Skip to main content
The module exposes variables for all major Aurora observability features: Enhanced Monitoring, Performance Insights, CloudWatch Logs, Activity Streams, and Database Insights.
Enhanced Monitoring collects OS-level metrics from each DB instance at intervals you control. The module creates the required IAM role automatically when monitoring is enabled.Cluster-level interval
cluster_monitoring_interval
number
default:"0"
Interval in seconds between Enhanced Monitoring metric collection for the cluster. Set to 0 to disable. Valid values: 0, 1, 5, 10, 15, 30, 60.
Per-instance overrideIndividual instances can override the cluster interval via the monitoring_interval key in the instances map:
instances = {
  1 = {
    instance_class     = "db.r8g.large"
    monitoring_interval = 5  # override cluster default
  }
  2 = {
    instance_class = "db.r8g.large"
    # inherits cluster_monitoring_interval
  }
}
IAM role creation
create_monitoring_role
bool
default:"true"
Determines whether to create the IAM role for RDS Enhanced Monitoring. The role is only created when cluster_monitoring_interval > 0 or any instance in the instances map has a non-zero monitoring_interval.
monitoring_role_arn
string
ARN of an existing IAM role to use for Enhanced Monitoring. Use this when create_monitoring_role is false.
iam_role_name
string
Friendly name for the monitoring role. Defaults to "<name>-monitor".
iam_role_description
string
Description of the monitoring IAM role.
iam_role_path
string
IAM path for the monitoring role.
iam_role_permissions_boundary
string
ARN of the IAM policy to use as a permissions boundary for the monitoring role.
iam_role_max_session_duration
number
Maximum session duration in seconds for the monitoring role. The autoscaling example sets this to 7200.
Example (from the autoscaling example):
module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  name   = "ex-autoscaling"
  engine = "aurora-postgresql"

  # ...

  cluster_monitoring_interval   = 60
  iam_role_name                 = "ex-autoscaling-monitor"
  iam_role_use_name_prefix      = true
  iam_role_description          = "ex-autoscaling RDS enhanced monitoring IAM role"
  iam_role_path                 = "/autoscaling/"
  iam_role_max_session_duration = 7200
}
Performance Insights provides a visual database load dashboard that helps you assess and tune Aurora performance.Cluster-level settings
cluster_performance_insights_enabled
bool
default:"null"
Enables Performance Insights for the RDS cluster.
cluster_performance_insights_kms_key_id
string
default:"null"
KMS key ID to encrypt Performance Insights data. Defaults to the AWS-managed aws/rds key when omitted.
cluster_performance_insights_retention_period
number
default:"null"
Number of days to retain Performance Insights data. Valid values:
  • 7 — 7 days (free tier default)
  • month * 31 — where month is 1–23 (e.g., 93 for 3 months)
  • 731 — 2 years
Per-instance overridesEach instance in the instances map can override the cluster Performance Insights settings:
instances = {
  1 = {
    instance_class                        = "db.r8g.large"
    performance_insights_enabled          = true
    performance_insights_kms_key_id       = "arn:aws:kms:..."
    performance_insights_retention_period = 93
  }
}
Example:
module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  # ...
  cluster_performance_insights_enabled          = true
  cluster_performance_insights_kms_key_id       = module.kms.key_arn
  cluster_performance_insights_retention_period = 93
}
Export Aurora log streams to CloudWatch Logs for centralized storage and analysis.
enabled_cloudwatch_logs_exports
list(string)
default:"[]"
Log types to export to CloudWatch. Supported values:
  • audit — Aurora MySQL audit log
  • error — MySQL or PostgreSQL error log
  • general — MySQL general query log
  • slowquery — MySQL slow query log
  • postgresql — Aurora PostgreSQL log
create_cloudwatch_log_group
bool
default:"false"
Whether the module should create a CloudWatch log group for each exported log type. Log groups are created with the path /aws/rds/cluster/<name>/<log-type>.
Log groups are not created when cluster_use_name_prefix is true, because the final cluster name is not known until apply time. In that case, let RDS create the log groups automatically or create them separately.
cloudwatch_log_group_retention_in_days
number
default:"7"
Number of days to retain logs in the CloudWatch log group.
cloudwatch_log_group_kms_key_id
string
ARN of a KMS key to encrypt the CloudWatch log group data at rest.
cloudwatch_log_group_class
string
Log class for the log group. Valid values: STANDARD, INFREQUENT_ACCESS.
Example (from the postgresql example):
module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  name   = "ex-postgresql"
  engine = "aurora-postgresql"

