| environment |
Environment (e.g., prod, dev, test) |
string |
n/a |
yes |
| master_password |
Password for the master DB user. Note that this may show up in logs, and it is recommended to use Secrets Manager. |
string |
n/a |
yes |
| project_name |
Name of the project |
string |
n/a |
yes |
| security_group_ids |
List of VPC security groups to associate |
list(string) |
n/a |
yes |
| subnet_ids |
A list of VPC subnet IDs |
list(string) |
n/a |
yes |
| allocated_storage |
The allocated storage in gigabytes |
number |
20 |
no |
| aurora_instance_count |
Number of Aurora instances in the cluster |
number |
2 |
no |
| aurora_serverless_v2_scaling_configuration |
Aurora Serverless v2 scaling configuration |
object({
max_capacity = number
min_capacity = number
}) |
null |
no |
| auto_minor_version_upgrade |
Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window |
bool |
true |
no |
| backup_retention_period |
The days to retain backups for |
number |
7 |
no |
| backup_window |
The daily time range (in UTC) during which automated backups are created if they are enabled |
string |
"03:00-06:00" |
no |
| ca_cert_identifier |
The identifier of the CA certificate for the DB instance |
string |
"rds-ca-rsa2048-g1" |
no |
| create_aurora_cluster |
Whether to create an Aurora cluster instead of a standard RDS instance |
bool |
false |
no |
| create_db_proxy |
Whether to create an RDS Proxy |
bool |
false |
no |
| create_kms_key |
Whether to create a KMS key for RDS encryption |
bool |
true |
no |
| create_parameter_group |
Whether to create a custom parameter group |
bool |
true |
no |
| create_read_replica |
Whether to create a read replica |
bool |
false |
no |
| custom_parameters |
Custom parameters to add to the parameter group |
list(object({
name = string
value = string
})) |
[] |
no |
| database_name |
The name of the database to create when the DB instance is created |
string |
null |
no |
| database_port |
The port on which the DB accepts connections |
number |
5432 |
no |
| db_proxy_auth |
Configuration block for DB Proxy authentication |
list(object({
auth_scheme = string
description = optional(string)
iam_auth = optional(string)
secret_arn = string
})) |
[] |
no |
| db_proxy_role_arn |
ARN of the IAM role for RDS Proxy to access Secrets Manager |
string |
"" |
no |
| delete_automated_backups |
Specifies whether to remove automated backups immediately after the DB instance is deleted |
bool |
false |
no |
| deletion_protection |
The database can't be deleted when this value is set to true |
bool |
true |
no |
| enable_enhanced_monitoring |
Specifies whether Enhanced Monitoring is enabled |
bool |
false |
no |
| enable_performance_insights |
Specifies whether Performance Insights are enabled |
bool |
true |
no |
| enabled_cloudwatch_logs_exports |
List of log types to enable for exporting to CloudWatch logs |
list(string) |
[
"postgresql",
"upgrade"
] |
no |
| engine |
The database engine to use (postgres, mysql, mariadb, oracle-ee, sqlserver-ex, etc.) |
string |
"postgres" |
no |
| engine_version |
The engine version to use |
string |
"15.4" |
no |
| iam_database_authentication_enabled |
Specifies whether mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled |
bool |
true |
no |
| instance_class |
The instance type of the RDS instance |
string |
"db.t3.medium" |
no |
| kms_key_id |
The ARN of an existing KMS key to use for encryption |
string |
"" |
no |
| log_retention_days |
Specifies the number of days you want to retain log events in the specified log group |
number |
30 |
no |
| maintenance_window |
The window to perform maintenance in |
string |
"Mon:00:00-Mon:03:00" |
no |
| master_username |
Username for the master DB user |
string |
"dbadmin" |
no |
| max_allocated_storage |
The upper limit to which Amazon RDS can automatically scale the storage of the DB instance |
number |
100 |
no |
| monitoring_role_arn |
The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs |
string |
"" |
no |
| multi_az |
Specifies if the RDS instance is multi-AZ |
bool |
true |
no |
| mysql_security_parameters |
Security-focused parameters for MySQL/MariaDB |
list(object({
name = string
value = string
})) |
[
{
"name": "require_secure_transport",
"value": "ON"
},
{
"name": "log_warnings",
"value": "2"
}
] |
no |
| name_prefix |
Prefix for resource names (if not provided, will use project-environment pattern) |
string |
"" |
no |
| parameter_group_family |
The family of the DB parameter group |
string |
"postgres15" |
no |
| parameter_group_name |
Name of the existing DB parameter group to use (if create_parameter_group is false) |
string |
null |
no |
| postgres_security_parameters |
Security-focused parameters for PostgreSQL |
list(object({
name = string
value = string
})) |
[
{
"name": "rds.force_ssl",
"value": "1"
},
{
"name": "log_connections",
"value": "1"
},
{
"name": "log_disconnections",
"value": "1"
},
{
"name": "log_checkpoints",
"value": "1"
},
{
"name": "log_lock_waits",
"value": "1"
}
] |
no |
| replica_instance_class |
The instance type of the RDS read replica |
string |
"db.t3.medium" |
no |
| skip_final_snapshot |
Determines whether a final DB snapshot is created before the DB instance is deleted |
bool |
false |
no |
| snapshot_identifier |
Specifies whether or not to create this database from a snapshot |
string |
null |
no |
| storage_type |
One of 'standard' (magnetic), 'gp2' (general purpose SSD), 'gp3' (general purpose SSD), or 'io1' (provisioned IOPS SSD) |
string |
"gp3" |
no |
| tags |
Additional tags for all resources |
map(string) |
{} |
no |