https://github.com/sourcefuse/terraform-aws-arc-redshift
Provisions Amazon Redshift infrastructure including provisioned clusters and Redshift Serverless workgroups and namespaces. Supports parameter groups, subnet groups, encryption, and snapshot management.
https://github.com/sourcefuse/terraform-aws-arc-redshift
Last synced: 9 days ago
JSON representation
Provisions Amazon Redshift infrastructure including provisioned clusters and Redshift Serverless workgroups and namespaces. Supports parameter groups, subnet groups, encryption, and snapshot management.
- Host: GitHub
- URL: https://github.com/sourcefuse/terraform-aws-arc-redshift
- Owner: sourcefuse
- License: apache-2.0
- Created: 2025-06-17T05:09:17.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2026-06-03T11:19:06.000Z (11 days ago)
- Last Synced: 2026-06-03T13:12:32.768Z (11 days ago)
- Language: HCL
- Homepage:
- Size: 809 KB
- Stars: 0
- Watchers: 0
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# [terraform-aws-arc-redshift](https://github.com/sourcefuse/terraform-aws-arc-redshift)
> **Module:** `sourcefuse/arc-redshift/aws`
> **Registry:** [https://registry.terraform.io/modules/sourcefuse/arc-redshift/aws](https://registry.terraform.io/modules/sourcefuse/arc-redshift/aws)
> **Category:** Analytics / Data Warehouse
> **Source:** [https://github.com/sourcefuse/terraform-aws-arc-redshift](https://github.com/sourcefuse/terraform-aws-arc-redshift)
[](https://github.com/sourcefuse/terraform-aws-arc-redshift/releases/latest)
[](https://github.com/sourcefuse/terraform-aws-arc-redshift/commits)
[](https://sonarcloud.io/summary/new_code?id=sourcefuse_terraform-aws-arc-redshift)
## Overview
Creates Amazon Redshift clusters or Redshift Serverless workgroups with VPC, encryption, parameter groups, and snapshot management.
## Architecture
## What It Does
- Redshift provisioned cluster or Serverless workgroup
- VPC and security group configuration
- KMS encryption at rest
- Parameter groups for cluster tuning
- Automated snapshots and cross-region copy
- IAM roles for S3 and Glue integration
- Enhanced VPC routing
For more information about this repository and its usage, please see [Terraform AWS Redshift Module Usage Guide](https://github.com/sourcefuse/terraform-aws-arc-redshift/blob/main/docs/module-usage-guide/README.md).
## Quickstart
```hcl
module "redshift" {
source = "sourcefuse/arc-redshift/aws"
version = "0.0.1"
namespace = var.namespace
environment = var.environment
name = var.name
# Network configuration - using the subnets we created
vpc_id = data.aws_vpc.vpc.id
subnet_ids = data.aws_subnets.private.ids
# Cluster configuration
database_name = var.database_name
master_username = var.master_username
manage_user_password = var.manage_user_password
security_group_data = var.security_group_data
security_group_name = var.security_group_name
node_type = var.node_type
number_of_nodes = var.node_count
cluster_type = var.node_count > 1 ? "multi-node" : "single-node"
# Other configuration
skip_final_snapshot = true
publicly_accessible = false
encrypted = true
tags = module.tags.tags
}
```
## Required Inputs
| Name | Type | Description |
|------|------|-------------|
| `namespace` | `string` | Namespace prefix |
| `environment` | `string` | Deployment environment |
| `vpc_id` | `string` | VPC ID |
| `subnet_ids` | `list(string)` | Subnet IDs |
| `database_name` | `string` | Initial database name |
| `master_username` | `string` | Master username |
## Key Outputs
| Name | Description |
|------|-------------|
| `cluster_endpoint` | Redshift cluster endpoint |
| `cluster_id` | Redshift cluster identifier |
## Full Variable & Output Reference
The complete inputs/outputs reference is auto-generated below.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5.0 |
| [terraform](#requirement\_terraform) | >= 1.5.0 |
| [aws](#requirement\_aws) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.1 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.67.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [redshift\_cluster](#module\_redshift\_cluster) | ./modules/redshift-cluster | n/a |
| [redshift\_serverless](#module\_redshift\_serverless) | ./modules/redshift-serverless | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids) | Additional security group IDs to be added to the Redshift Serverless workgroup. | `list(string)` | `[]` | no |
| [admin\_password](#input\_admin\_password) | n/a | `string` | `null` | no |
| [admin\_username](#input\_admin\_username) | Admin username for the Redshift Serverless namespace. | `string` | `"admin"` | no |
| [allow\_version\_upgrade](#input\_allow\_version\_upgrade) | If true, major version upgrades can be applied during maintenance windows | `bool` | `true` | no |
