{"id":21725416,"url":"https://github.com/jameswoolfenden/terraform-aws-rds","last_synced_at":"2025-06-24T20:14:55.266Z","repository":{"id":47028409,"uuid":"224171867","full_name":"JamesWoolfenden/terraform-aws-rds","owner":"JamesWoolfenden","description":"Helps to deploy an RDS DB instance","archived":false,"fork":false,"pushed_at":"2023-08-31T11:03:30.000Z","size":170,"stargazers_count":4,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-26T16:55:10.130Z","etag":null,"topics":["aws","module","rds","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JamesWoolfenden.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2019-11-26T11:07:10.000Z","updated_at":"2023-04-14T07:27:49.000Z","dependencies_parsed_at":"2023-01-18T15:01:36.265Z","dependency_job_id":null,"html_url":"https://github.com/JamesWoolfenden/terraform-aws-rds","commit_stats":null,"previous_names":[],"tags_count":87,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-rds","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-rds/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-rds/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-rds/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JamesWoolfenden","download_url":"https://codeload.github.com/JamesWoolfenden/terraform-aws-rds/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248643045,"owners_count":21138353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","module","rds","terraform"],"created_at":"2024-11-26T03:17:33.133Z","updated_at":"2025-04-12T22:54:29.926Z","avatar_url":"https://github.com/JamesWoolfenden.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-rds\n\n[![Build Status](https://github.com/JamesWoolfenden/terraform-aws-rds/workflows/Verify/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-aws-rds)\n[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-aws-rds.svg)](https://github.com/JamesWoolfenden/terraform-aws-rds/releases/latest)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/terraform-aws-rds.svg?label=latest)](https://github.com/JamesWoolfenden/terraform-aws-rds/releases/latest)\n![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/JamesWoolfenden/terraform-aws-rds/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-rds\u0026benchmark=CIS+AWS+V1.2)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/jameswoolfenden/terraform-aws-rds/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-rds\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\nTerraform module - creates an RDS instance. When you select tp create a Postgres DB, this module adds enables _pgaudit_, this is in line with Prowler and Bridgecrew AWS best practices.\n\n---\n\nIt's 100% Open Source and licensed under the [APACHE2](LICENSE).\n\n## Usage\n\nInclude this repository as a module in your existing Terraform code:\n\n```terraform\nmodule \"rds\" {\n  source            = \"JamesWoolfenden/rds/aws\"\n  version           = \"0.2.4\"\n  subnet_ids        = var.subnets\n  instance          = var.instance\n  instance_password = \"Password123\"\n  rds_role          = data.aws_iam_role.rds\n  kms_key_id        = data.aws_kms_key.rds.id\n}\n```\n\nTo find the parameter group family:\n\n```cli\naws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"\n```\n\n## Costs\n\nNote: Costs start at this estimate based on the examplea values.\n\n```text\nMonthly cost estimate\n\nProject: .\n\n Name                                 Monthly Qty  Unit       Monthly Cost\n\n module.rds.aws_db_instance.instance\n ├─ Database instance                         730  hours            $27.74\n └─ Database storage                           20  GB-months         $5.32\n\n PROJECT TOTAL                                                      $33.06\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_db_instance.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |\n| [aws_db_parameter_group.custom](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |\n| [aws_db_subnet_group.access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |\n| [aws_iam_policy.dbaccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_secretsmanager_secret.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |\n| [aws_secretsmanager_secret.username](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |\n| [aws_secretsmanager_secret_version.