Amazon Aurora

Deploy and manage Amazon Aurora using Amazon's Relational Database Service (RDS)

View on GitHub

Reference

Inputs

• alarms_sns_topic_arns — The ARNs of SNS topics where CloudWatch alarms (e.g., for CPU, memory, and disk space usage) should send notifications. Also used for the alarms if the share snapshot backup job fails.

• allow_connections_from_cidr_blocks — The list of network CIDR blocks to allow network access to Aurora from. One of allow_connections_from_cidr_blocks or allow_connections_from_security_groups must be specified for the database to be reachable.

• allow_connections_from_security_groups — The list of IDs or Security Groups to allow network access to Aurora from. All security groups must either be in the VPC specified by vpc_id, or a peered VPC with the VPC specified by vpc_id. One of allow_connections_from_cidr_blocks or allow_connections_from_security_groups must be specified for the database to be reachable.

• allow_major_version_upgrade — Enable to allow major engine version upgrades when changing engine versions.

• apply_immediately — Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Note that cluster modifications may cause degraded performance or downtime.

• aurora_subnet_ids — The list of IDs of the subnets in which to deploy Aurora. The list must only contain subnets in vpc_id.

• backup_job_alarm_period — How often, in seconds, the backup job is expected to run. This is the same as schedule_expression, but unfortunately, Terraform offers no way to convert rate expressions to seconds. We add a CloudWatch alarm that triggers if the metric in create_snapshot_cloudwatch_metric_namespace isn't updated within this time period, as that indicates the backup failed to run.

• backup_retention_period — How many days to keep backup snapshots around before cleaning them up. Max: 35

• create_snapshot_cloudwatch_metric_namespace — The namespace to use for the CloudWatch metric we report every time a new RDS snapshot is created. We add a CloudWatch alarm on this metric to notify us if the backup job fails to run for any reason. Defaults to the cluster name.

• custom_tags — A map of custom tags to apply to the RDS cluster and all associated resources created for it. The key is the tag name and the value is the tag value.

• dashboard_cpu_usage_widget_parameters — Parameters for the cpu usage widget to output for use in a CloudWatch dashboard.

• dashboard_db_connections_widget_parameters — Parameters for the database connections widget to output for use in a CloudWatch dashboard.

• dashboard_disk_space_widget_parameters — Parameters for the available disk space widget to output for use in a CloudWatch dashboard.

• dashboard_memory_widget_parameters — Parameters for the available memory widget to output for use in a CloudWatch dashboard.

• dashboard_read_latency_widget_parameters — Parameters for the read latency widget to output for use in a CloudWatch dashboard.

• dashboard_write_latency_widget_parameters — Parameters for the read latency widget to output for use in a CloudWatch dashboard.

• db_cluster_custom_parameter_group — Configure a custom parameter group for the RDS DB cluster. This will create a new parameter group with the given parameters. When null, the database will be launched with the default parameter group.

• db_config_secrets_manager_id — The friendly name or ARN of an AWS Secrets Manager secret that contains database configuration information in the format outlined by this document: https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html. The engine, username, password, dbname, and port fields must be included in the JSON. Note that even with this precaution, this information will be stored in plaintext in the Terraform state file! See the following blog post for more details: https://blog.gruntwork.io/a-comprehensive-guide-to-managing-secrets-in-your-terraform-code-1d586955ace1. If you do not wish to use Secrets Manager, leave this as null, and use the master_username, master_password, db_name, engine, and port variables.

• db_instance_custom_parameter_group — Configure a custom parameter group for the RDS DB Instance. This will create a new parameter group with the given parameters. When null, the database will be launched with the default parameter group.

• db_name — The name for your database of up to 8 alpha-numeric characters. If you do not provide a name, Amazon RDS will not create a database in the DB cluster you are creating. This can also be provided via AWS Secrets Manager. See the description of db_config_secrets_manager_id. A value here overrides the value in db_config_secrets_manager_id.