| [automated\_snapshot\_retention\_period](#input\_automated\_snapshot\_retention\_period) | The number of days that automated snapshots are retained | `number` | `7` | no |
| [base\_capacity](#input\_base\_capacity) | The base data warehouse capacity in Redshift Processing Units (RPUs) | `number` | `32` | no |
| [cluster\_identifier](#input\_cluster\_identifier) | The Cluster Identifier | `string` | `null` | no |
| [cluster\_parameter\_group\_name](#input\_cluster\_parameter\_group\_name) | The name of the parameter group to be associated with this cluster | `string` | `null` | no |
| [cluster\_subnet\_group\_name](#input\_cluster\_subnet\_group\_name) | The name of a cluster subnet group to be associated with this cluster. If not specified, a new subnet group will be created | `string` | `null` | no |
| [cluster\_type](#input\_cluster\_type) | The cluster type to use. Either 'single-node' or 'multi-node' | `string` | `"single-node"` | no |
| [config\_parameters](#input\_config\_parameters) | A list of configuration parameters to apply to the Redshift Serverless namespace. |
list(object({
parameter_key = string
parameter_value = string
})) | `[]` | no |
| [create\_random\_password](#input\_create\_random\_password) | Determines whether to create random password for cluster `master_password` | `bool` | `true` | no |
| [create\_security\_groups](#input\_create\_security\_groups) | Whether to create security groups for Redshift Serverless resources | `bool` | `true` | no |
| [database\_name](#input\_database\_name) | The name of the database to create | `string` | n/a | yes |
| [egress\_rules](#input\_egress\_rules) | A list of egress rules for the security group. | list(object({
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
})) | `[]` | no |
| [enable\_serverless](#input\_enable\_serverless) | Enable Redshift Serverless. If true, creates the serverless module; if false, creates the standard cluster module. | `bool` | `false` | no |
| [encrypted](#input\_encrypted) | If true, the data in the cluster is encrypted at rest | `bool` | `true` | no |
| [enhanced\_vpc\_routing](#input\_enhanced\_vpc\_routing) | If true, enhanced VPC routing is enabled | `bool` | `false` | no |
| [environment](#input\_environment) | Name of the environment, i.e. dev, stage, prod | `string` | n/a | yes |
| [final\_snapshot\_identifier](#input\_final\_snapshot\_identifier) | The identifier of the final snapshot that is to be created immediately before deleting the cluster | `string` | `null` | no |
| [ingress\_rules](#input\_ingress\_rules) | A list of ingress rules for the security group. | list(object({
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
})) | `[]` | no |
| [kms\_key\_id](#input\_kms\_key\_id) | The ARN for the KMS encryption key | `string` | `null` | no |
| [manage\_admin\_password](#input\_manage\_admin\_password) | If true, Redshift will manage the admin password | `bool` | `false` | no |
| [manage\_user\_password](#input\_manage\_user\_password) | Set to true to allow RDS to manage the master user password in Secrets Manager | `bool` | `null` | no |
| [master\_password](#input\_master\_password) | Password for the master DB user. If null, a random password will be generated | `string` | `null` | no |
| [master\_username](#input\_master\_username) | Username for the master DB user | `string` | n/a | yes |
| [max\_capacity](#input\_max\_capacity) | The maximum data warehouse capacity in Redshift Processing Units (RPUs) | `number` | `512` | no |
| [name](#input\_name) | Name for the Redshift resources | `string` | n/a | yes |
| [namespace](#input\_namespace) | Namespace of the project, i.e. arc | `string` | n/a | yes |
| [namespace\_name](#input\_namespace\_name) | The name of the Redshift Serverless namespace | `string` | `null` | no |
| [node\_type](#input\_node\_type) | The node type to be provisioned for the cluster | `string` | `"dc2.large"` | no |
| [number\_of\_nodes](#input\_number\_of\_nodes) | Number of nodes in the cluster | `number` | `1` | no |
| [port](#input\_port) | The port number on which the cluster accepts incoming connections | `number` | `5439` | no |
| [publicly\_accessible](#input\_publicly\_accessible) | If true, the cluster can be accessed from a public network | `bool` | `false` | no |
| [security\_group\_data](#input\_security\_group\_data) | (optional) Security Group data | object({
security_group_ids_to_attach = optional(list(string), [])
create = optional(bool, true)
description = optional(string, null)
ingress_rules = optional(list(object({
description = optional(string, null)
cidr_block = optional(string, null)
source_security_group_id = optional(string, null)
