https://github.com/rhythmictech/terraform-aws-rds-postgres
Create a postgres RDS instance in AWS
https://github.com/rhythmictech/terraform-aws-rds-postgres
aws postgresql terraform terraform-module
Last synced: 10 months ago
JSON representation
Create a postgres RDS instance in AWS
- Host: GitHub
- URL: https://github.com/rhythmictech/terraform-aws-rds-postgres
- Owner: rhythmictech
- License: mit
- Created: 2019-11-10T21:07:51.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-11-08T21:50:13.000Z (over 2 years ago)
- Last Synced: 2025-04-04T07:11:15.863Z (10 months ago)
- Topics: aws, postgresql, terraform, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/rhythmictech/rds-postgres/aws
- Size: 77.1 KB
- Stars: 4
- Watchers: 3
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-aws-rds-postgres
[](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)
[](https://github.com/rhythmictech/terraform-aws-rds-postgres/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)
Create and manage an RDS PostgreSQL instance. Includes the ability to manage the master password in Secrets Manager or SSM and manage the security group that controls RDS access.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.12.19 |
| [aws](#requirement\_aws) | >= 5 |
| [random](#requirement\_random) | >= 2.2.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.56.0 |
| [random](#provider\_random) | 3.4.3 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [password](#module\_password) | rhythmictech/secretsmanager-random-secret/aws | ~>1.2.0 |
## Resources
| Name | Type |
|------|------|
| [aws_db_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
| [aws_db_instance.this_ignore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
| [aws_db_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |
| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ipv4_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ipv6_cidrs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_ssm_parameter.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |
| [allowed\_ipv6\_cidr\_blocks](#input\_allowed\_ipv6\_cidr\_blocks) | IPv6 CIDR blocks allowed to reach the database | `list(string)` | `[]` | no |
| [allowed\_security\_groups](#input\_allowed\_security\_groups) | IDs of security groups allowed to reach the database (not Names) | `list(string)` | `[]` | no |
| [backup\_retention\_period](#input\_backup\_retention\_period) | How long to keep RDS backups (in days) | `string` | `5` | no |
| [cloudwatch\_log\_exports](#input\_cloudwatch\_log\_exports) | Log types to export to CloudWatch | `list(string)` |
[
"postgresql",
"upgrade"
]
| no |
| [create\_secretmanager\_secret](#input\_create\_secretmanager\_secret) | True to create a secretmanager secret containing DB password (not used if `password` is set) | `bool` | `true` | no |
| [create\_ssm\_secret](#input\_create\_ssm\_secret) | True to create a SSM Parameter SecretString containing DB password (not used if `password` is set) | `bool` | `false` | no |
| [database\_name](#input\_database\_name) | Name of the initial database to create. (null for none) | `string` | `null` | no |
| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If `true`, deletion protection will be turned on for the RDS instance(s) | `bool` | `true` | no |
| [engine\_version](#input\_engine\_version) | Version of database engine to use | `string` | `"11.5"` | no |
| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | name of final snapshot (will be computed automatically if not specified) | `string` | `null` | no |
| [iam\_database\_authentication\_enabled](#input\_iam\_database\_authentication\_enabled) | True to enable IAM DB authentication | `bool` | `false` | no |
| [identifier](#input\_identifier) | DB identifier (not recommended, only used if `identifier_prefix` is not null) | `string` | `null` | no |
| [identifier\_prefix](#input\_identifier\_prefix) | DB identifier prefix (will be generated by AWS automatically if not specified) | `string` | `null` | no |
| [ignore\_engine\_version\_and\_password\_changes](#input\_ignore\_engine\_version\_and\_password\_changes) | Ignore changes to the `var.engine_version` and the db `password` that might be caused by automatic upgrades | `bool` | `true` | no |
| [instance\_class](#input\_instance\_class) | What instance type to use | `string` | n/a | yes |
| [monitoring\_interval](#input\_monitoring\_interval) | Monitoring interval in seconds (`0` to disable enhanced monitoring) | `number` | `0` | no |
| [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | Enhanced Monitoring ARN (if `monitoring_interval > 0` and this is omitted, a role will be created automatically) | `string` | `null` | no |
| [multi\_az](#input\_multi\_az) | whether to make database multi-az | `bool` | `true` | no |
| [name](#input\_name) | common name for resources in this module | `string` | `"mysql-postgres"` | no |
| [parameter\_group\_family](#input\_parameter\_group\_family) | Parameter Group Family. Need to make explicit for Postgres 9.x | `string` | `""` | no |
| [parameters](#input\_parameters) | Database parameters (will create parameter group if not null) | list(object({
apply_method = string
name = string
value = string
})) | [
{
"apply_method": "immediate",
"name": "client_encoding",
"value": "UTF8"
}
]
| no |
| [pass\_version](#input\_pass\_version) | Increment to force master user password change (not used if `password` is set) | `number` | `1` | no |
| [password](#input\_password) | Master password (if not set, one will be generated dynamically) | `string` | `null` | no |
| [password\_length](#input\_password\_length) | Master password length (not used if `password` is set) | `number` | `30` | no |
| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | If true, performance insights will be enabled | `bool` | `false` | no |
| [port](#input\_port) | Port the database should listen on | `number` | `5432` | no |
| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | If true no final snapshot will be taken on termination | `bool` | `false` | no |
| [ssm\_path](#input\_ssm\_path) | Custom path for SSM parameter, only takes effect if `create_ssm_secret` is true. | `string` | `""` | no |
| [storage](#input\_storage) | How much storage is available to the database | `string` | `20` | no |
| [storage\_encrypted](#input\_storage\_encrypted) | Encrypt DB storage | `bool` | `true` | no |
| [storage\_type](#input\_storage\_type) | What storage backend to use (`gp2` or `standard`. io1 not supported) | `string` | `"gp2"` | no |
| [subnet\_group\_name](#input\_subnet\_group\_name) | name of DB subnet group to place DB in | `string` | n/a | yes |
| [tags](#input\_tags) | Tags to apply to supported resources | `map(string)` | `{}` | no |
| [username](#input\_username) | Username of master user | `string` | `"postgres"` | no |
| [vpc\_id](#input\_vpc\_id) | ID of VPC resources will be created in | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [address](#output\_address) | RDS database address |
| [instance\_connection\_info](#output\_instance\_connection\_info) | Object containing connection info |
| [instance\_id](#output\_instance\_id) | Instance ID of RDS DB |
| [password\_secretsmanager\_arn](#output\_password\_secretsmanager\_arn) | The ARN of the SecretManager Secret. |
| [password\_secretsmanager\_version](#output\_password\_secretsmanager\_version) | The unique identifier of the version of the secret. |
| [password\_ssm\_parameter\_arn](#output\_password\_ssm\_parameter\_arn) | The ARN of the SecretManager Secret. |
| [password\_ssm\_parameter\_name](#output\_password\_ssm\_parameter\_name) | The name of the parameter. |
| [password\_ssm\_parameter\_version](#output\_password\_ssm\_parameter\_version) | The unique identifier of the version of the secret. |
| [username](#output\_username) | The master username for the database. |