https://github.com/statcan/terraform-azurerm-flex-postgresql
Terraform module to deploy a managed PostgreSQL Flexible server on Azure
https://github.com/statcan/terraform-azurerm-flex-postgresql
azure terraform
Last synced: 6 months ago
JSON representation
Terraform module to deploy a managed PostgreSQL Flexible server on Azure
- Host: GitHub
- URL: https://github.com/statcan/terraform-azurerm-flex-postgresql
- Owner: StatCan
- License: other
- Created: 2021-08-24T19:47:16.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-10-28T15:44:36.000Z (over 1 year ago)
- Last Synced: 2025-02-01T10:44:04.109Z (about 1 year ago)
- Topics: azure, terraform
- Language: HCL
- Homepage:
- Size: 82 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# Terraform for Azure Managed Database PostgreSQL Flexible Server
Creates a PostgreSQL instance using the Azure Database for PostgreSQL - Flexible Server.
## Usage
Examples for this module along with various configurations can be found in the [examples/](examples/) folder.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.5.7 |
| [azurerm](#requirement\_azurerm) | ~> 4.26 |
| [postgresql](#requirement\_postgresql) | ~> 1.25.0 |
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | 4.40.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [enc\_key\_vault](#module\_enc\_key\_vault) | git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/platform/terraform/terraform-azure-key-vault.git | v5.0.0 |
## Resources
| Name | Type |
|------|------|
| [azurerm_key_vault_access_policy.cmk](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_access_policy.runner_manage_keys](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
| [azurerm_key_vault_key.cmk](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |
| [azurerm_monitor_diagnostic_setting.postgresql_server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
| [azurerm_postgresql_flexible_server.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server) | resource |
| [azurerm_postgresql_flexible_server_active_directory_administrator.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_active_directory_administrator) | resource |
| [azurerm_postgresql_flexible_server_configuration.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_configuration) | resource |
| [azurerm_postgresql_flexible_server_database.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_database) | resource |
| [azurerm_postgresql_flexible_server_firewall_rule.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server_firewall_rule) | resource |
| [azurerm_storage_account.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_container.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
| [azurerm_user_assigned_identity.pgsql](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_key_vault.pointer](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
| [azurerm_key_vault_secret.pointer_sqladmin_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source |
| [azurerm_monitor_diagnostic_categories.postgresql_server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_diagnostic_categories) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [active\_directory\_administrator](#input\_active\_directory\_administrator) | n/a |
list(object({
object_id = optional(string)
principal_name = optional(string)
principal_type = optional(string, "Group")
})) | `[]` | no |
| [administrator\_login](#input\_administrator\_login) | The Administrator Login for the PostgreSQL Flexible Server. | `string` | n/a | yes |
| [administrator\_password](#input\_administrator\_password) | The Password associated with the administrator\_login for the PostgreSQL Flexible Server. | `string` | n/a | yes |
| [databases](#input\_databases) | The name, collation, and charset of the PostgreSQL database(s). (defaults: charset='utf8', collation='en\_US.utf8') | `map(map(string))` | n/a | yes |
| [delegated\_subnet\_id](#input\_delegated\_subnet\_id) | The subnet where you want the database created. The subnet must be delegated to Microsoft.DBforPostgreSQL/flexibleServers. | `string` | `null` | no |
| [diagnostics](#input\_diagnostics) | Diagnostic settings for those resources that support it. | object({
destination = string
eventhub_name = string
}) | `null` | no |
| [environment](#input\_environment) | The environment used for keyvault access. | `string` | n/a | yes |
| [firewall\_rules](#input\_firewall\_rules) | Specifies the Start IP Address associated with this Firewall Rule. | `list(string)` | n/a | yes |
