terraform-aws-modules/rds-aurora/aws module. Variables are grouped by functional area.
General
General
Whether cluster should be created (affects nearly all resources).
Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration.
Name used across resources created.
A map of tags to add to all resources.
Do you agree that Putin doesn’t respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!
DB Subnet Group
DB Subnet Group
Cluster
Cluster
Determines whether cluster is primary cluster with writer instance (set to
false for global cluster and replica clusters).Whether to use
name as a prefix for the cluster.The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster. Required to create a Multi-AZ DB cluster.
Enable to allow major engine version upgrades when changing engine versions.
Specifies whether any cluster modifications are applied immediately, or during the next maintenance window.
List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if fewer than 3 are configured.
The days to retain backups for.
The target backtrack window, in seconds. Only available for the
aurora engine. To disable backtracking set to 0. Must be between 0 and 259200 (72 hours).The CA certificate identifier to use for the DB cluster’s server certificate. Currently only supported for multi-AZ DB clusters.
List of RDS Instances that are a part of this cluster.
Specifies the scalability mode of the Aurora DB cluster. When set to
limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation. Valid values: limitless, standard.Enables Performance Insights for the RDS Cluster.
Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key (
aws/rds) will be used.Specifies the amount of time to retain performance insights data. Defaults to 7 days if Performance Insights are enabled. Valid values are
7, month * 31 (where month is 1–23), and 731.Interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. Set to
0 to disable. Valid values: 0, 1, 5, 10, 15, 30, 60.Copy all Cluster
tags to snapshots.The mode of Database Insights to enable for the DB cluster. Valid values:
standard, advanced.Name for an automatically created database on cluster creation.
The compute and memory capacity of each DB instance in the Multi-AZ DB cluster.
Instance parameter group to associate with all instances of the DB cluster. Only valid in combination with
allow_major_version_upgrade.Specifies whether to remove automated backups immediately after the DB cluster is deleted.
If the DB instance should have deletion protection enabled. The database can’t be deleted when set to
true.Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to forward writes to an
aws_rds_global_cluster’s primary cluster.Whether read replicas can forward write operations to the writer DB instance in the DB cluster.
Enable HTTP endpoint (data API). Only valid when
engine_mode is set to serverless.The name of the database engine to be used for this DB cluster. Defaults to
aurora. Valid values: aurora, aurora-mysql, aurora-postgresql.The database engine mode. Valid values:
global, multimaster, parallelquery, provisioned, serverless.The database engine version. Updating this argument results in an outage.
The life cycle type for this DB instance. Valid values:
open-source-rds-extended-support, open-source-rds-extended-support-disabled. Default value is open-source-rds-extended-support.The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.
The global cluster identifier specified on
aws_rds_global_cluster.Specifies whether mappings of AWS IAM accounts to database accounts is enabled.
The ID of the Directory Service Active Directory domain to create the instance in.
(Required if
domain is provided) The name of the IAM role to be used when making API calls to the Directory Service.The amount of Provisioned IOPS to be initially allocated for each DB instance in the Multi-AZ DB cluster.
The ARN for the KMS encryption key. When specifying
kms_key_id, storage_encrypted needs to be set to true.Set to
true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password_wo is provided.The AWS KMS key identifier (key ARN, key ID, alias ARN, or alias name) for the KMS key used to encrypt the master user secret.
Write-only password for the master DB user. Required unless
manage_master_user_password is true, a snapshot_identifier, replication_source_identifier, or global_cluster_identifier is provided. This field is sensitive and ephemeral.Used together with
master_password_wo to trigger a password update. Increment this value when an update to master_password_wo is required.Username for the master DB user. Required unless
snapshot_identifier, replication_source_identifier, or global_cluster_identifier is provided (secondary cluster).The type of network stack to use. Valid values:
IPV4, DUAL.The port on which the DB accepts connections.
Daily time range during which automated backups are created if enabled. Time in UTC, e.g.
04:00-09:00.Weekly time range during which system maintenance can occur (UTC), e.g.
wed:04:00-wed:04:30.ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica.
Map of nested attributes for cloning an Aurora cluster.
Configuration map used to restore from a Percona Xtrabackup in S3. Only MySQL is supported.
