Skip to main content

What this module does

The terraform-aws-rds module creates and manages Amazon RDS database instances on AWS. It wraps the aws_db_instance resource and the supporting resources it depends on — subnet groups, parameter groups, option groups, and monitoring roles — into a single, opinionated module with production-safe defaults. Storage encryption is enabled by default. Master passwords are managed by AWS Secrets Manager by default. A final snapshot is created on deletion by default. These defaults are intentional and reflect how a production RDS instance should be configured.
This module does not create RDS security groups. Use the terraform-aws-security-group module to create the security group and pass its ID via vpc_security_group_ids.

Supported database engines

The module supports all RDS database engines:
Engineengine valueDefault port
MySQLmysql3306
PostgreSQLpostgres5432
MariaDBmariadb3306
Oracle SE2oracle-se21521
Microsoft SQL Serversqlserver-ex, sqlserver-web, sqlserver-se, sqlserver-ee1433

Key capabilities

Storage encryption

storage_encrypted defaults to true. Bring your own KMS key with kms_key_id, or use the AWS-managed default key.

Multi-AZ

Set multi_az = true to deploy a standby replica in a second Availability Zone for automatic failover.

Blue/Green deployments

Enable blue_green_update for low-downtime engine version upgrades and schema changes without a maintenance window.

Secrets Manager passwords

manage_master_user_password defaults to true. RDS generates and stores the master password in Secrets Manager and rotates it automatically.

Enhanced Monitoring

Set monitoring_interval to a non-zero value (1–60 seconds) and create_monitoring_role = true to enable OS-level metrics in CloudWatch.

Performance Insights

Set performance_insights_enabled = true to enable query-level performance analysis. Data is retained for 7 days by default.

Read replicas

Pass replicate_source_db with the source instance identifier or ARN to create a read replica, including cross-region replicas.

Storage autoscaling

Set max_allocated_storage above allocated_storage to allow RDS to automatically increase storage as usage grows.

Submodules

The root module is composed of five submodules. Each submodule can also be called independently if you only need to manage part of the infrastructure.
SubmoduleWhat it createsControlled by
db_instanceThe aws_db_instance resource, Enhanced Monitoring IAM role, CloudWatch log groupscreate_db_instance
db_subnet_groupAn aws_db_subnet_group across two or more subnetscreate_db_subnet_group
db_parameter_groupAn aws_db_parameter_group for engine-specific parameterscreate_db_parameter_group
db_option_groupAn aws_db_option_group for optional engine features (MySQL, Oracle, MSSQL only)create_db_option_group
db_instance_role_associationaws_db_instance_role_association resources linking IAM roles to the instancedb_instance_role_associations map
For PostgreSQL, db_option_group is never created because PostgreSQL does not support option groups. The module handles this automatically.

Requirements

RequirementMinimum version
Terraform>= 1.11.1
AWS provider (hashicorp/aws)>= 6.28
Declare these in your root module’s versions.tf:
versions.tf
terraform {
  required_version = ">= 1.11.1"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 6.28"
    }
  }
}

Next steps

See the quickstart to deploy a working RDS instance with a complete MySQL or PostgreSQL example.

Build docs developers (and LLMs) love

Get started for freeTalk to us