Skip to main content
This is a separate submodulemodules/dsql — distinct from the main Aurora module. It provisions Amazon Aurora DSQL clusters and does not share inputs or outputs with the root terraform-aws-rds-aurora module.

Overview

The DSQL submodule creates and manages:
  • aws_dsql_cluster — an Aurora DSQL cluster with optional KMS encryption, deletion protection, and multi-region configuration.
  • aws_dsql_cluster_peering (optional) — peering between two DSQL clusters in different regions, enabling a multi-region active-active topology.
Set witness_region to convert a single-region cluster into a multi-region cluster. Set create_cluster_peering = true and supply the peer cluster ARNs in clusters to complete the peering relationship.

Module source

module "dsql" {
  source = "terraform-aws-modules/rds-aurora/aws//modules/dsql"
}

Resources created

ResourceCondition
aws_dsql_clusterAlways (when create = true)
aws_dsql_cluster_peeringWhen create = true and create_cluster_peering = true

Usage examples

module "dsql" {
  source = "terraform-aws-modules/rds-aurora/aws//modules/dsql"

  name = "my-dsql"

  # Disable for non-production environments
  deletion_protection_enabled = false

  tags = {
    Environment = "dev"
  }
}

Inputs

General

create
bool
default:"true"
Whether cluster should be created (affects all resources).
region
string
default:"null"
Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration. Use this to manage a cluster in a region different from the default provider region.
name
string
default:"\"\""
Name used across resources created. Applied as the Name tag on the cluster when non-empty.
tags
map(string)
default:"{}"
A map of tags to add to all resources.

Cluster

deletion_protection_enabled
bool
default:"null"
Whether deletion protection is enabled in this cluster. When true, the cluster cannot be deleted without first disabling this setting.
kms_encryption_key
string
default:"null"
The ARN of the AWS KMS key that encrypts data in the DSQL cluster, or the literal string AWS_OWNED_KMS_KEY to use an AWS-owned key.
force_destroy
bool
default:"null"
Destroys the cluster even if deletion_protection_enabled is set to true. Defaults to false.

Cluster Peering

create_cluster_peering
bool
default:"false"
Whether to create an aws_dsql_cluster_peering resource. Requires clusters and witness_region to also be set.
clusters
list(string)
default:"null"
List of DSQL Cluster ARNs to be peered with this cluster.
witness_region
string
default:"null"
Witness region for the multi-region clusters. Setting this makes this cluster a multi-region cluster. Changing this value recreates the cluster.
timeouts
object
default:"null"
Timeout configuration for the cluster peering creation.

Outputs

arn
string
ARN of the DSQL cluster.
identifier
string
The unique identifier assigned to the DSQL cluster.
encryption_details
object
Encryption configuration details for the DSQL cluster, including the KMS key used and encryption status.
multi_region_properties
object
Multi-region properties of the DSQL cluster, including the witness region and linked cluster information.
vpc_endpoint_service_name
string
The DSQL cluster’s VPC endpoint service name. Use this to create a VPC endpoint in the same VPC as your application.

Build docs developers (and LLMs) love

Get started for freeTalk to us