https://github.com/opszero/terraform-aws-documentdb

https://github.com/opszero/terraform-aws-documentdb

Last synced: 9 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/opszero/terraform-aws-documentdb
• Owner: opszero
• License: other
• Created: 2024-06-13T04:44:50.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-11-24T19:29:37.000Z (2 months ago)
• Last Synced: 2025-11-28T07:33:23.724Z (2 months ago)
• Language: HCL
• Size: 88.9 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Support: SUPPORT

Awesome Lists containing this project

README

          
# Terraform-aws-documentdb

# Terraform AWS Cloud DocumentDB Module

## Table of Contents

- [Introduction](#introduction)

- [Usage](#usage)

- [Examples](#Examples)

- [Author](#Author)

- [License](#license)

- [Inputs](#inputs)

- [Outputs](#outputs)

## Introduction

This Terraform module creates an AWS documentdb along with additional configuration options.

## Usage

To use this module, you can include it in your Terraform configuration. Here's an example of how to use it:

## Examples

## Example: documentdb-secured

```hcl

module "documentdb-secured" {

  source            = "git::https://github.com/opszero/terraform-aws-documentdb.git.git?ref=v1.0.1"

  name              = "documentdb"

  vpc_id            = module.vpc.vpc_id

  ssh_allowed_ip    = ["0.0.0.0/0"]

  ssh_allowed_ports = [27017]

  subnet_list             = module.subnet.public_subnet_id

  skip_final_snapshot     = var.skip_final_snapshot

  storage_encrypted       = var.storage_encrypted

  instance_class          = var.instance_class

  cluster_family          = "docdb5.0"

  cluster_size            = var.cluster_size

  deletion_protection     = true

  preferred_backup_window = "07:00-07:30"

  ca_cert_identifier      = "rds-ca-rsa2048-g1"

  parameters = [

    {

      apply_method = "immediate"

      name         = "tls"

      value        = "enabled"

    }

  ]

}

```

## Example: documentdb-simple

```hcl

module "documentdb-simple" {

  source            = "git::https://github.com/opszero/terraform-aws-documentdb.git.git?ref=v1.0.1"

  name              = "dev"

  vpc_id            = module.vpc.vpc_id

  ssh_allowed_ip    = ["0.0.0.0/0"]

  ssh_allowed_ports = [27017]

  subnet_list         = module.subnet.public_subnet_id

  master_username     = "test"

  master_password     = var.master_password

  instance_class      = var.instance_class

  cluster_size        = var.cluster_size

  deletion_protection = false

}

```

## Examples

For detailed examples on how to use this module, please refer to the [Examples](https://github.com/opszero/terraform-aws-documentdb/tree/main/examples) directory within this repository.

## Author

Your Name Replace **MIT** and **opsZero** with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

## License

This project is licensed under the **MIT** License - see the [LICENSE](https://github.com/opszero/terraform-aws-documentdb/blob/main/LICENSE) file for details.

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 6.14.0 |

|  [random](#provider\_random) | >= 3.7.2 |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [allowed\_ip](#input\_allowed\_ip) | List of allowed ip. | `list(any)` | 
[
  "0.0.0.0/0"
]
 | no |

|  [allowed\_ports](#input\_allowed\_ports) | List of allowed ingress ports | `list(any)` | 
[
  80,
  443
]
 | no |

|  [apply\_immediately](#input\_apply\_immediately) | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. | `bool` | `true` | no |

|  [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | The identifier of the certificate authority (CA) certificate for the DB instance. | `string` | `null` | no |

|  [cluster\_family](#input\_cluster\_family) | The family of the DocumentDB cluster parameter group. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-parameter-group-create.html . | `string` | `"docdb5.0"` | no |

|  [cluster\_size](#input\_cluster\_size) | Number of DB instances to create in the cluster | `string` | `"2"` | no |

|  [deletion\_protection](#input\_deletion\_protection) | (optional) describe your variable | `bool` | `null` | no |

|  [egress\_ipv4\_cidr\_block](#input\_egress\_ipv4\_cidr\_block) | List of CIDR blocks. Cannot be specified with source\_security\_group\_id or self. | `list(string)` | 
[
  "0.0.0.0/0"
]
 | no |

|  [egress\_ipv4\_from\_port](#input\_egress\_ipv4\_from\_port) | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no |

|  [egress\_ipv4\_protocol](#input\_egress\_ipv4\_protocol) | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | `string` | `"-1"` | no |

|  [egress\_ipv4\_to\_port](#input\_egress\_ipv4\_to\_port) | Egress end port (or ICMP code if protocol is icmp). | `number` | `65535` | no |

|  [egress\_ipv6\_cidr\_block](#input\_egress\_ipv6\_cidr\_block) | List of CIDR blocks. Cannot be specified with source\_security\_group\_id or self. | `list(string)` | 
[
  "::/0"
]
 | no |

|  [egress\_ipv6\_from\_port](#input\_egress\_ipv6\_from\_port) | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no |

|  [egress\_ipv6\_protocol](#input\_egress\_ipv6\_protocol) | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | `string` | `"-1"` | no |

|  [egress\_ipv6\_to\_port](#input\_egress\_ipv6\_to\_port) | Egress end port (or ICMP code if protocol is icmp). | `number` | `65535` | no |

|  [egress\_rule](#input\_egress\_rule) | Enable to create egress rule | `bool` | `true` | no |

