| allocated_storage |
The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. (This setting is required to create a Multi-AZ DB cluster) |
number |
null |
no |
| allow_major_version_upgrade |
Enable to allow major engine version upgrades when changing engine versions. Defaults to false |
bool |
false |
no |
| allowed_ip |
List of allowed ip. |
list(any) |
[] |
no |
| allowed_ports |
List of allowed ingress ports |
list(any) |
[] |
no |
| apply_immediately |
Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false |
bool |
null |
no |
| auth |
n/a |
any |
{} |
no |
| auto_minor_version_upgrade |
Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default true |
bool |
null |
no |
| autoscaling_enabled |
Determines whether autoscaling of the cluster read replicas is enabled |
bool |
false |
no |
| autoscaling_max_capacity |
Maximum number of read replicas permitted when autoscaling is enabled |
number |
2 |
no |
| autoscaling_min_capacity |
Minimum number of read replicas permitted when autoscaling is enabled |
number |
0 |
no |
| autoscaling_policy_name |
Autoscaling policy name |
string |
"target-metric" |
no |
| autoscaling_scale_in_cooldown |
Cooldown in seconds before allowing further scaling operations after a scale in |
number |
300 |
no |
| autoscaling_scale_out_cooldown |
Cooldown in seconds before allowing further scaling operations after a scale out |
number |
300 |
no |
| autoscaling_target_connections |
Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections |
number |
700 |
no |
| autoscaling_target_cpu |
CPU threshold which will initiate autoscaling |
number |
70 |
no |
| availability_zones |
List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply |
list(string) |
null |
no |
| backtrack_window |
The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) |
number |
null |
no |
| backup_retention_period |
The days to retain backups for. Default 7 |
number |
7 |
no |
| ca_cert_identifier |
The identifier of the CA certificate for the DB instance |
string |
null |
no |
| cidr_blocks |
equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference |
list(string) |
[
"0.0.0.0/0"
] |
no |
| cluster_members |
List of RDS Instances that are a part of this cluster |
list(string) |
null |
no |
| cluster_tags |
A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging |
map(string) |
{} |
no |
| cluster_timeouts |
Create, update, and delete timeout configurations for the cluster |
map(string) |
{} |
no |
| connection_borrow_timeout |
(Optional) The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. |
number |
null |
no |
| copy_tags_to_snapshot |
Copy all Cluster tags to snapshots |
bool |
null |
no |
| create |
Whether cluster should be created (affects nearly all resources) |
bool |
true |
no |
| create_db_cluster_parameter_group |
Determines whether a cluster parameter should be created or use existing |
bool |
false |
no |
| create_db_parameter_group |
Determines whether a DB parameter should be created or use existing |
bool |
false |
no |
| create_db_proxy |
(Optional) Set this to true to create RDS Proxy. |
bool |
false |
no |
| create_monitoring_role |
Determines whether to create the IAM role for RDS enhanced monitoring |
bool |
true |
no |
| database_name |
Name for an automatically created database on cluster creation |
string |
"" |
no |
| db_cluster_db_instance_parameter_group_name |
Instance parameter group to associate with all instances of the DB cluster. The db_cluster_db_instance_parameter_group_name is only valid in combination with allow_major_version_upgrade |
string |
null |
no |
| db_cluster_instance_class |
The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all AWS Regions, or for all database engines |
string |
null |
no |
| db_cluster_parameter_group_description |
The description of the DB cluster parameter group. Defaults to "Managed by Terraform" |
string |
null |
no |
| db_cluster_parameter_group_family |
The family of the DB cluster parameter group |
string |
"" |
no |
| db_cluster_parameter_group_name |
The name of the DB cluster parameter group |
string |
null |
no |
| db_cluster_parameter_group_parameters |
A list of DB cluster parameters to apply. Note that parameters may differ from a family to an other |
list(map(string)) |
[] |
no |
| db_parameter_group_description |
The description of the DB parameter group. Defaults to "Managed by Terraform" |
string |
null |
no |
| db_parameter_group_family |
The family of the DB parameter group |
string |
"" |
no |
| db_parameter_group_name |
The name of the DB parameter group |
string |
null |
no |
| db_parameter_group_parameters |
A list of DB parameters to apply. Note that parameters may differ from a family to an other |
list(map(string)) |
[] |
no |
| debug_logging |
(Optional) Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs. |
bool |
false |
no |
| deletion_protection |
If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false |
bool |
null |
no |
| egress_protocol |
equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference |
