{"id":19508845,"url":"https://github.com/rhythmictech/terraform-aws-rds-postgres","last_synced_at":"2025-04-26T03:31:47.356Z","repository":{"id":51261014,"uuid":"220851489","full_name":"rhythmictech/terraform-aws-rds-postgres","owner":"rhythmictech","description":"Create a postgres RDS instance in AWS","archived":false,"fork":false,"pushed_at":"2023-11-08T21:50:13.000Z","size":79,"stargazers_count":4,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-04T07:11:15.863Z","etag":null,"topics":["aws","postgresql","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/rhythmictech/rds-postgres/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2019-11-10T21:07:51.000Z","updated_at":"2023-03-02T09:31:47.000Z","dependencies_parsed_at":"2022-08-30T23:12:05.711Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/terraform-aws-rds-postgres","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-rds-postgres","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-rds-postgres/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-rds-postgres/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-rds-postgres/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/terraform-aws-rds-postgres/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250926815,"owners_count":21509041,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","postgresql","terraform","terraform-module"],"created_at":"2024-11-10T23:10:06.203Z","updated_at":"2025-04-26T03:31:47.031Z","avatar_url":"https://github.com/rhythmictech.png","language":"HCL","readme":"# terraform-aws-rds-postgres\n[![tflint](https://github.com/rhythmictech/terraform-aws-rds-postgres/workflows/tflint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)\n[![tfsec](https://github.com/rhythmictech/terraform-aws-rds-postgres/workflows/tfsec/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)\n[![yamllint](https://github.com/rhythmictech/terraform-aws-rds-postgres/workflows/yamllint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)\n[![misspell](https://github.com/rhythmictech/terraform-aws-rds-postgres/workflows/misspell/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)\n[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-rds-postgres/workflows/pre-commit-check/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)\n\u003ca href=\"https://twitter.com/intent/follow?screen_name=RhythmicTech\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/RhythmicTech?style=social\u0026logo=twitter\" alt=\"follow on Twitter\"\u003e\u003c/a\u003e\n\nCreate and manage an RDS PostgreSQL instance. Includes the ability to manage the master password in Secrets Manager or SSM and manage the security group that controls RDS access.\n\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 0.12.19 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | \u003e= 2.2.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 4.56.0 |\n| \u003ca name=\"provider_random\"\u003e\u003c/a\u003e [random](#provider\\_random) | 3.4.3 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_password\"\u003e\u003c/a\u003e [password](#module\\_password) | rhythmictech/secretsmanager-random-secret/aws | ~\u003e1.2.0 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_db_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |\n| [aws_db_instance.this_ignore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |\n| [aws_db_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.allow_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.allow_ipv4_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.allow_ipv6_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_ssm_parameter.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |\n| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |\n| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_allowed_cidr_blocks\"\u003e\u003c/a\u003e [allowed\\_cidr\\_blocks](#input\\_allowed\\_cidr\\_blocks) | CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |\n| \u003ca name=\"input_allowed_ipv6_cidr_blocks\"\u003e\u003c/a\u003e [allowed\\_ipv6\\_cidr\\_blocks](#input\\_allowed\\_ipv6\\_cidr\\_blocks) | IPv6 CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |\n| \u003ca name=\"input_allowed_security_groups\"\u003e\u003c/a\u003e [allowed\\_security\\_groups](#input\\_allowed\\_security\\_groups) | IDs of security groups allowed to reach the database (not Names) | `list(string)` | `[]` | no |\n| \u003ca name=\"input_backup_retention_period\"\u003e\u003c/a\u003e [backup\\_retention\\_period](#input\\_backup\\_retention\\_period) | How long to keep RDS backups (in days) | `string` | `5` | no |\n| \u003ca name=\"input_cloudwatch_log_exports\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_exports](#input\\_cloudwatch\\_log\\_exports) | Log types to export to CloudWatch | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"postgresql\",\u003cbr\u003e  \"upgrade\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_create_secretmanager_secret\"\u003e\u003c/a\u003e [create\\_secretmanager\\_secret](#input\\_create\\_secretmanager\\_secret) | True to create a secretmanager secret containing DB password (not used if `password` is set) | `bool` | `true` | no |\n| \u003ca name=\"input_create_ssm_secret\"\u003e\u003c/a\u003e [create\\_ssm\\_secret](#input\\_create\\_ssm\\_secret) | True to create a SSM Parameter SecretString containing DB password (not used if `password` is set) | `bool` | `false` | no |\n| \u003ca name=\"input_database_name\"\u003e\u003c/a\u003e [database\\_name](#input\\_database\\_name) | Name of the initial database to create. (null for none) | `string` | `null` | no |\n| \u003ca name=\"input_enable_deletion_protection\"\u003e\u003c/a\u003e [enable\\_deletion\\_protection](#input\\_enable\\_deletion\\_protection) | If `true`, deletion protection will be turned on for the RDS instance(s) | `bool` | `true` | no |\n| \u003ca name=\"input_engine_version\"\u003e\u003c/a\u003e [engine\\_version](#input\\_engine\\_version) | Version of database engine to use | `string` | `\"11.5\"` | no |\n| \u003ca name=\"input_final_snapshot_identifier\"\u003e\u003c/a\u003e [final\\_snapshot\\_identifier](#input\\_final\\_snapshot\\_identifier) | name of final snapshot (will be computed automatically if not specified) | `string` | `null` | no |\n| \u003ca name=\"input_iam_database_authentication_enabled\"\u003e\u003c/a\u003e [iam\\_database\\_authentication\\_enabled](#input\\_iam\\_database\\_authentication\\_enabled) | True to enable IAM DB authentication | `bool` | `false` | no |\n| \u003ca name=\"input_identifier\"\u003e\u003c/a\u003e [identifier](#input\\_identifier) | DB identifier (not recommended, only used if `identifier_prefix` is not null) | `string` | `null` | no |\n| \u003ca name=\"input_identifier_prefix\"\u003e\u003c/a\u003e [identifier\\_prefix](#input\\_identifier\\_prefix) | DB identifier prefix (will be generated by AWS automatically if not specified) | `string` | `null` | no |\n| \u003ca name=\"input_ignore_engine_version_and_password_changes\"\u003e\u003c/a\u003e [ignore\\_engine\\_version\\_and\\_password\\_changes](#input\\_ignore\\_engine\\_version\\_and\\_password\\_changes) | Ignore changes to the `var.engine_version` and the db `password` that might be caused by automatic upgrades | `bool` | `true` | no |\n| \u003ca name=\"input_instance_class\"\u003e\u003c/a\u003e [instance\\_class](#input\\_instance\\_class) | What instance type to use | `string` | n/a | yes |\n| \u003ca name=\"input_monitoring_interval\"\u003e\u003c/a\u003e [monitoring\\_interval](#input\\_monitoring\\_interval) | Monitoring interval in seconds (`0` to disable enhanced monitoring) | `number` | `0` | no |\n| \u003ca name=\"input_monitoring_role_arn\"\u003e\u003c/a\u003e [monitoring\\_role\\_arn](#input\\_monitoring\\_role\\_arn) | Enhanced Monitoring ARN (if `monitoring_interval \u003e 0` and this is omitted, a role will be created automatically) | `string` | `null` | no |\n| \u003ca name=\"input_multi_az\"\u003e\u003c/a\u003e [multi\\_az](#input\\_multi\\_az) | whether to make database multi-az | `bool` | `true` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | common name for resources in this module | `string` | `\"mysql-postgres\"` | no |\n| \u003ca name=\"input_parameter_group_family\"\u003e\u003c/a\u003e [parameter\\_group\\_family](#input\\_parameter\\_group\\_family) | Parameter Group Family. Need to make explicit for Postgres 9.x | `string` | `\"\"` | no |\n| \u003ca name=\"input_parameters\"\u003e\u003c/a\u003e [parameters](#input\\_parameters) | Database parameters (will create parameter group if not null) | \u003cpre\u003elist(object({\u003cbr\u003e    apply_method = string\u003cbr\u003e    name         = string\u003cbr\u003e    value        = string\u003cbr\u003e  }))\u003c/pre\u003e | \u003cpre\u003e[\u003cbr\u003e  {\u003cbr\u003e    \"apply_method\": \"immediate\",\u003cbr\u003e    \"name\": \"client_encoding\",\u003cbr\u003e    \"value\": \"UTF8\"\u003cbr\u003e  }\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_pass_version\"\u003e\u003c/a\u003e [pass\\_version](#input\\_pass\\_version) | Increment to force master user password change (not used if `password` is set) | `number` | `1` | no |\n| \u003ca name=\"input_password\"\u003e\u003c/a\u003e [password](#input\\_password) | Master password (if not set, one will be generated dynamically) | `string` | `null` | no |\n| \u003ca name=\"input_password_length\"\u003e\u003c/a\u003e [password\\_length](#input\\_password\\_length) | Master password length (not used if `password` is set) | `number` | `30` | no |\n| \u003ca name=\"input_performance_insights_enabled\"\u003e\u003c/a\u003e [performance\\_insights\\_enabled](#input\\_performance\\_insights\\_enabled) | If true, performance insights will be enabled | `bool` | `false` | no |\n| \u003ca name=\"input_port\"\u003e\u003c/a\u003e [port](#input\\_port) | Port the database should listen on | `number` | `5432` | no |\n| \u003ca name=\"input_skip_final_snapshot\"\u003e\u003c/a\u003e [skip\\_final\\_snapshot](#input\\_skip\\_final\\_snapshot) | If true no final snapshot will be taken on termination | `bool` | `false` | no |\n| \u003ca name=\"input_ssm_path\"\u003e\u003c/a\u003e [ssm\\_path](#input\\_ssm\\_path) | Custom path for SSM parameter, only takes effect if `create_ssm_secret` is true. | `string` | `\"\"` | no |\n| \u003ca name=\"input_storage\"\u003e\u003c/a\u003e [storage](#input\\_storage) | How much storage is available to the database | `string` | `20` | no |\n| \u003ca name=\"input_storage_encrypted\"\u003e\u003c/a\u003e [storage\\_encrypted](#input\\_storage\\_encrypted) | Encrypt DB storage | `bool` | `true` | no |\n| \u003ca name=\"input_storage_type\"\u003e\u003c/a\u003e [storage\\_type](#input\\_storage\\_type) | What storage backend to use (`gp2` or `standard`. io1 not supported) | `string` | `\"gp2\"` | no |\n| \u003ca name=\"input_subnet_group_name\"\u003e\u003c/a\u003e [subnet\\_group\\_name](#input\\_subnet\\_group\\_name) | name of DB subnet group to place DB in | `string` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags to apply to supported resources | `map(string)` | `{}` | no |\n| \u003ca name=\"input_username\"\u003e\u003c/a\u003e [username](#input\\_username) | Username of master user | `string` | `\"postgres\"` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | ID of VPC resources will be created in | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_address\"\u003e\u003c/a\u003e [address](#output\\_address) | RDS database address |\n| \u003ca name=\"output_instance_connection_info\"\u003e\u003c/a\u003e [instance\\_connection\\_info](#output\\_instance\\_connection\\_info) | Object containing connection info |\n| \u003ca name=\"output_instance_id\"\u003e\u003c/a\u003e [instance\\_id](#output\\_instance\\_id) | Instance ID of RDS DB |\n| \u003ca name=\"output_password_secretsmanager_arn\"\u003e\u003c/a\u003e [password\\_secretsmanager\\_arn](#output\\_password\\_secretsmanager\\_arn) | The ARN of the SecretManager Secret. |\n| \u003ca name=\"output_password_secretsmanager_version\"\u003e\u003c/a\u003e [password\\_secretsmanager\\_version](#output\\_password\\_secretsmanager\\_version) | The unique identifier of the version of the secret. |\n| \u003ca name=\"output_password_ssm_parameter_arn\"\u003e\u003c/a\u003e [password\\_ssm\\_parameter\\_arn](#output\\_password\\_ssm\\_parameter\\_arn) | The ARN of the SecretManager Secret. |\n| \u003ca name=\"output_password_ssm_parameter_name\"\u003e\u003c/a\u003e [password\\_ssm\\_parameter\\_name](#output\\_password\\_ssm\\_parameter\\_name) | The name of the parameter. |\n| \u003ca name=\"output_password_ssm_parameter_version\"\u003e\u003c/a\u003e [password\\_ssm\\_parameter\\_version](#output\\_password\\_ssm\\_parameter\\_version) | The unique identifier of the version of the secret. |\n| \u003ca name=\"output_username\"\u003e\u003c/a\u003e [username](#output\\_username) | The master username for the database. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-rds-postgres","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fterraform-aws-rds-postgres","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-rds-postgres/lists"}