https://github.com/rhythmictech/terraform-aws-rds-mysql
Create a mysql RDS instance
https://github.com/rhythmictech/terraform-aws-rds-mysql
aws mysql rds terraform terraform-module terraform-modules
Last synced: about 1 year ago
JSON representation
Create a mysql RDS instance
- Host: GitHub
- URL: https://github.com/rhythmictech/terraform-aws-rds-mysql
- Owner: rhythmictech
- License: mit
- Created: 2019-06-24T19:44:15.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2024-04-10T18:43:23.000Z (about 2 years ago)
- Last Synced: 2025-04-04T07:11:16.225Z (about 1 year ago)
- Topics: aws, mysql, rds, terraform, terraform-module, terraform-modules
- Language: HCL
- Homepage: https://registry.terraform.io/modules/rhythmictech/rds-mysql/aws
- Size: 70.3 KB
- Stars: 2
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-aws-rds-mysql
[](https://github.com/rhythmictech/terraform-aws-rds-mysql/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-mysql/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-mysql/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-mysql/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-mysql/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)
Create and manage an RDS MySQL instance. Includes the ability to manage the master password in Secrets Manager and manage the security group that controls RDS access.
## Usage
```
module "rds-mysql" {
source = "rhythmictech/rds-mysql/aws"
subnet_group_name = "db_subnet_group"
vpc_id = "vpc-1234567890"
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.12.20 |
| [aws](#requirement\_aws) | >= 3.8 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.56.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [password](#module\_password) | rhythmictech/secretsmanager-random-secret/aws | ~>1.2.0 |
## Resources
| Name | Type |
|------|------|
| [aws_db_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
| [aws_db_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ipv4_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ipv6_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |
| [allowed\_ipv6\_cidr\_blocks](#input\_allowed\_ipv6\_cidr\_blocks) | IPv6 CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |
| [allowed\_security\_groups](#input\_allowed\_security\_groups) | IDs of security groups allowed to reach the database (not Names) | `list(string)` | `[]` | no |
| [backup\_retention\_period](#input\_backup\_retention\_period) | How long to keep RDS backups (in days) | `number` | `5` | no |
| [cloudwatch\_log\_exports](#input\_cloudwatch\_log\_exports) | Log types to export to CloudWatch | `list(string)` |
[
"audit",
"error",
"general",
"slowquery"
]
| no |
| [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | If `true`, RDS instance tags will be copied to snapshots | `bool` | `true` | no |
| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If `true`, deletion protection will be turned on for the RDS instance(s) | `bool` | `true` | no |
| [engine](#input\_engine) | Database Engine to use for RDS (mysql or mariadb are acceptable here) | `string` | `"mysql"` | no |
| [engine\_version](#input\_engine\_version) | Version of database engine to use | `string` | `"5.7"` | no |
| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | name of final snapshot (will be computed automatically if not specified) | `string` | `null` | no |
| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | Whether or not to enable IAM DB authentication | `bool` | `false` | no |
| [identifier\_prefix](#input\_identifier\_prefix) | DB identifier prefix (will be generated by AWS automatically if not specified) | `string` | `null` | no |
| [instance\_class](#input\_instance\_class) | What instance type to use | `string` | `"db.t3.small"` | no |
| [kms\_key\_id](#input\_kms\_key\_id) | If encrypting database with a KMS key, specify the id of the KMS key here. Note that storage\_encrypted will also need to be set to true. | `string` | `null` | no |
| [monitoring\_interval](#input\_monitoring\_interval) | Monitoring interval in seconds (`0` to disable enhanced monitoring) | `number` | `0` | no |
| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | Enhanced Monitoring ARN (blank to omit) | `string` | `null` | no |
| [multi\_az](#input\_multi\_az) | whether to make database multi-az | `bool` | `true` | no |
| [name](#input\_name) | common name for resources in this module | `string` | `"mysql-rds"` | no |
| [param\_group\_family\_name](#input\_param\_group\_family\_name) | Family name of DB parameter group. Valid family names can be queried using aws cli: aws rds describe-db-engine-versions --query 'DBEngineVersions[].DBParameterGroupFamily' | `string` | `null` | no |
| [parameter\_group\_name](#input\_parameter\_group\_name) | Name of parameter group. conflicts with parameters | `string` | `null` | no |
| [parameters](#input\_parameters) | Database parameters (will create parameter group if not null) | list(object({
apply_method = string
name = string
value = string
})) | [
{
"apply_method": "immediate",
"name": "character_set_database",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "character_set_connection",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "character_set_filesystem",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "character_set_results",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "character_set_server",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "character_set_client",
"value": "utf8"
},
{
"apply_method": "immediate",
"name": "collation_connection",
"value": "utf8_bin"
},
{
"apply_method": "immediate",
"name": "collation_server",
"value": "utf8_bin"
},
{
"apply_method": "immediate",
"name": "max_allowed_packet",
"value": "1073741824"
}
]
| no |
| [pass\_version](#input\_pass\_version) | Increment to force master user password change (not used if `password` is set) | `number` | `1` | no |
| [password](#input\_password) | Master password (if not set, one will be generated dynamically and exposed through a secret) | `string` | `null` | no |
| [password\_length](#input\_password\_length) | Master password length (not used if `password` is set) | `number` | `30` | no |
| [password\_override\_special\_characters](#input\_password\_override\_special\_characters) | Set of special characters to allow when creating the password. The default is suitable for generating MySQL passwords for RDS. NOTE: If you created your database on a module version before 3.3.0, you need to explicitly set this value to an empty string '' in order to keep your password from being regenerated. | `string` | `"#$%^*()-=_+[]{};<>?,."` | no |
| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | If true, performance insights will be enabled | `bool` | `false` | no |
| [port](#input\_port) | Port the database should listen on | `string` | `"3306"` | no |
| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If `true` no final snapshot will be taken on termination | `bool` | `false` | no |
| [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | `string` | `""` | no |
| [storage](#input\_storage) | How much storage is available to the database | `string` | `20` | no |
| [storage\_encrypted](#input\_storage\_encrypted) | Encrypt DB storage | `bool` | `true` | no |
| [storage\_type](#input\_storage\_type) | What storage backend to use (`gp2` or `standard`. io1 not supported) | `string` | `"gp2"` | no |
| [subnet\_group\_name](#input\_subnet\_group\_name) | name of DB subnet group to place DB in | `string` | n/a | yes |
| [tags](#input\_tags) | Tags to apply to supported resources | `map(string)` | `{}` | no |
| [username](#input\_username) | username of master user | `string` | `"mysql_user"` | no |
| [vpc\_id](#input\_vpc\_id) | ID of VPC resources will be created in | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [address](#output\_address) | RDS database address |
| [instance\_connection\_info](#output\_instance\_connection\_info) | Object containing connection info |
| [instance\_id](#output\_instance\_id) | Instance ID of RDS DB |
| [password\_secret\_arn](#output\_password\_secret\_arn) | Password secret ARN |
| [password\_secret\_version\_id](#output\_password\_secret\_version\_id) | Password secret version |
| [username](#output\_username) | Master username |