How do you want to call your environment, this is helpful if you have more than 1 VPC.
string
"production"
no
maintenance_window
The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. See RDS Maintenance Window docs for more information.
string
"Mon:00:00-Mon:01:00"
no
max_allocated_storage
When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to allocated_storage. Must be greater than or equal to allocated_storage or 0 to disable Storage Autoscaling.
string
"0"
no
monitoring_interval
The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.
string
"0"
no
multi_az
Multi AZ true or false
string
"true"
no
name
The name of the RDS instance
string
""
no
number
number of the database default 01
string
"01"
no
performance_insights_enabled
Specifies whether Performance Insights is enabled or not.
bool
"false"
no
project
The current project
string
""
no
rds_custom_parameter_group_name
A custom parameter group name to attach to the RDS instance. If not provided a default one will be used
string
""
no
rds_username
RDS root user
string
"root"
no
size
Instance size
string
"db.t2.small"
no
skip_final_snapshot
Skip final snapshot when destroying RDS
string
"false"
no
snapshot_identifier
Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.
string
""
no
storage
How many GBs of space does your database need?
string
"10"
no
storage_encrypted
Encrypt RDS storage
string
"true"
no
storage_type
Type of storage you want to use
string
"gp2"
no
tag
A tag used to identify an RDS in a project that has more than one RDS
Creates a Aurora cluster + instances, security_group, subnet_group and parameter_group
Inputs
Name
Description
Type
Default
Required
password
RDS root password
any
n/a
yes
security_groups
Security groups that are allowed to access the RDS on port 3306
list(string)
n/a
yes
subnets
Subnets to deploy in
list(string)
n/a
yes
amount_of_instances
The amount of Aurora instances you need, for HA you need minumum 2
number
1
no
apply_immediately
Apply changes immediately
bool
true
no
backup_retention_period
How long do you want to keep RDS backups
string
"14"
no
cluster_parameter_group_name
Optional parameter group you can set for the RDS Aurora cluster
string
""
no
default_ports
n/a
map
{ "aurora": "3306", "aurora-postgresql": "5432" }
no
enabled_cloudwatch_logs_exports
List of log types to enable for exporting to CloudWatch logs. You can check the available log types per engine in the AWS Aurora documentation.
list(string)
[]
no
engine
Optional parameter to set the Aurora engine
string
"aurora"
no
engine_version
Optional parameter to set the Aurora engine version
string
"5.6.10a"
no
environment
How do you want to call your environment, this is helpful if you have more than 1 VPC.
string
"production"
no
family
n/a
string
"aurora5.6"
no
instance_parameter_group_name
Optional parameter group you can set for the RDS instances inside an Aurora cluster
string
""
no
performance_insights_enabled
Specifies whether Performance Insights is enabled or not.
bool
false
no
project
The current project
string
""
no
rds_instance_name_overrides
List of names to override the default RDS instance names / identifiers.
list(string)
null
no
rds_username
RDS root user
string
"root"
no
size
Instance size
string
"db.t2.small"
no
skip_final_snapshot
Skip final snapshot when destroying RDS
bool
false
no
snapshot_identifier
Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot
string
null
no
storage_encrypted
Encrypt RDS storage
bool
true
no
tag
A tag used to identify an RDS in a project that has more than one RDS
Bool to control if instance is publicly accessible
false
no
security_groups
Security groups that are allowed to access the RDS
list(string)
[]
no
size
Instance size
string
"db.t2.small"
no
storage_encrypted
Encrypt RDS storage
string
"true"
no
tag
A tag used to identify an RDS in a project that has more than one RDS
string
""
no
max_allocated_storage
When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to allocated_storage. Must be greater than or equal to allocated_storage or 0 to disable Storage Autoscaling. If not set the default of the master instance is set.
string
null
no
allocated_storage
How many GBs of space does your database need? If not set the default of the master instance is set.
This module creates snapshots of RDS instances based on a configured frequency, and replicates them to a different region in a different AWS account.
To achieve this it creates several Lambda functions that take care of the copy operations in the different steps.
As an example, let's say we want to back up an RDS instance in AWS account 111111111111 in region eu-west-1 to the AWS account 222222222222 in region eu-central-1. The whole replication process takes place in 4 steps:
A snapshot is created from the RDS instance, in the account 111111111111 in region eu-west-1 . If the instance is KMS encrypted, the snapshot will be encrypted with the same key
The initial snapshot is copied to region eu-central-1 within the source account 111111111111. Snapshots cannot be copied to a different AWS account and region in the same copy operation, so it needs to happen in two steps. In this step, the snapshot is re-encrypted using a KMS key in the target AWS account and region (222222222222 & eu-central-1)
The resulting snapshot from step (2) is then copied over to its final destination, in account 222222222222 in region eu-central-1.
There are Lambda functions in place that will take care of cleaning up the initial and intermediate snapshots resulting from steps (1) and (2).
There's another Lambda function running in account 222222222222 in region eu-central-1 that will periodically run and delete those snapshots that are older than the configured retention period.
For monitoring, the module creates two SNS topics where CloudWatch will post alert messages in case there's problems running the Lambda functions. These SNS topics can be subscribed to upstream monitoring services like OpsGenie.
Take into account that for the copy operation and re-encryption process to work properly, the policy of the provided KMS key in the target account needs to allow usage access to the root user of the source account. IAM policies to further grant access to the Lambda functions will be created within the module. Check this AWS documentation page to know more about how encrpyted snapshots can be shared between different accounts.
Snapshot frequency specified as a CloudWatch schedule expression. Can either be a rate() or cron() expression. Check the AWS documentation on how to compose such expression.