number |
-1 |
no |
| egress_rule |
Enable to create egress rule |
bool |
true |
no |
| enable |
Set to false to prevent the module from creating any resources. |
bool |
true |
no |
| enable_default_proxy_iam_role |
(OPTIONAL) Set this to false to pass your own IAM Role for RDS Proxy. |
bool |
true |
no |
| enable_global_write_forwarding |
Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster's primary cluster |
bool |
null |
no |
| enable_http_endpoint |
Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless |
bool |
null |
no |
| enable_security_group |
Enable default Security Group with only Egress traffic allowed. |
bool |
true |
no |
| enabled_cloudwatch_logs_exports |
Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql |
list(string) |
[] |
no |
| enabled_subnet_group |
Set to false to prevent the module from creating any resources. |
bool |
true |
no |
| endpoints |
Map of additional cluster endpoints and their attributes to be created |
any |
{} |
no |
| engine |
The name of the database engine to be used for this DB cluster. Defaults to aurora. Valid Values: aurora, aurora-mysql, aurora-postgresql |
string |
null |
no |
| engine_family |
(Required, Forces new resource) The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, specify SQLSERVER. Valid values are MYSQL, POSTGRESQL, and SQLSERVER. |
string |
"POSTGRESQL" |
no |
| engine_mode |
The database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless. Defaults to: provisioned |
string |
"provisioned" |
no |
| engine_version |
The database engine version. Updating this argument results in an outage |
string |
null |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| final_snapshot_identifier |
The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made |
string |
null |
no |
| from_port |
(Required) Start port (or ICMP type number if protocol is icmp or icmpv6). |
number |
0 |
no |
| global_cluster_identifier |
The global cluster identifier specified on aws_rds_global_cluster |
string |
null |
no |
| iam_database_authentication_enabled |
Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled |
bool |
null |
no |
| iam_role_description |
Description of the monitoring role |
string |
null |
no |
| iam_role_force_detach_policies |
Whether to force detaching any policies the monitoring role has before destroying it |
bool |
null |
no |
| iam_role_managed_policy_arns |
Set of exclusive IAM managed policy ARNs to attach to the monitoring role |
list(string) |
null |
no |
| iam_role_max_session_duration |
Maximum session duration (in seconds) that you want to set for the monitoring role |
number |
null |
no |
| iam_role_path |
Path for the monitoring role |
string |
null |
no |
| iam_role_permissions_boundary |
The ARN of the policy that is used to set the permissions boundary for the monitoring role |
string |
null |
no |
| iam_roles |
Map of IAM roles and supported feature names to associate with the cluster |
map(map(string)) |
{} |
no |
| idle_client_timeout |
(Optional) The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database. |
number |
1800 |
no |
| init_query |
(Optional) One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2. |
string |
"" |
no |
| instance_class |
Instance type to use at master instance. Note: if autoscaling_enabled is true, this will be the same instance class used on instances created by autoscaling |
string |
"" |
no |
| instance_timeouts |
Create, update, and delete timeout configurations for the cluster instance(s) |
map(string) |
{} |
no |
| instances |
Map of cluster instances and any specific/overriding attributes to be created |
any |
{} |
no |
| instances_use_identifier_prefix |
Determines whether cluster instance identifiers are used as prefixes |
bool |
false |
no |
| iops |
The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster |
number |
null |
no |
| ipv6_cidr_blocks |
Enable to create egress rule |
list(string) |
[
"::/0"
] |
no |
| is_primary_cluster |
Determines whether cluster is primary cluster with writer instance (set to false for global cluster and replica clusters) |
bool |
true |
no |
| kms_key_id |
The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true |
string |
null |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| manage_master_user_password |
Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is provided |
bool |
true |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"[email protected]" |
no |
| master_user_secret_kms_key_id |
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key |
string |
null |
no |
| master_username |
Username for the master DB user. Required unless snapshot_identifier or replication_source_identifier is provided or unless a global_cluster_identifier is provided when the cluster is the secondary cluster of a global database |
string |
null |
no |
| max_connections_percent |
(Optional) The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. |
number |
100 |
no |
| max_idle_connections_percent |