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |\n| [aws_secretsmanager_secret_version.username](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |\n| [aws_security_group.dbaccess](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_allowed_cidr\"\u003e\u003c/a\u003e [allowed\\_cidr](#input\\_allowed\\_cidr) | n/a | `list(string)` | n/a | yes |\n| \u003ca name=\"input_apply_immediately\"\u003e\u003c/a\u003e [apply\\_immediately](#input\\_apply\\_immediately) | Apply changes immediately | `bool` | `false` | no |\n| \u003ca name=\"input_backup_retention_period\"\u003e\u003c/a\u003e [backup\\_retention\\_period](#input\\_backup\\_retention\\_period) | n/a | `number` | `14` | no |\n| \u003ca name=\"input_copy_tags_to_snapshot\"\u003e\u003c/a\u003e [copy\\_tags\\_to\\_snapshot](#input\\_copy\\_tags\\_to\\_snapshot) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_custom_db_group_name\"\u003e\u003c/a\u003e [custom\\_db\\_group\\_name](#input\\_custom\\_db\\_group\\_name) | Your custom DB parameter group mane | `string` | `\"\"` | no |\n| \u003ca name=\"input_db_subnet_group_name\"\u003e\u003c/a\u003e [db\\_subnet\\_group\\_name](#input\\_db\\_subnet\\_group\\_name) | The name of the subnet to use for the database | `string` | `\"default\"` | no |\n| \u003ca name=\"input_deletion_protection\"\u003e\u003c/a\u003e [deletion\\_protection](#input\\_deletion\\_protection) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | n/a | `string` | `\"Some description\"` | no |\n| \u003ca name=\"input_family\"\u003e\u003c/a\u003e [family](#input\\_family) | Needs to be set to your specific db | `string` | `\"aurora-postgresql14\"` | no |\n| \u003ca name=\"input_instance\"\u003e\u003c/a\u003e [instance](#input\\_instance) | Map of all the variables | `any` | n/a | yes |\n| \u003ca name=\"input_instance_password\"\u003e\u003c/a\u003e [instance\\_password](#input\\_instance\\_password) | Instance Password | `string` | n/a | yes |\n| \u003ca name=\"input_kms_key_arn\"\u003e\u003c/a\u003e [kms\\_key\\_arn](#input\\_kms\\_key\\_arn) | The ARN of a KMS key | `string` | n/a | yes |\n| \u003ca name=\"input_monitoring_interval\"\u003e\u003c/a\u003e [monitoring\\_interval](#input\\_monitoring\\_interval) | Monitoring\\_interval in seconds | `number` | `60` | no |\n| \u003ca name=\"input_monitoring_role_arn\"\u003e\u003c/a\u003e [monitoring\\_role\\_arn](#input\\_monitoring\\_role\\_arn) | Role for Monitoring - the ARN | `string` | `\"\"` | no |\n| \u003ca name=\"input_multi_az\"\u003e\u003c/a\u003e [multi\\_az](#input\\_multi\\_az) | Controls multi az | `bool` | `true` | no |\n| \u003ca name=\"input_publicly_accessible\"\u003e\u003c/a\u003e [publicly\\_accessible](#input\\_publicly\\_accessible) | To comply with security rules CKV\\_AWS\\_17 this defaults to false | `bool` | `false` | no |\n| \u003ca name=\"input_rds_role\"\u003e\u003c/a\u003e [rds\\_role](#input\\_rds\\_role) | The IAM ARN of the role for RDS monitoring | `string` | `\"\"` | no |\n| \u003ca name=\"input_recovery_window_in_days\"\u003e\u003c/a\u003e [recovery\\_window\\_in\\_days](#input\\_recovery\\_window\\_in\\_days) | The number of days for schedule of deletion of secret | `number` | `0` | no |\n| \u003ca name=\"input_subnet_group\"\u003e\u003c/a\u003e [subnet\\_group](#input\\_subnet\\_group) | n/a | `list` | \u003cpre\u003e[\u003cbr\u003e  {\u003cbr\u003e    \"description\": \"\",\u003cbr\u003e    \"name\": \"database-1\"\u003cbr\u003e  }\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#input\\_subnet\\_ids) | A list of Subnet ids | `list(any)` | n/a | yes |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | The id of the VPC for the security group and db | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_db_subnet_group\"\u003e\u003c/a\u003e [db\\_subnet\\_group](#output\\_db\\_subnet\\_group) | n/a |\n| \u003ca name=\"output_instance\"\u003e\u003c/a\u003e [instance](#output\\_instance) | n/a |\n| \u003ca name=\"output_password_location\"\u003e\u003c/a\u003e [password\\_location](#output\\_password\\_location) | n/a |\n| \u003ca name=\"output_policy\"\u003e\u003c/a\u003e [policy](#output\\_policy) | n/a |\n| \u003ca name=\"output_security_group\"\u003e\u003c/a\u003e [security\\_group](#output\\_security\\_group) | n/a |\n| \u003ca name=\"output_username_location\"\u003e\u003c/a\u003e [username\\_location](#output\\_username\\_location) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Policy\n\nThis is the policy required to build this project:\n\n\u003c!