terraform-aws-modules/rds/aws) accepts the following input variables. Only identifier is required; all other variables have defaults.
Instance
Instance
The name of the RDS instance. Used as the base name for all related resources.
Determines whether to use
identifier as-is or create a unique identifier beginning with identifier as the specified prefix.Default: falseThe database engine to use (e.g.
mysql, postgres, oracle-se2, sqlserver-ex).Default: nullThe engine version to use (e.g.
8.0.35, 15.4).Default: nullThe life cycle type for this DB instance. Applies only to RDS for MySQL and RDS for PostgreSQL. Valid values:
open-source-rds-extended-support, open-source-rds-extended-support-disabled. AWS default is open-source-rds-extended-support.Default: nullThe instance type of the RDS instance (e.g.
db.t3.micro, db.r6g.large).Default: nullThe allocated storage in gigabytes.Default:
nullOne of
standard (magnetic), gp2 (general purpose SSD), gp3 (new generation of general purpose SSD), or io1 (provisioned IOPS SSD). The default is io1 if iops is specified, gp2 if not. If you specify io1 or gp3, you must also include a value for the iops parameter.Default: nullSpecifies whether the DB instance is encrypted.Default:
trueThe ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If
storage_encrypted is set to true and kms_key_id is not specified, the default KMS key created in your account will be used. Use the full ARN, not a key alias.Default: nullSpecifies the value for Storage Autoscaling. Set to a value greater than
allocated_storage to enable autoscaling. Set to 0 to disable.Default: 0Storage throughput value for the DB instance. See notes for limitations regarding this variable for
gp3.Default: nullThe amount of provisioned IOPS. Setting this implies a
storage_type of io1 or gp3. See notes for limitations regarding this variable for gp3.Default: nullUse a dedicated log volume (DLV) for the DB instance. Requires Provisioned IOPS.Default:
falseDatabase
Database
The DB name to create. If omitted, no database is created initially.Default:
nullUsername for the master DB user.Default:
nullWrite-only password for the master DB user. Required unless
manage_master_user_password is set to true, or snapshot_identifier / replicate_source_db is provided. This is a sensitive, ephemeral variable — it will not be stored in Terraform state.Default: nullUsed together with
password_wo to trigger an update. Increment this value when a password change is required.Default: nullThe port on which the DB accepts connections. Defaults to the engine default if not specified.Default:
nullThe character set name to use for DB encoding in Oracle instances. Cannot be changed after creation. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information.Default:
nullThe national character set used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. Cannot be changed after creation.Default:
nullTime zone of the DB instance. Currently only supported by Microsoft SQL Server. Can only be set on creation.Default:
nullLicense model information for this DB instance. Optional, but required for some DB engines (e.g.
Oracle SE1). Valid values: license-included, bring-your-own-license, general-public-license.Default: nullAuthentication
Authentication
Set to
true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password_wo is provided.Default: trueThe key ARN, key ID, alias ARN, or alias name for the KMS key to encrypt the master user password secret in Secrets Manager. If not specified, the default KMS key for your AWS account is used.Default:
nullWhether to manage the master user password rotation. By default, rotation is managed by RDS on creation. Setting this value to
false after previously having been set to true will disable automatic rotation.Default: falseSpecifies whether to rotate the secret immediately or wait until the next scheduled rotation window.Default:
nullSpecifies the number of days between automatic scheduled rotations of the secret. Either
automatically_after_days or schedule_expression must be specified.Default: nullThe length of the rotation window in hours (e.g.
3h for a three-hour window).Default: nullA
cron() or rate() expression that defines the schedule for rotating your secret. Either automatically_after_days or schedule_expression must be specified.Default: nullSpecifies whether IAM database authentication is enabled, which allows IAM users and roles to authenticate to the DB instance.Default:
falseNetwork
Network
List of VPC security group IDs to associate with the DB instance.Default:
[]Bool to control if instance is publicly accessible. When
false, the instance can only be accessed from within the VPC.Default: falseSpecifies if the RDS instance is multi-AZ. Enables high availability with an automatic failover standby in a different Availability Zone.Default:
falseThe Availability Zone of the RDS instance. Cannot be set when
multi_az is true.Default: nullThe type of network stack to use. Valid values:
IPV4, DUAL.Default: nullIndicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.Default:
nullSubnet Group
Subnet Group
Whether to create a database subnet group. If
false, db_subnet_group_name must reference an existing subnet group.Default: falseName of the DB subnet group. The DB instance will be created in the VPC associated with this group. If unspecified, the instance will be created in the default VPC.Default:
nullDetermines whether to use
db_subnet_group_name as-is or create a unique name beginning with db_subnet_group_name as the prefix.Default: trueDescription of the DB subnet group to create.Default:
nullA list of VPC subnet IDs to use when creating the DB subnet group.Default:
[]Parameter Group
Parameter Group
Whether to create a database parameter group.Default:
trueName of the DB parameter group to associate or create.Default:
nullDetermines whether to use
parameter_group_name as-is or create a unique name beginning with parameter_group_name as the prefix.Default: trueDescription of the DB parameter group to create.Default:
nullThe family of the DB parameter group (e.g.
mysql8.0, postgres15).Default: nullA list of DB parameters to apply to the parameter group.Default:
nullSet to
true if you do not wish the parameter group to be deleted at destroy time. The parameter group is instead removed from Terraform state only.Default: nullOption Group
Option Group
Whether to create a database option group.Default:
trueName of the option group to associate or create.Default:
nullDetermines whether to use
option_group_name as-is or create a unique name beginning with option_group_name as the prefix.Default: trueThe description of the option group.Default:
nullSpecifies the major version of the engine that this option group should be associated with (e.g.
