forked from terraform-aws-modules/terraform-aws-rds
-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
638 lines (533 loc) · 21 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
variable "identifier" {
description = "The name of the RDS instance"
type = string
}
variable "instance_use_identifier_prefix" {
description = "Determines whether to use `identifier` as is or create a unique identifier beginning with `identifier` as the specified prefix"
type = bool
default = false
}
variable "custom_iam_instance_profile" {
description = "RDS custom iam instance profile"
type = string
default = null
}
variable "allocated_storage" {
description = "The allocated storage in gigabytes"
type = number
default = null
}
variable "storage_type" {
description = "One of 'standard' (magnetic), 'gp2' (general purpose SSD), 'gp3' (new generation of general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. If you specify 'io1' or 'gp3' , you must also include a value for the 'iops' parameter"
type = string
default = null
}
variable "storage_throughput" {
description = "Storage throughput value for the DB instance. See `notes` for limitations regarding this variable for `gp3`"
type = number
default = null
}
variable "storage_encrypted" {
description = "Specifies whether the DB instance is encrypted"
type = bool
default = true
}
variable "kms_key_id" {
description = "The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used. Be sure to use the full ARN, not a key alias."
type = string
default = null
}
variable "replicate_source_db" {
description = "Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate"
type = string
default = null
}
variable "license_model" {
description = "License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1"
type = string
default = null
}
variable "replica_mode" {
description = "Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified"
type = string
default = null
}
variable "iam_database_authentication_enabled" {
description = "Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled"
type = bool
default = false
}
variable "domain" {
description = "The ID of the Directory Service Active Directory domain to create the instance in"
type = string
default = null
}
variable "domain_auth_secret_arn" {
description = "(Optional, but required if domain_fqdn is provided) The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name."
type = string
default = null
}
variable "domain_dns_ips" {
description = "(Optional, but required if domain_fqdn is provided) The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name."
type = list(string)
default = null
}
variable "domain_fqdn" {
description = "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name."
type = string
default = null
}
variable "domain_iam_role_name" {
description = "(Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service"
type = string
default = null
}
variable "domain_ou" {
description = "(Optional, but required if domain_fqdn is provided) The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name."
type = string
default = null
}
variable "engine" {
description = "The database engine to use"
type = string
default = null
}
variable "engine_version" {
description = "The engine version to use"
type = string
default = null
}
variable "engine_lifecycle_support" {
description = "The life cycle type for this DB instance. This setting applies only to RDS for MySQL and RDS for PostgreSQL. Valid values are `open-source-rds-extended-support`, `open-source-rds-extended-support-disabled`. Default value is `open-source-rds-extended-support`."
type = string
default = null
}
variable "skip_final_snapshot" {
description = "Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted"
type = bool
default = false
}
variable "snapshot_identifier" {
description = "Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05"
type = string
default = null
}
variable "copy_tags_to_snapshot" {
description = "On delete, copy all Instance tags to the final snapshot"
type = bool
default = false
}
variable "final_snapshot_identifier_prefix" {
description = "The name which is prefixed to the final snapshot on cluster destroy"
type = string
default = "final"
}
variable "instance_class" {
description = "The instance type of the RDS instance"
type = string
default = null
}
variable "db_name" {
description = "The DB name to create. If omitted, no database is created initially"
type = string
default = null
}
variable "username" {
description = "Username for the master DB user"
type = string
default = null
}
variable "password" {
description = <<EOF
Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file.
The password provided will not be used if `manage_master_user_password` is set to true.
EOF
type = string
default = null
sensitive = true
}
variable "manage_master_user_password" {
description = "Set to true to allow RDS to manage the master user password in Secrets Manager"
type = bool
default = true
}
variable "master_user_secret_kms_key_id" {
description = <<EOF
The key ARN, key ID, alias ARN or alias name for the KMS key to encrypt the master user password secret in Secrets Manager.
If not specified, the default KMS key for your Amazon Web Services account is used.