• enable_cloudwatch_alarms — Set to true to enable several basic CloudWatch alarms around CPU usage, memory usage, and disk space usage. If set to true, make sure to specify SNS topics to send notifications to using alarms_sns_topic_arn.

• enable_cloudwatch_metrics — When true, enable CloudWatch metrics for the manual snapshots created for the purpose of sharing with another account.

• enable_deletion_protection — Enable deletion protection on the database instance. If this is enabled, the database cannot be deleted.

• enable_perf_alarms — Set to true to enable alarms related to performance, such as read and write latency alarms. Set to false to disable those alarms if you aren't sure what would be reasonable perf numbers for your RDS set up or if those numbers are too unpredictable.

• enable_share_snapshot_cloudwatch_alarms — When true, enable CloudWatch alarms for the manual snapshots created for the purpose of sharing with another account. Only used if share_snapshot_with_another_account is true.

• enabled_cloudwatch_logs_exports — If non-empty, the Aurora cluster will export the specified logs to Cloudwatch. Must be zero or more of: audit, error, general and slowquery

• engine — The name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora), and aurora-postgresql. This can also be provided via AWS Secrets Manager. See the description of db_config_secrets_manager_id. A value here overrides the value in db_config_secrets_manager_id.

• engine_mode — The version of aurora to run - provisioned or serverless.

• engine_version — The Amazon Aurora DB engine version for the selected engine and engine_mode. Note: Starting with Aurora MySQL 2.03.2, Aurora engine versions have the following syntax <mysql-major-version>.mysql_aurora.<aurora-mysql-version>. e.g. 5.7.mysql_aurora.2.08.1.

• high_cpu_utilization_period — The period, in seconds, over which to measure the CPU utilization percentage.

• high_cpu_utilization_threshold — Trigger an alarm if the DB instance has a CPU utilization percentage above this threshold.

• high_read_latency_period — The period, in seconds, over which to measure the read latency.

• high_read_latency_threshold — Trigger an alarm if the DB instance read latency (average amount of time taken per disk I/O operation), in seconds, is above this threshold.

• high_write_latency_period — The period, in seconds, over which to measure the write latency.

• high_write_latency_threshold — Trigger an alarm if the DB instance write latency (average amount of time taken per disk I/O operation), in seconds, is above this threshold.

• iam_database_authentication_enabled — Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Disabled by default.

• instance_count — The number of DB instances, including the primary, to run in the RDS cluster. Only used when engine_mode is set to provisioned.

• instance_type — The instance type to use for the db (e.g. db.r3.large). Only used when engine_mode is set to provisioned.

• kms_key_arn — The ARN of a KMS key that should be used to encrypt data on disk. Only used if storage_encrypted is true. If you leave this null, the default RDS KMS key for the account will be used.

• low_disk_space_available_period — The period, in seconds, over which to measure the available free disk space.

• low_disk_space_available_threshold — Trigger an alarm if the amount of disk space, in Bytes, on the DB instance drops below this threshold.

• low_memory_available_period — The period, in seconds, over which to measure the available free memory.

• low_memory_available_threshold — Trigger an alarm if the amount of free memory, in Bytes, on the DB instance drops below this threshold.

• master_password — The value to use for the master password of the database. This can also be provided via AWS Secrets Manager. See the description of db_config_secrets_manager_id. A value here overrides the value in db_config_secrets_manager_id.

• master_username — The value to use for the master username of the database. This can also be provided via AWS Secrets Manager. See the description of db_config_secrets_manager_id. A value here overrides the value in db_config_secrets_manager_id.

• name — The name used to namespace all the Aurora resources created by these templates, including the cluster and cluster instances (e.g. drupaldb). Must be unique in this region. Must be a lowercase string.

• port — The port the DB will listen on (e.g. 3306). This can also be provided via AWS Secrets Manager. See the description of db_config_secrets_manager_id. A value here overrides the value in db_config_secrets_manager_id.

• publicly_accessible — If you wish to make your database accessible from the public Internet, set this flag to true (WARNING: NOT RECOMMENDED FOR REGULAR USAGE!!). The default is false, which means the database is only accessible from within the VPC, which is much more secure. This flag MUST be false for serverless mode.