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\nThe Terraform resource required is:\n\n```golang\nresource \"aws_iam_policy\" \"terraform_pike\" {\n  name_prefix = \"terraform_pike\"\n  path        = \"/\"\n  description = \"Pike Autogenerated policy from IAC\"\n\n  policy = jsonencode({\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"VisualEditor0\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"ec2:AuthorizeSecurityGroupEgress\",\n                \"ec2:AuthorizeSecurityGroupIngress\",\n                \"ec2:CreateSecurityGroup\",\n                \"ec2:DeleteSecurityGroup\",\n                \"ec2:DescribeAccountAttributes\",\n                \"ec2:DescribeNetworkInterfaces\",\n                \"ec2:DescribeSecurityGroups\",\n                \"ec2:RevokeSecurityGroupEgress\",\n                \"ec2:RevokeSecurityGroupIngress\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        },\n        {\n            \"Sid\": \"VisualEditor1\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"iam:CreatePolicy\",\n                \"iam:DeletePolicy\",\n                \"iam:GetPolicy\",\n                \"iam:GetPolicyVersion\",\n                \"iam:ListPolicyVersions\",\n                \"iam:PassRole\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        },\n        {\n            \"Sid\": \"VisualEditor2\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"rds:CreateDBInstance\",\n                \"rds:CreateDBParameterGroup\",\n                \"rds:CreateDBSubnetGroup\",\n                \"rds:DeleteDBInstance\",\n                \"rds:DeleteDBParameterGroup\",\n                \"rds:DeleteDBSubnetGroup\",\n                \"rds:DescribeDBInstances\",\n                \"rds:DescribeDBParameterGroups\",\n                \"rds:DescribeDBParameters\",\n                \"rds:DescribeDBSubnetGroups\",\n                \"rds:ListTagsForResource\",\n                \"rds:ModifyDBInstance\",\n                \"rds:ModifyDBParameterGroup\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        },\n        {\n            \"Sid\": \"VisualEditor3\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"secretsmanager:CreateSecret\",\n                \"secretsmanager:DeleteSecret\",\n                \"secretsmanager:DescribeSecret\",\n                \"secretsmanager:GetResourcePolicy\",\n                \"secretsmanager:GetSecretValue\",\n                \"secretsmanager:PutSecretValue\"\n            ],\n            \"Resource\": [\n                \"*\"\n            ]\n        }\n    ]\n})\n}\n\n\n```\n\u003c!-- END OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\n\n## Related Projects\n\nCheck out these related projects.\n\n- [terraform-aws-s3](https://github.com/jameswoolfenden/terraform-aws-s3) - S3 buckets\n\n## Help\n\n**Got a question?**\n\nFile a GitHub [issue](https://github.com/JamesWoolfenden/terraform-aws-rds/issues).\n\n## Contributing\n\n### Bug Reports \u0026 Feature Requests\n\nPlease use the [issue tracker](https://github.com/JamesWoolfenden/terraform-aws-rds/issues) to report any bugs or file feature requests.\n\n## Copyrights\n\nCopyright © 2019-2023 James Woolfenden\n\n## License\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nSee [LICENSE](LICENSE) for full details.\n\nLicensed to the Apache Software Foundation (ASF) under one\nor more contributor license agreements. See the NOTICE file\ndistributed with this work for additional information\nregarding copyright ownership. The ASF licenses this file\nto you under the Apache License, Version 2.0 (the\n\"License\"); you may not use this file except in compliance\nwith the License. You may obtain a copy of the License at\n\n\u003chttps://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing,\nsoftware distributed under the License is distributed on an\n\"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\nKIND, either express or implied. See the License for the\nspecific language governing permissions and limitations\nunder the License.\n\n### Contributors\n\n[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]\u003cbr/\u003e[James Woolfenden][jameswoolfenden_homepage]\n\n[jameswoolfenden_homepage]: https://github.com/jameswoolfenden\n[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-rds","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-rds","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-rds/lists"}