(Optional) Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group. |
number |
null |
no |
| monitoring_interval |
The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disable. Default is 0 |
number |
0 |
no |
| monitoring_role_arn |
IAM role used by RDS to send enhanced monitoring metrics to CloudWatch |
string |
"" |
no |
| monitoring_role_name |
Name of the IAM role which will be created when create_monitoring_role is enabled. |
string |
"rds-monitoring-role" |
no |
| mysql_iam_role_tags |
Additional tags for the mysql iam role |
map(any) |
{} |
no |
| name |
Name (e.g. app or cluster). |
string |
n/a |
yes |
| network_type |
The type of network stack to use (IPV4 or DUAL) |
string |
null |
no |
| performance_insights_enabled |
Specifies whether Performance Insights is enabled or not |
bool |
null |
no |
| performance_insights_kms_key_id |
The ARN for the KMS key to encrypt Performance Insights data |
string |
null |
no |
| performance_insights_retention_period |
Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) |
number |
null |
no |
| port |
The port on which the DB accepts connections |
string |
null |
no |
| predefined_metric_type |
The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections |
string |
"RDSReaderAverageCPUUtilization" |
no |
| preferred_backup_window |
The daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTC |
string |
"02:00-03:00" |
no |
| preferred_maintenance_window |
The weekly time range during which system maintenance can occur, in (UTC) |
string |
"sun:05:00-sun:06:00" |
no |
| protocol |
The protocol. If not icmp, tcp, udp, or all use the. |
string |
"tcp" |
no |
| proxy_endpoints |
Map of DB proxy endpoints to create and their attributes (see aws_db_proxy_endpoint) |
any |
{} |
no |
| proxy_iam_role_description |
Description of the monitoring role |
string |
null |
no |
| proxy_iam_role_path |
Path for the monitoring role |
string |
null |
no |
| proxy_role_arn |
(OPTIONAL) ARN of RDS proxy IAM Role. Can only be set when enable_default_proxy_iam_role is set to false. |
string |
"" |
no |
| proxy_sg_ids |
(Optional) One or more VPC security group IDs to associate with the new proxy. |
list(string) |
[] |
no |
| proxy_subnet_ids |
(Required) One or more VPC subnet IDs to associate with the new proxy. |
list(string) |
[] |
no |
| publicly_accessible |
Determines whether instances are publicly accessible. Default false |
bool |
false |
no |
| replication_source_identifier |
ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica |
string |
null |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-aurora" |
no |
| require_tls |
(Optional) A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy. |
bool |
false |
no |
| restore_to_point_in_time |
Map of nested attributes for cloning Aurora cluster |
map(string) |
{} |
no |
| s3_import |
Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) |
map(string) |
{} |
no |
| scaling_configuration |
Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless |
map(string) |
{} |
no |
| serverlessv2_scaling_configuration |
Map of nested attributes with serverless v2 scaling properties. Only valid when engine_mode is set to provisioned |
map(string) |
{} |
no |
| session_pinning_filters |
(Optional) Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is EXCLUDE_VARIABLE_SETS. |
list(string) |
[] |
no |
| sg_description |
The security group description. |
string |
"Instance default security group (only egress access is allowed)." |
no |
| sg_egress_description |
Description of the egress and ingress rule |
string |
"Description of the rule." |
no |
| sg_egress_ipv6_description |
Description of the egress_ipv6 rule |
string |
"Description of the rule." |
no |
| sg_ids |
of the security group id. |
list(any) |
[] |
no |
| sg_ingress_description |
Description of the ingress rule |
string |
"Description of the ingress rule use elasticache." |
no |
| skip_final_snapshot |
Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created |
bool |
false |
no |
| snapshot_identifier |
Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot |
string |
null |
no |
| source_region |
The source region for an encrypted replica DB cluster |
string |
null |
no |
| storage_encrypted |
Specifies whether the DB cluster is encrypted. The default is true |
bool |
true |
no |
| storage_type |
Specifies the storage type to be associated with the DB cluster. (This setting is required to create a Multi-AZ DB cluster). Valid values: io1, Default: io1 |
string |
null |
no |
| subnets |
List of subnet IDs used by database subnet group created |
list(string) |
[] |
no |
| tags |
A map of tags to add to all resources |
map(string) |
{} |
no |
| to_port |
equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference |
number |
65535 |
no |
| vpc_id |
ID of the VPC where to create security group |
string |
"" |
no |
| vpc_security_group_ids |
List of VPC security groups to associate to the cluster in addition to the security group created |
list(string) |
[] |
no |