| [geo\_redundant\_backup\_enabled](#input\_geo\_redundant\_backup\_enabled) | Is Geo-Redundant backup enabled on the PostgreSQL Flexible Server. | `bool` | `false` | no |
| [ip\_rules](#input\_ip\_rules) | List of public IP or IP ranges in CIDR Format. | `list(string)` | n/a | yes |
| [kv\_pointer\_enable](#input\_kv\_pointer\_enable) | Flag kv\_pointer\_enable can either be `true` (state from key vault), or `false` (state from terraform). | `bool` | `false` | no |
| [kv\_pointer\_name](#input\_kv\_pointer\_name) | The key vault name to be used when kv\_pointer\_enable is set to `true`. | `string` | `null` | no |
| [kv\_pointer\_rg](#input\_kv\_pointer\_rg) | The key vault resource group to be used when kv\_pointer\_enable is set to `true`. | `string` | `null` | no |
| [kv\_pointer\_sqladmin\_password](#input\_kv\_pointer\_sqladmin\_password) | The sqladmin password to be looked up in key vault when kv\_pointer\_enable is set to `true`. | `string` | `null` | no |
| [kv\_private\_endpoints](#input\_kv\_private\_endpoints) | The information required to create a private endpoint for the Key Vault. | list(object({
sub_resource_name = optional(string, "vault")
subnet_id = string
private_dns_zone_id = string
})) | `[]` | no |
| [kv\_public\_network\_access\_enabled](#input\_kv\_public\_network\_access\_enabled) | (Required) Whether or not public network access is allowed. | `bool` | `false` | no |
| [kv\_subnet\_ids](#input\_kv\_subnet\_ids) | The subnets for the key vault. | `list(string)` | `null` | no |
| [location](#input\_location) | Specifies the supported Azure location where the resource exists. | `string` | `"canadacentral"` | no |
| [name](#input\_name) | The name of the PostgreSQL Flexible Server. | `string` | n/a | yes |
| [pgsql\_version](#input\_pgsql\_version) | The version of the PostgreSQL Flexible Server. | `string` | `"16"` | no |
| [postgresql\_configurations](#input\_postgresql\_configurations) | n/a | `map(string)` | {
"azure.extensions": "POSTGIS,PGCRYPTO",
"checkpoint_warning": "0",
"client_min_messages": "log",
"connection_throttle.enable": "on",
"debug_pretty_print": "on",
"debug_print_parse": "off",
"debug_print_plan": "off",
"debug_print_rewritten": "off",
"log_checkpoints": "on",
"log_duration": "off",
"log_error_verbosity": "verbose",
"log_line_prefix": "%m [%p] %q[user=%u,db=%d,app=%a,client=%h] ",
"log_lock_waits": "off",
"log_min_duration_statement": "10",
"log_min_error_statement": "error",
"log_min_messages": "warning",
"log_statement": "ddl",
"maintenance_work_mem": "32000",
"max_wal_size": "512",
"min_wal_size": "512",
"pg_qs.query_capture_mode": "top",
"pg_qs.track_utility": "off",
"pg_stat_statements.track_utility": "off",
"pgaudit.log": "ddl",
"pgms_wait_sampling.query_capture_mode": "all",
"row_security": "on",
"temp_buffers": "16384",
"wal_buffers": "8192",
"wal_writer_delay": "200",
"wal_writer_flush_after": "128",
"work_mem": "2048000"
} | no |
| [private\_dns\_zone\_id](#input\_private\_dns\_zone\_id) | The ID of the private DNS zone to create the PostgreSQL Flexible Server. The private DNS zone must end with the suffix .postgres.database.azure.com. | `string` | `null` | no |
| [project](#input\_project) | Name of client project | `string` | n/a | yes |
| [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | (Optional) Specifies whether this PostgreSQL Flexible Server is publicly accessible. | `bool` | `false` | no |
| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the PostgreSQL Flexible Server. | `string` | n/a | yes |
| [sa\_create\_log](#input\_sa\_create\_log) | Creates a storage account to be used for diagnostics logging of the PostgreSQL database created if the variable is set to `true`. | `bool` | `false` | no |
| [sa\_subnet\_ids](#input\_sa\_subnet\_ids) | The subnets for the storage account. | `list(string)` | `null` | no |
| [sku\_name](#input\_sku\_name) | Specifies the SKU Name for this PostgreSQL Flexible Server. | `string` | `"GP_Standard_D4ds_v4"` | no |
| [storage\_account\_name](#input\_storage\_account\_name) | Name of the storage account used for diagnostics (optional, if not provided the name is auto-generated). | `string` | `null` | no |
| [storagesize\_mb](#input\_storagesize\_mb) | Specifies the storage size in MB for the PostgreSQL Flexible Server. | `number` | `262144` | no |
| [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [administrator\_login](#output\_administrator\_login) | n/a |
| [fqdn](#output\_fqdn) | n/a |
| [id](#output\_id) | n/a |
## History
[Change Log](./CHANGELOG.md)