|  [enable\_security\_group](#input\_enable\_security\_group) | Enable default Security Group with only Egress traffic allowed. | `bool` | `true` | no |

|  [enabled\_cloudwatch\_logs\_exports](#input\_enabled\_cloudwatch\_logs\_exports) | List of log types to export to cloudwatch. The following log types are supported: audit, error, general, slowquery. | `list(string)` | 
[
  "audit",
  "profiler"
]
 | no |

|  [engine](#input\_engine) | The name of the database engine to be used for this DB cluster. Defaults to `docdb`. Valid values: `docdb`. | `string` | `"docdb"` | no |

|  [engine\_version](#input\_engine\_version) | The version number of the database engine to use. | `string` | `""` | no |

|  [instance\_class](#input\_instance\_class) | The instance class to use. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs . | `string` | `"db.t3.medium"` | no |

|  [is\_external](#input\_is\_external) | enable to udated existing security Group | `bool` | `false` | no |

|  [master\_password](#input\_master\_password) | (Required unless a snapshot\_identifier is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. | `string` | `""` | no |

|  [master\_username](#input\_master\_username) | (Required unless a snapshot\_identifier is provided) Username for the master DB user. | `string` | `"root"` | no |

|  [name](#input\_name) | Name of the database. | `string` | n/a | yes |

|  [parameters](#input\_parameters) | A list of DocumentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources. | 
list(object({
    apply_method = optional(string)
    name         = string
    value        = string
  }))
 | `[]` | no |

|  [preferred\_backup\_window](#input\_preferred\_backup\_window) | Daily time range during which the backups happen. | `string` | `"07:00-09:00"` | no |

|  [protocol](#input\_protocol) | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no |

|  [retention\_period](#input\_retention\_period) | Number of days to retain backups for. | `string` | `"7"` | no |

|  [sg\_description](#input\_sg\_description) | The security group description. | `string` | `"Instance default security group (only egress access is allowed)."` | no |

|  [sg\_egress\_description](#input\_sg\_egress\_description) | Description of the egress and ingress rule | `string` | `"Description of the rule."` | no |

|  [sg\_egress\_ipv6\_description](#input\_sg\_egress\_ipv6\_description) | Description of the egress\_ipv6 rule | `string` | `"Description of the rule."` | no |

|  [sg\_ids](#input\_sg\_ids) | of the security group id. | `list(any)` | `[]` | no |

|  [sg\_ingress\_description](#input\_sg\_ingress\_description) | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no |

|  [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final DB snapshot is created before the DB cluster is deleted. | `bool` | `false` | no |

|  [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot. | `string` | `""` | no |

|  [ssh\_allowed\_ip](#input\_ssh\_allowed\_ip) | List of allowed ip. | `list(any)` | `[]` | no |

|  [ssh\_allowed\_ports](#input\_ssh\_allowed\_ports) | List of allowed ingress ports | `list(any)` | `[]` | no |

|  [ssh\_protocol](#input\_ssh\_protocol) | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no |

|  [ssh\_sg\_ingress\_description](#input\_ssh\_sg\_ingress\_description) | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no |

|  [storage\_encrypted](#input\_storage\_encrypted) | Specifies whether the DB cluster is encrypted. | `bool` | `true` | no |

|  [subnet\_list](#input\_subnet\_list) | List of subnet IDs database instances should deploy into. | `list(string)` | 
[
  ""
]
 | no |

|  [tags](#input\_tags) | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(string)` | `{}` | no |

|  [vpc\_id](#input\_vpc\_id) | The ID of the VPC that the instance security group belongs to. | `string` | `""` | no |

## Resources


| Name | Type |

|------|------|

| [aws_docdb_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster) | resource |

| [aws_docdb_cluster_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_instance) | resource |

| [aws_docdb_cluster_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster_parameter_group) | resource |

| [aws_docdb_subnet_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_subnet_group) | resource |

| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group_rule.egress_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.egress_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.ssh_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |

## Outputs

| Name | Description |

|------|-------------|

|  [arn](#output\_arn) | Amazon Resource Name (ARN) of the cluster. |

|  [cluster\_name](#output\_cluster\_name) | Cluster Identifier. |

|  [master\_password](#output\_master\_password) | password for the master DB user. |

|  [master\_username](#output\_master\_username) | Username for the master DB user. |

|  [reader\_endpoint](#output\_reader\_endpoint) | A read-only endpoint of the DocumentDB cluster, automatically load-balanced across replicas. |

|  [writer\_endpoint](#output\_writer\_endpoint) | Endpoint of the DocumentDB cluster. |

# 🚀 Built by opsZero!



[opsZero](https://opszero.com) provides software and consulting for Cloud + AI. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.

Our software and consulting solutions enable organizations to:

- migrate workloads to the Cloud

- setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.

- FinOps solutions to reduce the cost of running Cloud workloads

- Kubernetes optimized for web scale and AI workloads

- finding underutilized Cloud resources

- setting up custom AI training and delivery

- building data integrations and scrapers

- modernizing onto modern ARM based processors

We do this with a high-touch support model where you:

- Get access to us on Slack, Microsoft Teams or Email

- Get 24/7 coverage of your infrastructure

- Get an accelerated migration to Kubernetes

Please [schedule a call](https://calendly.com/opszero-llc/discovery) if you need support.