Aurora Limitless Database is a horizontally-scaled variant of Amazon Aurora that distributes both reads and writes across a sharded cluster. Instead of provisioning individual DB instances, you configure a shard group that Aurora manages automatically — scaling Aurora Capacity Units (ACUs) within the bounds you define.
This is a fundamentally different architecture from standard provisioned Aurora. The cluster itself still exists as an aws_rds_cluster, but no individual aws_rds_cluster_instance resources are created. Connections go to the shard group endpoint rather than the cluster endpoint.
Aurora Limitless is a newer feature with limited regional availability. Verify that your target AWS region supports Aurora Limitless before deploying. As of this writing, supported regions include us-east-1, us-east-2, us-west-2, and eu-west-1, among others — but check the AWS documentation for the current list. Use Aurora Limitless when you need to scale write throughput beyond what a single Aurora writer instance can handle, or when your dataset is too large for a single Aurora cluster. For workloads that only need read scale-out, standard provisioned Aurora with autoscaling read replicas is simpler and more cost-effective.
Key differences from standard Aurora
- Set
cluster_scalability_type = "limitless" on the module — this automatically sets engine_mode to an empty string (required by AWS)
- No
instances block is used; capacity is managed by the shard_group block instead
- The engine version must be a Limitless-specific version (e.g.
16.9-limitless)
- Managed master user password (
manage_master_user_password) is not supported for Limitless clusters — you must supply a password directly via master_password_wo
- Use
storage_type = "aurora-iopt1" (Aurora I/O Optimized), which is required for Limitless
Example
The following example provisions a PostgreSQL Aurora Limitless cluster in eu-west-1 with a shard group capped at 16 ACUs.
provider "aws" {
region = local.region
}
data "aws_availability_zones" "available" {
# Exclude local zones
filter {
name = "opt-in-status"
values = ["opt-in-not-required"]
}
}
locals {
name = "ex-limitless"
region = "eu-west-1"
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
tags = {
Example = local.name
Terraform = "true"
}
}
module "aurora" {
source = "terraform-aws-modules/rds-aurora/aws"
name = local.name
engine = "aurora-postgresql"
engine_version = "16.9-limitless"
storage_type = "aurora-iopt1"
cluster_scalability_type = "limitless"
cluster_monitoring_interval = 30
cluster_performance_insights_enabled = true
cluster_performance_insights_retention_period = 31
shard_group = {
compute_redundancy = 0
identifier = local.name
max_acu = 16
}
# Aurora Limitless clusters do not support managed master user password
manage_master_user_password = false
master_username = "root"
master_password_wo = random_password.master.result
master_password_wo_version = 1
vpc_id = module.vpc.vpc_id
db_subnet_group_name = module.vpc.database_subnet_group_name
security_group_ingress_rules = {
private-az1 = {
cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 0)
}
private-az2 = {
cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 1)
}
private-az3 = {
cidr_ipv4 = element(module.vpc.private_subnets_cidr_blocks, 2)
}
}
apply_immediately = true
skip_final_snapshot = true
cluster_parameter_group = {
name = local.name
family = "aurora-postgresql16"
description = "${local.name} example cluster parameter group"
parameters = [
{
name = "log_min_duration_statement"
value = 4000
apply_method = "immediate"
},
{
name = "rds.force_ssl"
value = 1
apply_method = "immediate"
}
]
}
enabled_cloudwatch_logs_exports = ["postgresql"]
create_cloudwatch_log_group = true
tags = local.tags
}
resource "random_password" "master" {
length = 20
special = false
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 6.0"
name = local.name
cidr = local.vpc_cidr
azs = local.azs
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 3)]
database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 6)]
tags = local.tags
}
The shard_group variable
The shard_group object configures the aws_rds_shard_group resource that Aurora Limitless creates alongside the cluster.
| Attribute | Type | Required | Description |
|---|
identifier | string | yes | The identifier for the shard group |
max_acu | number | yes | Maximum Aurora Capacity Units for the shard group |
min_acu | number | no | Minimum Aurora Capacity Units for the shard group |
compute_redundancy | number | no | Number of additional writer DB instances (0 or 1). Set to 0 to disable redundancy |
publicly_accessible | bool | no | Whether the shard group is publicly accessible |
tags | map(string) | no | Tags to apply to the shard group resource |
timeouts | object | no | Create/update/delete timeout overrides for the shard group |
Timeout configuration
The timeouts sub-object within shard_group accepts:
shard_group = {
identifier = "my-cluster"
max_acu = 32
timeouts = {
create = "60m"
update = "60m"
delete = "60m"
}
}
The engine_mode behavior
When cluster_scalability_type = "limitless" is set, the module automatically passes an empty string "" for engine_mode to the underlying aws_rds_cluster resource. This is required by AWS — do not set engine_mode manually when using Limitless.
# In main.tf — handled automatically by the module:
engine_mode = var.cluster_scalability_type == "limitless" ? "" : var.engine_mode
Outputs
The shard group endpoint is exposed as a module output rather than the standard cluster endpoint:
output "db_shard_group_arn" {
description = "ARN of the shard group"
value = module.aurora.db_shard_group_arn
}
output "db_shard_group_resource_id" {
description = "The AWS Region-unique, immutable identifier for the DB shard group"
value = module.aurora.db_shard_group_resource_id
}
output "db_shard_group_endpoint" {
description = "The connection endpoint for the DB shard group"
value = module.aurora.db_shard_group_endpoint
}
db_shard_group_endpoint — not cluster_endpoint — when using Aurora Limitless. 
