Module usage:

module "rds" {
   source                = "git::https://github.com/UKHomeOffice/acp-tf-rds?ref=master"

    name                         = "fake"
   allocated\_storage            = "20"
   apply\_immediately            = false
   cidr\_blocks                  = ["${values(var.compute.cidrs)}"]
   database\_name                = "keycloak"
   database\_password            = "password"
   database\_port                = "3306"
   database\_user                = "root"
   db\_parameter\_family          = "default.mysql5.6"
   dns\_zone                     = "${var.dns\\_zone}"
   engine\_type                  = "MariaDB"
   engine\_version               = "10.1.19"
   environment                  = "${var.environment}"
   instance\_class               = "db.t2.medium"
   max\_allocated\_storage        = 100
   snapshot\_identifier          = "rds:production-2015-06-26-06-05"
   performance\_insights\_enabled = true

Requirements

Name	Version
terraform	>= 1.0
aws	~> 3.0

Providers

Name	Version
aws	3.72.0

Modules

Name	Source	Version
self_serve_access_keys	git::https://github.com/UKHomeOffice/acp-tf-self-serve-access-keys	v0.1.0

Notes

The module does not currently support Aurora I/O Optimised storage types. In order to use these, do not define storage_type and simply make the change in the AWS console.

For an RDS instance with storage_type using gp3, be aware that iops cannot be specified if the allocated_storage value is below a per-engine threshold. See the RDS User Guide for details.

Resources

Name	Type
aws_db_instance.db_excluding_name	resource
aws_db_instance.db_including_name	resource
aws_db_instance.db_read_replica	resource
aws_db_parameter_group.db	resource
aws_db_subnet_group.db	resource
aws_iam_policy.rds_log_policy	resource
aws_iam_policy.rds_management_policy	resource
aws_iam_policy.rds_performance_insights_policy	resource
aws_iam_user.rds_logs_iam_user	resource
aws_iam_user.rds_management_iam_user	resource
aws_iam_user.rds_performance_insights_iam_user	resource
aws_iam_user_policy_attachment.rds_log_policy_attachement	resource
aws_iam_user_policy_attachment.rds_management_policy_attachment	resource
aws_iam_user_policy_attachment.rds_performance_insights_policy_attachment	resource
aws_rds_cluster.aurora_cluster	resource
aws_rds_cluster_instance.aurora_cluster_instance	resource
aws_rds_cluster_parameter_group.db	resource
aws_route53_record.dns_excluding_dbname	resource
aws_route53_record.dns_including_dbname	resource
aws_route53_record.dns_read_replica_db	resource
aws_security_group.db	resource
aws_security_group_rule.database_port	resource
aws_security_group_rule.out_all	resource
aws_route53_zone.selected	data source

Inputs

Name	Description	Type	Default	Required
allocated_storage	The allocated storage in GBs for the RDS	any	n/a	yes
allow_major_version_upgrade	Allow major version upgrade	bool	false	no
apply_immediately	Specifies whether any database modifications are applied immediately	bool	false	no
auto_minor_version_upgrade	Allow automated minor version upgrade	bool	false	no
backup_retention_period	How long will we retain backups	string	7	no
backup_window	When AWS can run snapshot, can't overlap with maintenance window	string	"22:00-03:00"	no
ca_cert_identifier	Which CA to use for RDS Certificates	string	"rds-ca-rsa2048-g1"	no
cidr_blocks	A list of network cidr block which are permitted acccess	list(string)	[ "0.0.0.0/0" ]	no
copy_tags_to_snapshot	Copy tags from DB to a snapshot	bool	true	no
custom_option_group_name	Name of custom option group for RDS instance	string	""	no
database_name	The name of the database to create	string	""	no
database_password	The default password for the specified user for RDS	any	n/a	yes
database_port	The database port being used by the RDS instance, i.e. 3306, 5342	any	n/a	yes
database_user	The username for the RDS to be created	string	"root"	no
db_cluster_parameter_family	Cluster parameter group, depends on DB engine used	string	""	no
db_cluster_parameters	A map of database parameters for the RDS Cluster instance	list(map(string))	[]	no
db_parameter_family	Parameter group, depends on DB engine used	any	n/a	yes
db_parameters	A map of database parameters for the RDS instance	list(map(string))	[]	no
dns_name	The dns name added the dns zone, else defaults to var.name	string	""	no
dns_ttl	The dns record type for the RDS instance, defaults to CNAME	string	"300"	no
dns_type	The dns record type for the RDS instance, defaults to CNAME	string	"CNAME"	no
dns_zone	The required route53 domain name we are added the dns entry to i.e. example.com	any	n/a	yes
email_addresses	A list of email addresses for key rotation notifications.	list(string)	[]	no
enabled_cloudwatch_logs_exports	Set of log types to enable for exporting to CloudWatch logs - by default, no logs will be exported. Valid values vary depending on engine.	list(string)	[]	no
engine_type	Database engine type	any	n/a	yes
engine_version	Database engine version, depends on engine type	any	n/a	yes
environment	The environment the RDS is running in i.e. dev, prod etc	any	n/a	yes
instance_class	Class of RDS instance	string	"db.t2.medium"	no
iops	The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' or gp3. See notes for limitations regarding this variable for gp3	number	null	no
is_multi_az	Set to true on production	bool	false	no
key_rotation	Enable email notifications for old IAM keys.	string	"true"	no
license_model	License model information required for some DBs like Oracle SE2	string	""	no
log_access_enabled	Create a user with access to the instance's logs	bool	false	no
maintenance_window	The window to perform maintenance in, can't overlap with backup window	any	null	no
management_access_enabled	Create a user that can start/stop RDS and get logs with AWS CLI	bool	false	no
max_allocated_storage	The maximum allocated storage that is allowed for an RDS instance.	any	null	no
name	A descriptive name for the RDS instance (leave blank only when rds requires it to be blank)	any	n/a	yes
number_of_aurora_instances	The number of Aurora instances to create	number	1	no
performance_insights_enabled	Create a user that can access PI with AWS CLI	bool	false	no
performance_insights_retention_period	If Long Term Retention is turned off, performance data older than 7 days is deleted	any	null	no
publicly_accessible	If true, the RDS will be publicly accessible	bool	false	no
replicate_source_db	Specifies that this resource is a Replicate database, and to use this value as the source database.	string	""	no
skip_final_snapshot	If true (false by default), no snapshot will be made before deleting DB	bool	false	no
snapshot_identifier	Specifies whether or not to create this database from a snapshot.	string	""	no
storage_encrypted	Indicates you want the underlining storage to be encrypted	bool	true	no
storage_type	One of 'standard' (magnetic), 'gp2' (general purpose SSD), 'gp3' (new generation of general purpose SSD), or 'io1' (provisioned IOPS SSD). If you specify 'gp3' , you must also include a value for the 'iops' parameter. For I/O Optimised Aurora instances, see the Notes section.	string	"gp2"	no
subnet_group_name	The name/ID of the subnet group for the instance	string	""	no
subnet_ids	The list of subnet IDs associated to a vpc	list(string)	[]	no
subnet_role	A role used to filter out which subnets the RDS should reside, defaults to Role=compute	string	"compute"	no
tags	A map of tags to add to all resources	map(string)	{}	no
vpc_id	The VPC ID to create the resources within	any	n/a	yes

Outputs

Name	Description
db_excluding_name_instance_id	ID of the instance
db_including_name_instance_id	ID of the instance
rds_security_group_id	ID of security group