from_port = number
ip_protocol = string
to_port = string
self = optional(bool, false)
})), [])
egress_rules = optional(list(object({
description = optional(string, null)
cidr_block = optional(string, null)
destination_security_group_id = optional(string, null)
from_port = number
ip_protocol = string
to_port = string
prefix_list_id = optional(string, null)
})), [])
}) | {
"create": false
} | no |
| [security\_group\_name](#input\_security\_group\_name) | Redshift Serverless resourcesr security group name | `string` | `"Redshift-Serverless-sg"` | no |
| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final snapshot of the cluster is created before Redshift deletes it | `bool` | `false` | no |
| [snapshot\_identifier](#input\_snapshot\_identifier) | The name of the snapshot from which to create the new cluster | `string` | `null` | no |
| [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for the Redshift subnet group | `list(string)` | `[]` | no |
| [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
| [track\_name](#input\_track\_name) | Optional track name for Redshift Serverless (used for versioning or preview tracks). | `string` | `null` | no |
| [vpc\_id](#input\_vpc\_id) | ID of the VPC for Redshift | `string` | `null` | no |
| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster | `list(string)` | `[]` | no |
| [workgroup\_name](#input\_workgroup\_name) | The name of the Redshift Serverless workgroup | `string` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [redshift\_cluster\_arn](#output\_redshift\_cluster\_arn) | The ARN of the Redshift cluster |
| [redshift\_cluster\_database\_name](#output\_redshift\_cluster\_database\_name) | The name of the default database in the Redshift cluster |
| [redshift\_cluster\_endpoint](#output\_redshift\_cluster\_endpoint) | The connection endpoint for the Redshift cluster |
| [redshift\_cluster\_hostname](#output\_redshift\_cluster\_hostname) | The hostname of the Redshift cluster |
| [redshift\_cluster\_id](#output\_redshift\_cluster\_id) | The ID of the Redshift cluster |
| [redshift\_cluster\_namespace\_arn](#output\_redshift\_cluster\_namespace\_arn) | The ARN of the Redshift cluster |
| [redshift\_cluster\_port](#output\_redshift\_cluster\_port) | The port of the Redshift cluster |
| [redshift\_cluster\_security\_group\_id](#output\_redshift\_cluster\_security\_group\_id) | The ID of the security group associated with the Redshift cluster |
| [redshift\_database\_name](#output\_redshift\_database\_name) | The name of the database in the Redshift deployment |
| [redshift\_endpoint](#output\_redshift\_endpoint) | The endpoint of the Redshift deployment (either cluster or serverless) |
| [redshift\_serverless\_endpoint](#output\_redshift\_serverless\_endpoint) | The endpoint URL for the Redshift Serverless workgroup |
| [redshift\_serverless\_namespace\_arn](#output\_redshift\_serverless\_namespace\_arn) | The ARN of the Redshift Serverless namespace |
| [redshift\_serverless\_namespace\_id](#output\_redshift\_serverless\_namespace\_id) | The ID of the Redshift Serverless namespace |
| [redshift\_serverless\_workgroup\_arn](#output\_redshift\_serverless\_workgroup\_arn) | The ARN of the Redshift Serverless workgroup |
| [redshift\_serverless\_workgroup\_id](#output\_redshift\_serverless\_workgroup\_id) | The ID of the Redshift Serverless workgroup |
| [redshift\_subnet\_group\_id](#output\_redshift\_subnet\_group\_id) | The ID of the Redshift subnet group |
## Versioning
This project uses a `.version` file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to `main`, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
## Development
### Prerequisites
- [terraform](https://learn.hashicorp.com/terraform/getting-started/install#installing-terraform)
- [terraform-docs](https://github.com/segmentio/terraform-docs)
- [pre-commit](https://pre-commit.com/#install)
- [golang](https://golang.org/doc/install#install)
- [golint](https://github.com/golang/lint#installation)
### Configurations
- Configure pre-commit hooks
```sh
pre-commit install
```
### Versioning
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
```sh
git commit -m "your commit message #major"
```
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly
### Tests
- Tests are available in `test` directory
- Configure the dependencies
```sh
cd test/
go mod init github.com/sourcefuse/terraform-aws-refarch-
go get github.com/gruntwork-io/terratest/modules/terraform
```
- Now execute the test
```sh
go test -timeout 30m
```
## Contributing
See [CONTRIBUTING.md](./CONTRIBUTING.md) for commit conventions and development setup.
## Authors
This project is authored by:
- SourceFuse ARC Team