  # ...
  enabled_cloudwatch_logs_exports = ["postgresql"]
  create_cloudwatch_log_group     = true

  cloudwatch_log_group_retention_in_days = 30
  cloudwatch_log_group_kms_key_id        = module.kms.key_arn
  cloudwatch_log_group_class             = "STANDARD"
}
Database Activity Streams provide a near-real-time stream of activity in your Aurora cluster to an Amazon Kinesis data stream.
cluster_activity_stream
object
Configuration for the cluster activity stream. Setting this variable to a non-null value enables the stream.
  • kms_key_id (required) — KMS key ID used to encrypt the activity stream.
  • mode (required) — Synchronicity mode. Use "async" for asynchronous mode or "sync" for synchronous mode.
  • include_audit_fields (optional, default false) — Whether to include engine-native audit fields in the data stream.
The Kinesis stream name is available via the output db_cluster_activity_stream_kinesis_stream_name.Example (from the postgresql example):
module "kms" {
  source  = "terraform-aws-modules/kms/aws"
  version = "~> 4.0"

  deletion_window_in_days = 7
  description             = "KMS key for ex-postgresql cluster activity stream"
  enable_key_rotation     = true
  is_enabled              = true
  key_usage               = "ENCRYPT_DECRYPT"

  aliases = ["rds/ex-postgresql"]
}

module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  name   = "ex-postgresql"
  engine = "aurora-postgresql"

  # ...
  cluster_activity_stream = {
    kms_key_id = module.kms.key_id
    mode       = "async"
  }
}

output "kinesis_stream_name" {
  value = module.aurora.db_cluster_activity_stream_kinesis_stream_name
}
Database Insights provides advanced performance analytics for Aurora clusters.
database_insights_mode
string
default:"null"
The mode of Database Insights to enable. Valid values:
  • standard — standard analytics
  • advanced — advanced analytics (additional cost, requires Performance Insights to be enabled)
module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  # ...
  database_insights_mode                        = "advanced"
  cluster_performance_insights_enabled          = true
  cluster_performance_insights_retention_period = 731
}

Full monitoring example

The following example enables all monitoring features together: 
module "aurora" {
  source = "terraform-aws-modules/rds-aurora/aws"

  name           = "ex-monitored"
  engine         = "aurora-postgresql"
  engine_version = "17.5"
  master_username = "root"

  vpc_id               = module.vpc.vpc_id
  db_subnet_group_name = module.vpc.database_subnet_group_name

  instances = {
    1 = { instance_class = "db.r8g.large" }
    2 = { instance_class = "db.r8g.large" }
  }

  # Enhanced Monitoring
  cluster_monitoring_interval   = 60
  iam_role_name                 = "ex-monitored-monitor"
  iam_role_use_name_prefix      = true
  iam_role_description          = "RDS enhanced monitoring IAM role"
  iam_role_path                 = "/monitoring/"
  iam_role_max_session_duration = 7200

  # Performance Insights
  cluster_performance_insights_enabled          = true
  cluster_performance_insights_retention_period = 93

  # CloudWatch Logs
  enabled_cloudwatch_logs_exports        = ["postgresql"]
  create_cloudwatch_log_group            = true
  cloudwatch_log_group_retention_in_days = 30

  # Activity Stream
  cluster_activity_stream = {
    kms_key_id = module.kms.key_id
    mode       = "async"
  }

  tags = local.tags
}

Build docs developers (and LLMs) love

Get started for freeTalk to us