https://github.com/paybilldev/terraform-aws-postgresql
Automates PostgreSQL setup and user management
https://github.com/paybilldev/terraform-aws-postgresql
aws postgresql terraform
Last synced: 5 months ago
JSON representation
Automates PostgreSQL setup and user management
- Host: GitHub
- URL: https://github.com/paybilldev/terraform-aws-postgresql
- Owner: paybilldev
- License: other
- Created: 2025-12-31T12:17:36.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2026-01-10T19:40:56.000Z (5 months ago)
- Last Synced: 2026-01-11T05:50:01.667Z (5 months ago)
- Topics: aws, postgresql, terraform
- Language: HCL
- Homepage: https://paybill.dev/docs/platform/terraform/aws/postgresql
- Size: 39.1 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform Module: Postgres
This Terraform module automates PostgreSQL setup and user management. In simple terms, it allows you to:
### **1. Create PostgreSQL Databases**
* Provisions multiple databases based on `postgresql_database` input.
* Supports configuration like template, collation, connection limits, etc.
### **2. Manage Database Schemas**
* Creates schemas in PostgreSQL using `postgresql_schema`.
* Optional policies can be applied for schema usage and access control.
### **3. Set Default Privileges**
* Configures default privileges for roles on specific objects inside a database.
### **4. Create PostgreSQL Users + Generate Passwords**
* Optionally generates random passwords for users using `random_password`.
* Creates roles/users with login access.
### **5. Store Credentials Securely in AWS SSM Parameter Store**
* Generated usernames & passwords are saved as SecureString parameters for safe retrieval.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [postgresql](#requirement\_postgresql) | ~> 1.21 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |
| [null](#provider\_null) | n/a |
| [postgresql](#provider\_postgresql) | ~> 1.21 |
| [random](#provider\_random) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_ssm_parameter.pg_user_parameters](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [aws_ssm_parameter.pg_user_password_parameters](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [null_resource.trigger_password_generation](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [postgresql_database.pg_db](https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/database) | resource |
| [postgresql_default_privileges.default_privileges](https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/default_privileges) | resource |
| [postgresql_role.pg_users](https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/role) | resource |
| [postgresql_schema.pg_schema](https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/schema) | resource |
| [random_password.pg_user_passwords](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [connect\_timeout](#input\_connect\_timeout) | connection timeout of the database | `number` | `15` | no |
| [database](#input\_database) | Name of the database | `string` | `"postgres"` | no |
| [host](#input\_host) | Database host | `string` | `""` | no |
| [parameter\_name\_prefix](#input\_parameter\_name\_prefix) | Prefix for the SSM parameter name | `string` | `""` | no |
| [password](#input\_password) | Database password | `string` | `""` | no |
| [pg\_users](#input\_pg\_users) | n/a |
list(object({
name = string
login = bool
})) | `[]` | no |
| [port](#input\_port) | Database port | `number` | `5432` | no |
| [postgresql\_database](#input\_postgresql\_database) | configuration block for postgresql database | map(object({
db_name = string
//db_owner = string
template = optional(string, null)
lc_collate = optional(string, null)
connection_limit = optional(string, null)
allow_connections = optional(string, null)
})) | `{}` | no |
| [postgresql\_default\_privileges](#input\_postgresql\_default\_privileges) | configuration block for postgresql default privileges | map(object({
role = string
database = string
schema = string
owner = string
object_type = string
privileges = list(string)
})) | `{}` | no |
| [postgresql\_schema](#input\_postgresql\_schema) | configuration block for postgresql schema | map(object({
schema_name = string
schema_owner = optional(string, null)
database = optional(string, null)
if_not_exists = optional(string, null)
drop_cascade = optional(string, null)
policy = optional(list(object({
usage = optional(string, null)
role = optional(string, null)
})), [])
})) | `{}` | no |
| [sslmode](#input\_sslmode) | sslmode of the database | `string` | `"require"` | no |
| [superuser](#input\_superuser) | Defines whether the role is a superuser, and therefore can override all access restrictions within the database | `string` | `false` | no |
| [username](#input\_username) | User name of the database | `string` | `"is_root"` | no |
## Outputs
No outputs.