engine variable accepts the identifier string for the engine, and engine_version pins the version. Each engine has a default port, specific parameter group family naming conventions, and a small set of engine-specific variables.
Supported engines
| Engine identifier | Default port | Option groups | License model required |
|---|---|---|---|
mysql | 3306 | Yes | No |
mariadb | 3306 | Yes | No |
postgres | 5432 | No | No |
oracle-ee | 1521 | Yes | Yes |
oracle-se2 | 1521 | Yes | Yes |
oracle-se1 | 1521 | Yes | Yes |
oracle-se | 1521 | Yes | Yes |
sqlserver-ee | 1433 | Yes | Yes |
sqlserver-se | 1433 | Yes | Yes |
sqlserver-ex | 1433 | Yes | Yes |
sqlserver-web | 1433 | Yes | Yes |
Engine configurations
- MySQL
- PostgreSQL
- Oracle
- SQL Server
MySQL is the most commonly used engine with this module. The Common
family parameter group identifier follows the pattern mysql{major}.{minor} and major_engine_version should match the major version.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-mysql"
engine = "mysql"
engine_version = "8.0"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t4g.large"
allocated_storage = 20
max_allocated_storage = 100
db_name = "completeMysql"
username = "complete_mysql"
port = 3306
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
parameters = [
{
name = "character_set_client"
value = "utf8mb4"
},
{
name = "character_set_server"
value = "utf8mb4"
}
]
tags = local.tags
}
engine_version values: 8.0, 8.0.36, 8.0.40, 8.4Valid enabled_cloudwatch_logs_exports: audit, error, general, slowqueryPostgreSQL does not support option groups. The module automatically skips option group creation when Common
engine = "postgres". The family follows the pattern postgres{major_version}.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-postgresql"
engine = "postgres"
engine_version = "17"
engine_lifecycle_support = "open-source-rds-extended-support-disabled"
family = "postgres17" # DB parameter group
major_engine_version = "17" # DB option group (ignored for postgres)
instance_class = "db.t4g.large"
allocated_storage = 20
max_allocated_storage = 100
# NOTE: Do NOT use 'user' as the value for 'username' as it throws:
# "Error creating DB Instance: InvalidParameterValue: MasterUsername
# user cannot be used as it is a reserved word used by the engine"
db_name = "completePostgresql"
username = "complete_postgresql"
port = 5432
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
parameters = [
{
name = "autovacuum"
value = 1
},
{
name = "client_encoding"
value = "utf8"
}
]
tags = local.tags
}
engine_version values: 14, 15, 16, 17engine_lifecycle_support: Set to open-source-rds-extended-support-disabled to opt out of Extended Support and avoid additional charges when a version reaches end of standard support. Applies only to MySQL and PostgreSQL.Valid enabled_cloudwatch_logs_exports: postgresql, upgradeOracle requires a
Common
license_model value. Use bring-your-own-license if you have an existing Oracle license, or license-included to have AWS provide one (at higher cost). Oracle supports two engine-specific character set variables that can only be set at creation time.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "demodb-oracle"
engine = "oracle-ee"
engine_version = "19"
family = "oracle-ee-19" # DB parameter group
major_engine_version = "19" # DB option group
instance_class = "db.t3.large"
license_model = "bring-your-own-license"
allocated_storage = 20
max_allocated_storage = 100
# Make sure that database name is capitalized, otherwise RDS will try
# to recreate the RDS instance every time.
# Oracle database name cannot be longer than 8 characters.
db_name = "ORACLE"
username = "complete_oracle"
port = 1521
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["alert", "audit"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
# See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html
character_set_name = "AL32UTF8"
nchar_character_set_name = "AL16UTF16"
tags = local.tags
}
Oracle-specific variables
| Variable | Description |
|---|---|
character_set_name | Character set for Oracle DB encoding. Cannot be changed after creation. Example: AL32UTF8. |
nchar_character_set_name | National character set used in NCHAR, NVARCHAR2, and NCLOB columns. Cannot be changed after creation. Example: AL16UTF16. |
license_model | bring-your-own-license or license-included. Required for Oracle. |
replica_mode | mounted or open-read-only (default). Oracle replicas only. |
engine_version values: 19, 21Engine identifiers: oracle-ee, oracle-se2, oracle-se1, oracle-seValid enabled_cloudwatch_logs_exports: alert, audit, listener, traceThe Oracle database name must be uppercase and cannot exceed 8 characters. If you use lowercase, Terraform will detect a diff on every plan and attempt to recreate the instance.
SQL Server requires
Common
license_model = "license-included" for most editions (Express is license-free but requires storage_encrypted = false). The timezone variable is SQL Server-specific and can only be set at creation time.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-mssql"
engine = "sqlserver-ex"
engine_version = "15.00"
family = "sqlserver-ex-15.0" # DB parameter group
major_engine_version = "15.00" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
max_allocated_storage = 100
# Encryption at rest is not available for DB instances running
# SQL Server Express Edition
storage_encrypted = false
username = "complete_mssql"
port = 1433
multi_az = false
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["error"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
options = []
create_db_parameter_group = false
license_model = "license-included"
timezone = "GMT Standard Time"
character_set_name = "Latin1_General_CI_AS"
tags = local.tags
}
SQL Server-specific variables
| Variable | Description |
|---|---|
timezone | Windows timezone identifier. Can only be set at creation time. Example: "GMT Standard Time", "Eastern Standard Time". |
character_set_name | Collation for the DB instance. Example: "Latin1_General_CI_AS". |
license_model | license-included for Standard/Enterprise/Web. Express edition does not require this. |
engine_version values: 15.00 (SQL Server 2019), 16.00 (SQL Server 2022)Engine identifiers: sqlserver-ee, sqlserver-se, sqlserver-ex, sqlserver-webValid enabled_cloudwatch_logs_exports: agent, errorSQL Server Express Edition (
sqlserver-ex) does not support encryption at rest. You must set storage_encrypted = false for this edition.SQL Server does not support a
db_name value. Omit the db_name variable entirely when using SQL Server engines.Parameter group family naming
Thefamily variable maps to the AWS parameter group family name. Use the following patterns:
| Engine | Example family |
|---|---|
| MySQL 8.0 | mysql8.0 |
| MySQL 8.4 | mysql8.4 |
| MariaDB 10.6 | mariadb10.6 |
| PostgreSQL 14 | postgres14 |
| PostgreSQL 17 | postgres17 |
| Oracle EE 19 | oracle-ee-19 |
| Oracle SE2 19 | oracle-se2-19 |
| SQL Server EX 15.0 | sqlserver-ex-15.0 |
| SQL Server SE 15.0 | sqlserver-se-15.0 |