EOF
type = string
default = null
}
variable "port" {
description = "The port on which the DB accepts connections"
type = string
default = null
}
variable "vpc_security_group_ids" {
description = "List of VPC security groups to associate"
type = list(string)
default = []
}
variable "availability_zone" {
description = "The Availability Zone of the RDS instance"
type = string
default = null
}
variable "multi_az" {
description = "Specifies if the RDS instance is multi-AZ"
type = bool
default = false
}
variable "iops" {
description = "The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' or `gp3`. See `notes` for limitations regarding this variable for `gp3`"
type = number
default = null
}
variable "publicly_accessible" {
description = "Bool to control if instance is publicly accessible"
type = bool
default = false
}
variable "monitoring_interval" {
description = "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60"
type = number
default = 0
}
variable "monitoring_role_arn" {
description = "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero"
type = string
default = null
}
variable "monitoring_role_name" {
description = "Name of the IAM role which will be created when create_monitoring_role is enabled"
type = string
default = "rds-monitoring-role"
}
variable "monitoring_role_use_name_prefix" {
description = "Determines whether to use `monitoring_role_name` as is or create a unique identifier beginning with `monitoring_role_name` as the specified prefix"
type = bool
default = false
}
variable "monitoring_role_description" {
description = "Description of the monitoring IAM role"
type = string
default = null
}
variable "create_monitoring_role" {
description = "Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs"
type = bool
default = false
}
variable "monitoring_role_permissions_boundary" {
description = "ARN of the policy that is used to set the permissions boundary for the monitoring IAM role"
type = string
default = null
}
variable "allow_major_version_upgrade" {
description = "Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible"
type = bool
default = false
}
variable "auto_minor_version_upgrade" {
description = "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window"
type = bool
default = true
}
variable "apply_immediately" {
description = "Specifies whether any database modifications are applied immediately, or during the next maintenance window"
type = bool
default = false
}
variable "maintenance_window" {
description = "The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00'"
type = string
default = null
}
variable "blue_green_update" {
description = "Enables low-downtime updates using RDS Blue/Green deployments."
type = map(string)
default = {}
}
variable "backup_retention_period" {
description = "The days to retain backups for"
type = number
default = null
}
variable "backup_window" {
description = "The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window"
type = string
default = null
}
variable "restore_to_point_in_time" {
description = "Restore to a point in time (MySQL is NOT supported)"
type = map(string)
default = null
}
variable "s3_import" {
description = "Restore from a Percona Xtrabackup in S3 (only MySQL is supported)"
type = map(string)
default = null
}
variable "dedicated_log_volume" {
description = "Use a dedicated log volume (DLV) for the DB instance. Requires Provisioned IOPS."
type = bool
default = false
}
variable "tags" {
description = "A mapping of tags to assign to all resources"
type = map(string)
default = {}
}
variable "db_instance_tags" {
description = "Additional tags for the DB instance"
type = map(string)
default = {}
}
variable "db_option_group_tags" {
description = "Additional tags for the DB option group"
type = map(string)
default = {}
}
variable "db_parameter_group_tags" {
description = "Additional tags for the DB parameter group"
type = map(string)
default = {}
}
variable "db_subnet_group_tags" {
description = "Additional tags for the DB subnet group"
type = map(string)
default = {}
}
# DB subnet group
variable "create_db_subnet_group" {
description = "Whether to create a database subnet group"
type = bool
default = false
}
variable "db_subnet_group_name" {
description = "Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC"
type = string
default = null
}
variable "db_subnet_group_use_name_prefix" {
description = "Determines whether to use `subnet_group_name` as is or create a unique name beginning with the `subnet_group_name` as the prefix"
type = bool
default = true
}
variable "db_subnet_group_description" {
description = "Description of the DB subnet group to create"
type = string
default = null
}
variable "subnet_ids" {
description = "A list of VPC subnet IDs"
type = list(string)
default = []
}
# DB parameter group
variable "create_db_parameter_group" {
description = "Whether to create a database parameter group"
type = bool
default = true
}
variable "parameter_group_name" {
description = "Name of the DB parameter group to associate or create"
type = string
default = null
}
variable "parameter_group_use_name_prefix" {
description = "Determines whether to use `parameter_group_name` as is or create a unique name beginning with the `parameter_group_name` as the prefix"
type = bool
default = true
}
variable "parameter_group_description" {
description = "Description of the DB parameter group to create"
type = string
default = null
}
variable "family" {
description = "The family of the DB parameter group"
type = string
default = null
}
variable "parameters" {
description = "A list of DB parameters (map) to apply"
type = list(map(string))
default = []
}
# DB option group
variable "create_db_option_group" {
description = "Create a database option group"
type = bool
default = true
}
variable "option_group_name" {
description = "Name of the option group"
type = string
default = null
}
variable "option_group_use_name_prefix" {
description = "Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix"
type = bool
default = true
}
variable "option_group_description" {
description = "The description of the option group"
type = string
default = null
}
variable "major_engine_version" {
description = "Specifies the major version of the engine that this option group should be associated with"
type = string
default = null
}
variable "options" {
description = "A list of Options to apply"
type = any
default = []
}
variable "create_db_instance" {
description = "Whether to create a database instance"
type = bool
default = true
}
variable "timezone" {
description = "Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information"
type = string
default = null
}
variable "character_set_name" {
description = "The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation"
type = string
default = null
}
variable "nchar_character_set_name" {
description = "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed."