8.0, 15).Default: nullA list of options to apply to the option group.Default:
nullSet to
true if you do not wish the option group to be deleted at destroy time. The option group is instead removed from Terraform state only.Default: nullBackup & Recovery
Backup & Recovery
The number of days to retain automated backups. Must be between 0 and 35. Set to
0 to disable automated backups.Default: nullThe daily time range (in UTC) during which automated backups are created if they are enabled. Format:
HH:MM-HH:MM (e.g. 09:46-10:16). Must not overlap with maintenance_window.Default: nullOn delete, copy all instance tags to the final snapshot.Default:
trueDetermines whether a final DB snapshot is created before the DB instance is deleted. If
true, no snapshot is created.Default: falseThe prefix for the final snapshot identifier on cluster destroy. The full identifier will be
{prefix}-{identifier}-{random_hex}.Default: "final"Specifies whether to remove automated backups immediately after the DB instance is deleted.Default:
trueSpecifies whether or not to create this database from a snapshot. This correlates to the snapshot ID shown in the RDS console (e.g.
rds:production-2015-06-26-06-05).Default: nullRestore to a point in time. MySQL is not supported.Default:
nullRestore from a Percona Xtrabackup stored in S3. Only MySQL is supported.Default:
nullMaintenance
Maintenance
The window to perform maintenance in. Format:
ddd:hh24:mi-ddd:hh24:mi (e.g. Mon:00:00-Mon:03:00).Default: nullSpecifies whether any database modifications are applied immediately or during the next maintenance window.Default:
falseIndicates that major version upgrades are allowed. Changing this parameter does not result in an outage.Default:
falseIndicates that minor engine upgrades will be applied automatically during the maintenance window.Default:
trueEnables low-downtime updates using RDS Blue/Green deployments. When enabled,
backup_retention_period must be at least 1.Default: nullWhether to upgrade the storage file system configuration on the read replica. Can only be set with
replicate_source_db.Default: nullMonitoring
Monitoring
The interval in seconds between points when Enhanced Monitoring metrics are collected for the DB instance. To disable, specify
0. Valid values: 0, 1, 5, 10, 15, 30, 60.Default: 0The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if
monitoring_interval is non-zero and create_monitoring_role is false.Default: nullName of the IAM role which will be created when
create_monitoring_role is enabled.Default: "rds-monitoring-role"Determines whether to use
monitoring_role_name as-is or create a unique identifier beginning with monitoring_role_name as the prefix.Default: falseDescription of the monitoring IAM role.Default:
nullCreate an IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs.Default:
falseARN of the policy used to set the permissions boundary for the monitoring IAM role.Default:
nullSpecifies whether Performance Insights are enabled.Default:
falseThe amount of time in days to retain Performance Insights data. Valid values:
7, 731 (2 years), or a multiple of 31.Default: 7The ARN for the KMS key to encrypt Performance Insights data.Default:
nullThe mode of Database Insights enabled for the instance. Valid values:
standard, advanced.Default: nullCloudWatch Logs
CloudWatch Logs
List of log types to export to CloudWatch Logs. Valid values depend on the engine:
alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL only), upgrade (PostgreSQL only).Default: []Determines whether a CloudWatch log group is created for each entry in
enabled_cloudwatch_logs_exports. Log groups are not created when using an identifier prefix.Default: falseThe number of days to retain CloudWatch logs for the DB instance.Default:
7The ARN of the KMS key to use when encrypting CloudWatch log data.Default:
nullSet to
true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time. The log group is instead removed from Terraform state only.Default: nullThe log class of the log group. Possible values:
STANDARD, INFREQUENT_ACCESS.Default: nullSecurity
Security
The database cannot be deleted when this value is set to
true. To delete the instance, set this to false and apply before destroying.Default: falseSpecifies the identifier of the CA certificate for the DB instance (e.g.
rds-ca-rsa2048-g1).Default: nullRDS custom IAM instance profile name.Default:
nullActive Directory
Active Directory
The ID of the Directory Service Active Directory domain to create the instance in (e.g.
d-1234567890). Conflicts with domain_fqdn and domain_auth_secret_arn.Default: nullThe ARN for the Secrets Manager secret with the self-managed Active Directory credentials for the user joining the domain. Required if
domain_fqdn is provided. Conflicts with domain and domain_iam_role_name.Default: nullThe IPv4 DNS IP addresses of your primary and secondary self-managed Active Directory domain controllers. Two IP addresses must be provided. Required if
domain_fqdn is provided. Conflicts with domain and domain_iam_role_name.Default: nullThe fully qualified domain name (FQDN) of the self-managed Active Directory domain. Conflicts with
domain and domain_iam_role_name.Default: nullThe name of the IAM role to be used when making API calls to the Directory Service. Required if
domain is provided.Default: nullThe self-managed Active Directory organizational unit for the DB instance to join. Required if
domain_fqdn is provided. Conflicts with domain and domain_iam_role_name.Default: nullReplicas
Replicas
Specifies that this resource is a read replica, and designates the source DB instance identifier to replicate from. When set, many configuration values are inherited from the source instance.Default:
nullSpecifies whether the replica is in
mounted or open-read-only mode. Only supported by Oracle instances.Default: nullRole Association
Role Association
A map of DB instance supported feature names to IAM role ARNs. The module creates one
aws_db_instance_role_association resource for each map entry.Default: {}Example:Tags
Tags
Timeouts
Timeouts
Region
Region
Region where this resource will be managed. Defaults to the region set in the provider configuration. Useful for multi-region deployments.Default:
null