• scaling_configuration_auto_pause — Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Only used when engine_mode is set to serverless.

• scaling_configuration_max_capacity — The maximum capacity. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256. Only used when engine_mode is set to serverless.

• scaling_configuration_min_capacity — The minimum capacity. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256. Only used when engine_mode is set to serverless.

• scaling_configuration_seconds_until_auto_pause — The time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are 300 through 86400. Only used when engine_mode is set to serverless.

• share_snapshot_max_snapshots — The maximum number of snapshots to keep around for the purpose of cross account sharing. Once this number is exceeded, a lambda function will delete the oldest snapshots. Only used if share_snapshot_with_another_account is true.

• share_snapshot_schedule_expression — An expression that defines how often to run the lambda function to take snapshots for the purpose of cross account sharing. For example, cron(0 20 * ? ) or rate(5 minutes). Required if share_snapshot_with_another_account is true

• share_snapshot_with_account_id — The ID of the AWS Account that the snapshot should be shared with. Required if share_snapshot_with_another_account is true.

• share_snapshot_with_another_account — If set to true, take periodic snapshots of the Aurora DB that should be shared with another account.

• skip_final_snapshot — Determines whether a final DB snapshot is created before the DB instance is deleted. Be very careful setting this to true; if you do, and you delete this DB instance, you will not have any backups of the data! You almost never want to set this to true, unless you are doing automated or manual testing.

• snapshot_identifier — If non-null, the RDS Instance will be restored from the given Snapshot ID. This is the Snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.

• storage_encrypted — Specifies whether the DB cluster uses encryption for data at rest in the underlying storage for the DB, its automated backups, Read Replicas, and snapshots. Uses the default aws/rds key in KMS.

• too_many_db_connections_threshold — Trigger an alarm if the number of connections to the DB instance goes above this threshold.

• vpc_id — The ID of the VPC in which to deploy Aurora.

Outputs

• all_metric_widgets — A list of all the CloudWatch Dashboard metric widgets available in this module.

• cleanup_snapshots_lambda_arn — The ARN of the AWS Lambda Function used for cleaning up manual snapshots taken for sharing with secondary accounts.

• cluster_arn — The ARN of the RDS Aurora cluster.

• cluster_id — The ID of the RDS Aurora cluster (e.g TODO).

• cluster_resource_id — The unique resource ID assigned to the cluster e.g. cluster-POBCBQUFQC56EBAAWXGFJ77GRU. This is useful for allowing database authentication via IAM.

• create_snapshot_lambda_arn — The ARN of the AWS Lambda Function used for periodically taking snapshots to share with secondary accounts.

• instance_endpoints — A list of endpoints of the RDS instances that you can use to make requests to.

• metric_widget_aurora_cpu_usage — A CloudWatch Dashboard widget that graphs CPU usage (percentage) of the Aurora cluster.

• metric_widget_aurora_db_connections — A CloudWatch Dashboard widget that graphs the number of active database connections of the Aurora cluster.

• metric_widget_aurora_disk_space — A CloudWatch Dashboard widget that graphs available disk space (in bytes) on the Aurora cluster.

• metric_widget_aurora_memory — A CloudWatch Dashboard widget that graphs available memory (in bytes) on the Aurora cluster.

• metric_widget_aurora_read_latency — A CloudWatch Dashboard widget that graphs the average amount of time taken per disk I/O operation on reads.

• metric_widget_aurora_write_latency — A CloudWatch Dashboard widget that graphs the average amount of time taken per disk I/O operation on writes.

• port — The port used by the RDS Aurora cluster for handling database connections.

• primary_endpoint — The primary endpoint of the RDS Aurora cluster that you can use to make requests to.

• primary_host — The host portion of the Aurora endpoint. primary_endpoint is in the form '<host>:<port>', and this output returns just the host part.

• share_snapshot_lambda_arn — The ARN of the AWS Lambda Function used for sharing manual snapshots with secondary accounts.