type = string
default = null
}
variable "enabled_cloudwatch_logs_exports" {
description = "List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL)"
type = list(string)
default = []
}
variable "timeouts" {
description = "Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times"
type = map(string)
default = {}
}
variable "option_group_timeouts" {
description = "Define maximum timeout for deletion of `aws_db_option_group` resource"
type = map(string)
default = {}
}
variable "deletion_protection" {
description = "The database can't be deleted when this value is set to true"
type = bool
default = false
}
variable "performance_insights_enabled" {
description = "Specifies whether Performance Insights are enabled"
type = bool
default = false
}
variable "performance_insights_retention_period" {
description = "The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31`"
type = number
default = 7
}
variable "performance_insights_kms_key_id" {
description = "The ARN for the KMS key to encrypt Performance Insights data"
type = string
default = null
}
variable "max_allocated_storage" {
description = "Specifies the value for Storage Autoscaling"
type = number
default = 0
}
variable "ca_cert_identifier" {
description = "Specifies the identifier of the CA certificate for the DB instance"
type = string
default = null
}
variable "delete_automated_backups" {
description = "Specifies whether to remove automated backups immediately after the DB instance is deleted"
type = bool
default = true
}
variable "network_type" {
description = "The type of network stack to use"
type = string
default = null
}
################################################################################
# CloudWatch Log Group
################################################################################
variable "create_cloudwatch_log_group" {
description = "Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports`"
type = bool
default = false
}
variable "cloudwatch_log_group_retention_in_days" {
description = "The number of days to retain CloudWatch logs for the DB instance"
type = number
default = 7
}
variable "cloudwatch_log_group_kms_key_id" {
description = "The ARN of the KMS Key to use when encrypting log data"
type = string
default = null
}
variable "cloudwatch_log_group_skip_destroy" {
description = "Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state"
type = bool
default = null
}
variable "cloudwatch_log_group_class" {
description = "Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS"
type = string
default = null
}
variable "putin_khuylo" {
description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
type = bool
default = true
}
################################################################################
# DB Instance Role Association
################################################################################
variable "db_instance_role_associations" {
description = "A map of DB instance supported feature name to role association ARNs."
type = map(any)
default = {}
}
################################################################################
# Managed Secret Rotation
################################################################################
variable "manage_master_user_password_rotation" {
description = "Whether to manage the master user password rotation. By default, false on creation, rotation is managed by RDS. Setting this value to false after previously having been set to true will disable automatic rotation."
type = bool
default = false
}
variable "master_user_password_rotate_immediately" {
description = "Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window."
type = bool
default = null
}
variable "master_user_password_rotation_automatically_after_days" {
description = "Specifies the number of days between automatic scheduled rotations of the secret. Either automatically_after_days or schedule_expression must be specified."
type = number
default = null
}
variable "master_user_password_rotation_duration" {
description = "The length of the rotation window in hours. For example, 3h for a three hour window."
type = string
default = null
}
variable "master_user_password_rotation_schedule_expression" {
description = "A cron() or rate() expression that defines the schedule for rotating your secret. Either automatically_after_days or schedule_expression must be specified."
type = string
default = null
}