_parameters = [
{
name = "character_set_client"
value = "utf8"
},
{
name = "character_set_connection"
value = "utf8"
},
{
name = "character_set_database"
value = "utf8"
},
{
name = "character_set_results"
value = "utf8"
},
{
name = "character_set_server"
value = "utf8"
},
{
name = "collation_connection"
value = "uft8_bin"
},
{
name = "collation_server"
value = "uft8_bin"
},
{
name = "lower_case_table_names"
value = "1"
apply_method = "pending-reboot"
},
{
name = "skip-character-set-client-handshake"
value = "1"
apply_method = "pending-reboot"
},
]
}
# create IAM role for monitoring
resource "aws_iam_role" "enhanced_monitoring" {
name = "rds-cluster-example-1"
assume_role_policy = "${data.aws_iam_policy_document.enhanced_monitoring.json}"
}
# Attach Amazon's managed policy for RDS enhanced monitoring
resource "aws_iam_role_policy_attachment" "enhanced_monitoring" {
role = "${aws_iam_role.enhanced_monitoring.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
}
# allow rds to assume this role
data "aws_iam_policy_document" "enhanced_monitoring" {
statement {
actions = [
"sts:AssumeRole",
]
effect = "Allow"
principals {
type = "Service"
identifiers = ["monitoring.rds.amazonaws.com"]
}
}
}
module "rds_cluster_reporting" {
source = "git::https://github.com/cloudposse/terraform-aws-rds-cluster-instance-group.git?ref=master"
cluster_size = "2"
namespace = "eg"
stage = "dev"
name = "db"
attributes = ["reporting"]
cluster_identifier = "eg-dev-db"
db_port = "5432"
instance_type = "db.r4.large"
vpc_id = "vpc-xxxxxxx"
security_groups = ["sg-xxxxxxxx"]
subnets = ["subnet-xxxxxxxx", "subnet-xxxxxxxx"]
zone_id = "Zxxxxxxxx"
# enable monitoring every 30 seconds
rds_monitoring_interval = "30"
# reference iam role created above
rds_monitoring_role_arn = "${aws_iam_role.enhanced_monitoring.arn}"
}
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| aws | n/a |
Modules
| Name | Source | Version |
|---|---|---|
| dns | git::https://github.com/cloudposse/terraform-aws-route53-cluster-hostname.git | tags/0.2.5 |
| label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.5 |
Resources
| Name | Type |
|---|---|
| aws_db_parameter_group.default | resource |
| aws_rds_cluster_endpoint.default | resource |
| aws_rds_cluster_instance.default | resource |
| aws_security_group.default | resource |
| aws_security_group_rule.allow_egress | resource |
| aws_security_group_rule.allow_ingress | resource |
| aws_security_group_rule.allow_ingress_cidr | resource |
| aws_rds_cluster.default | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_cidr_blocks | List of CIDR blocks allowed to access | list | [] | no |
| apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | string | "true" | no |
| attributes | Additional attributes (e.g. 1) | list | | no |
| cluster_family | The family of the DB cluster parameter group | string | "aurora5.6" | no |
| cluster_identifier | The cluster identifier | string | n/a | yes |
| cluster_size | Number of DB instances to create in the cluster | string | "2" | no |
| custom_endpoint_type | The type of the endpoint. One of: READER, ANY | string | "READER" | no |
| db_port | Database port | string | "3306" | no |
| db_subnet_group_name | A DB subnet group to associate with this DB instance. NOTE: This must match the db_subnet_group_name of the attached aws_rds_cluster. | string | "" | no |
| delimiter | Delimiter to be used between name, namespace, stage and attributes | string | "-" | no |
| enabled | Set to false to prevent the module from creating any resources | string | "true" | no |
| engine | The name of the database engine to be used for this DB cluster. Valid values: aurora, aurora-mysql, aurora-postgresql | string | "aurora" | no |
| instance_parameters | List of DB instance parameters to apply | list | [] | no |
| instance_type | Instance type to use | string | "db.t2.small" | no |
| name | Name of the application | string | n/a | yes |
| namespace | Namespace (e.g. eg or cp) | string | n/a | yes |
| promotion_tier | Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer (values can range from 0-15). | string | "15" | no |
| publicly_accessible | Set to true if you want your cluster to be publicly accessible (such as via QuickSight) | string | "false" | no |
| rds_monitoring_interval | Interval in seconds that metrics are collected, 0 to disable (values can only be 0, 1, 5, 10, 15, 30, 60) | string | "0" | no |
| rds_monitoring_role_arn | The ARN for the IAM role that can send monitoring metrics to CloudWatch Logs | string | "" | no |
| security_group_ids | The IDs of the security groups from which to allow ingress traffic to the DB instances | list | [] | no |
| security_groups | List of security groups to be allowed to connect to the DB instances | list | [] | no |
| stage | Stage (e.g. prod, dev, staging) | string | n/a | yes |
| storage_encrypted | Specifies whether the DB cluster is encrypted. The default is false for provisioned engine_mode and true for serverless engine_mode | string | "true" | no |
| subnets | List of VPC subnet IDs | list | n/a | yes |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ) | map | {} | no |
| vpc_id | VPC ID to create the cluster in (e.g. vpc-a22222ee) | string | n/a | yes |
| zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS record for the cluster endpoint | string | "" | no |
Outputs
| Name | Description |
|---|---|
| endpoint | The endpoint for the Aurora cluster, automatically load-balanced across replicas |
| hostname | The DNS address for the endpoint of the Aurora cluster |