A module designed to support full capabilities of OTC RDS while simplifying the configuration for ease of use.
module "rds" {
source = "iits-consulting/rds/opentelekomcloud"
tags = var.tags
name = "${var.context_name}-${var.stage_name}-db"
vpc_id = module.vpc.vpc.id
subnet_id = values(module.vpc.subnets)[0].id
db_type = "PostgreSQL"
db_version = "12"
db_cpus = "4"
db_memory = "16"
db_high_availability = true
db_ha_replication_mode = "async"
db_parameters = {
max_connections = "100",
}
}- RDS module is designed to create its own security group.
- This security group will allow DB access from the CIDR range of the subnet RDS instance is created in by default.
- It is possible to remove the subnet accessibility by setting:
sg_allowed_cidr = ["0.0.0.0/32"] // This is a non existing IP, do not mix with 0.0.0.0/0 (allow all)- Please note that KMS keys created will take 7 days to delete to prevent accidental data loss
- Please ensure KMS keys are not deleted for a database in use. Deletion of KMS keys will render the encrypted data impossible to decrypt, effectively destroying the data.
- While not recommended for security reasons, it is possible to disable KMS encryption:
db_volume_encryption = false| Name | Version |
|---|---|
| terraform | >= 1.5.7 |
| errorcheck | 3.0.3 |
| opentelekomcloud | ~> 1.36, >= 1.36.35 |
| random | ~> 3.0 |
| Name | Version |
|---|---|
| errorcheck | 3.0.3 |
| opentelekomcloud | ~> 1.36, >= 1.36.35 |
| random | ~> 3.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| db_type | RDS database product type. (MySQL, PostgreSQL or SQLServer) | string |
n/a | yes |
| db_version | RDS database product version. | string |
n/a | yes |
| name | Name of the RDS instance. | string |
n/a | yes |
| subnet_id | Id of the subnet to create database cluster in. | string |
n/a | yes |
| vpc_id | Id of the VPC to create database cluster in. | string |
n/a | yes |
| db_availability_zones | Availability zones for the RDS instance. One or two zones are supported for single and primary/standby instances respectively. | set(string) |
[] |
no |
| db_backup_days | Retain time for automated backups in days. | number |
"7" |
no |
| db_backup_interval | UTC time window for automated database backups in "HH:MM-HH:MM" format. Must be at least 1 hour (default: 03:00-04:00) | string |
"03:00-04:00" |
no |
| db_backup_period | Specifies the backup cycle configuration. The value is digits separated by commas (,), indicating the day of the week and starting from Monday=1. | string |
"1,2,3,4,5,6,7" |
no |
| db_cpu_alarm_threshold | CES alarm threshold (in percent) for database cpu utilization. Can be disabled by setting to 0. | number |
80 |
no |
| db_cpus | Number of CPU cores desired for database nodes. (default: 2) | string |
"2" |
no |
| db_eip_bandwidth | Bandwidth of the EIP of RDS instance, can be disabled by setting to 0. (default: 0) | number |
0 |
no |
| db_flavor | RDS Flavor string override. This parameter will override parameters for db_cpu, db_memory and db_high_availability. | string |
"" |
no |
| db_ha_replication_mode | RDS data replication mode for instances with high availability (primary/standby) enabled. Defaults are async(MySQL), async(PostgreSQL) and sync(SQLServer) | string |
"" |
no |
| db_high_availability | Whether a single db instance or a high available (primary/standby) db instance is desired. (default: false) | bool |
false |
no |
| db_memory | Amount of memory desired for database nodes in GB. (default: 4) | number |
4 |
no |
| db_memory_alarm_threshold | CES alarm threshold (in percent) for database memory utilization. Can be disabled by setting to 0. | number |
90 |
no |
| db_parameters | A map of additional parameters for the database instance. Check the DB Engine's documentation. | map(string) |
{} |
no |
| db_port | Port number for accessing the database. Default ports are: 3306(MySQL), 5432(PostgreSQL) and 1433(SQLServer) | string |
"default" |
no |
| db_size | Amount of storage desired for the database in GB. (default: 100) | number |
100 |
no |
| db_storage_alarm_threshold | CES alarm threshold (in percent) for database storage utilization. Can be disabled by setting to 0. | number |
80 |
no |
| db_storage_type | Type of storage desired for the database. (default: ULTRAHIGH) | string |
"ULTRAHIGH" |
no |
| db_volume_encryption | Enable OTC KMS volume encryption for the database volumes. (default: true) | bool |
true |
no |
| db_volume_encryption_key_name | If KMS volume encryption is enabled for the database volumes, use this kms key name instead of creating a new one. (default: null) | string |
null |
no |
| sg_allowed_cidr | CIDR ranges that are allowed to connect to the database. (default: <var.subnet_id.cidr>) | set(string) |
[] |
no |
| sg_allowed_secgroups | Security groups that are allowed to connect to the database. (default: []) | set(string) |
[] |
no |
| sg_secgroup_id | Security group override to allow user defined security group definitions. | string |
"" |
no |
| tags | Common tag set for project resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| db_cluster | Full configuration of the created database cluster, created for flexibility but should not be used if avoidable. |
| db_cluster_id | Database cluster UUID. |
| db_instance_ids | Node ECS UUIDs for members of the database cluster. |
| db_private_ip | Private IP address for the database cluster. |
| db_public_ip | Public IP address for the database cluster if var.db_eip_bandwidth is specified. Otherwise empty string "". |
| db_root_password | Root user password for the database cluster. |
| db_root_username | Root user username for the database cluster. |
| sg_secgroup_id | Security group created for the database cluster. This is particularly useful if custom rules outside of the module are desired. |