Map of nested attributes with scaling properties. Only valid when
engine_mode is set to serverless.Map of nested attributes with serverless v2 scaling properties. Only valid when
engine_mode is set to provisioned.Determines whether a final snapshot is created before the cluster is deleted. If
true, no snapshot is created.Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.
The source region for an encrypted replica DB cluster.
Specifies whether the DB cluster is encrypted.
Determines the storage type for the DB cluster. Optional for Single-AZ, required for Multi-AZ DB clusters. Valid values for Single-AZ:
aurora, "" (Aurora Standard), aurora-iopt1 (Aurora I/O Optimized). Valid values for Multi-AZ: io1.A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging.
Create, update, and delete timeout configurations for the cluster.
Cluster Instances
Cluster Instances
Map of cluster instances and any specific/overriding attributes to be created.
Determines whether cluster instance identifiers are used as prefixes.
Create, update, and delete timeout configurations for the cluster instance(s).
Cluster Endpoints
Cluster Endpoints
Map of additional cluster endpoints and their attributes to be created.
IAM Role Associations
IAM Role Associations
Map of IAM roles and supported feature names to associate with the cluster.
Enhanced Monitoring
Enhanced Monitoring
Determines whether to create the IAM role for RDS enhanced monitoring.
IAM role used by RDS to send enhanced monitoring metrics to CloudWatch. Provide an existing ARN to skip role creation.
Friendly name of the monitoring role.
Determines whether to use
iam_role_name as-is or create a unique name beginning with iam_role_name as the prefix.Description of the monitoring role.
Path for the monitoring role.
The ARN of the policy used to set the permissions boundary for the monitoring role.
Maximum session duration (in seconds) to set for the monitoring role.
Autoscaling
Autoscaling
Determines whether autoscaling of the cluster read replicas is enabled.
Maximum number of read replicas permitted when autoscaling is enabled.
Minimum number of read replicas permitted when autoscaling is enabled.
Autoscaling policy name.
The metric type to scale on. Valid values:
RDSReaderAverageCPUUtilization, RDSReaderAverageDatabaseConnections.Cooldown in seconds before allowing further scaling operations after a scale in.
Cooldown in seconds before allowing further scaling operations after a scale out.
CPU threshold which will initiate autoscaling.
Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large’s default max_connections.
Security Group
Security Group
Determines whether to create security group for RDS cluster.
The security group name. Defaults to
var.name.Determines whether the security group name (
var.name) is used as a prefix.The description of the security group. If set to an empty string it will contain the cluster name in the description.
ID of the VPC where the security group will be created.
List of VPC security groups to associate to the cluster in addition to the security group created.
Map of security group ingress rules to add to the security group created.
Map of security group egress rules to add to the security group created. Uses the same object schema as
security_group_ingress_rules.Additional tags for the security group.
Parameter Groups
Parameter Groups
The name of an existing DB cluster parameter group. Required when
cluster_parameter_group is not provided.Map of nested arguments for the created DB cluster parameter group.
Map of nested arguments for the created DB parameter group.
CloudWatch Logs
CloudWatch Logs
Set of log types to export to CloudWatch. The following log types are supported:
audit, error, general, slowquery, postgresql.Determines whether a CloudWatch log group is created for each
enabled_cloudwatch_logs_exports.The number of days to retain CloudWatch logs for the DB instance.
The ARN of the KMS Key to use when encrypting log data.
Set to
true to remove the log group from Terraform state at destroy time without deleting it from CloudWatch.Specifies the log class of the log group. Possible values:
STANDARD, INFREQUENT_ACCESS.Additional tags for the CloudWatch log group(s).
Activity Stream
Activity Stream
Map of arguments for the created DB cluster activity stream.
Secrets Management
Secrets Management
Whether to manage the master user password rotation. Setting this to
false after previously being true will disable automatic rotation.Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
Specifies the number of days between automatic scheduled rotations of the secret. Either this or
master_user_password_rotation_schedule_expression must be specified.The length of the rotation window in hours, e.g.
3h for a three-hour window.A
cron() or rate() expression that defines the schedule for rotating the secret. Either this or master_user_password_rotation_automatically_after_days must be specified.Shard Group
Shard Group