This Terraform module creates a Azure PostgreSQL Database.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "examples-rg"
location = "West Europe"
}
module "postgresql" {
source = "Azure/postgresql/azurerm"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
server_name = "examples-server"
sku_name = "GP_Gen5_2"
storage_mb = 5120
auto_grow_enabled = false
backup_retention_days = 7
geo_redundant_backup_enabled = false
administrator_login = "login"
administrator_password = "password"
server_version = "9.5"
ssl_enforcement_enabled = true
public_network_access_enabled = true
db_names = ["my_db1", "my_db2"]
db_charset = "UTF8"
db_collation = "English_United States.1252"
firewall_rule_prefix = "firewall-"
firewall_rules = [
{ name = "test1", start_ip = "10.0.0.5", end_ip = "10.0.0.8" },
{ start_ip = "127.0.0.0", end_ip = "127.0.1.0" },
]
vnet_rule_name_prefix = "postgresql-vnet-rule-"
vnet_rules = [
{ name = "subnet1", subnet_id = "<subnet_id>" }
]
tags = {
Environment = "Production",
CostCenter = "Contoso IT",
}
postgresql_configurations = {
backslash_quote = "on",
}
depends_on = [azurerm_resource_group.example]
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "examples-rg"
location = "West Europe"
}
module "postgresql" {
source = "Azure/postgresql/azurerm"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
server_name = "examples-server"
sku_name = "GP_Gen5_2"
storage_mb = 5120
auto_grow_enabled = false
backup_retention_days = 7
geo_redundant_backup_enabled = false
administrator_login = "login"
administrator_password = "password"
server_version = "9.5"
ssl_enforcement_enabled = true
public_network_access_enabled = true
db_names = ["my_db1", "my_db2"]
db_charset = "UTF8"
db_collation = "English_United States.1252"
firewall_rule_prefix = "firewall-"
firewall_rules = [
{ name = "test1", start_ip = "10.0.0.5", end_ip = "10.0.0.8" },
{ start_ip = "127.0.0.0", end_ip = "127.0.1.0" },
]
vnet_rule_name_prefix = "postgresql-vnet-rule-"
vnet_rules = [
{ name = "subnet1", subnet_id = "<subnet_id>" }
]
tags = {
Environment = "Production",
CostCenter = "Contoso IT",
}
postgresql_configurations = {
backslash_quote = "on",
}
}
We assumed that you have setup service principal's credentials in your environment variables like below:
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
On Windows Powershell:
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"
We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest
To run the pre-commit task, we can run the following command:
$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
In pre-commit task, we will:
- Run
terraform fmt -recursive
command for your Terraform code. - Run
terrafmt fmt -f
command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted. - Run
go mod tidy
andgo mod vendor
for test folder to ensure that all the dependencies have been synced. - Run
gofmt
for all go code files. - Run
gofumpt
for all go code files. - Run
terraform-docs
onREADME.md
file, then runmarkdown-table-formatter
to format markdown tables inREADME.md
.
Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):
$ docker run --rm -v $(pwd):/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
On Windows Powershell:
$ docker run --rm -v ${pwd}:/src -w /src -e TFLINT_CONFIG=.tflint_alt.hcl mcr.microsoft.com/azterraform:latest make pr-check
To run the e2e-test, we can run the following command:
docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
We're using BridgeCrew Yor and yorbox to help manage tags consistently across infrastructure as code (IaC) frameworks. In this module you might see tags like:
resource "azurerm_resource_group" "rg" {
location = "eastus"
name = random_pet.name
tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
avm_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
avm_git_file = "main.tf"
avm_git_last_modified_at = "2023-05-05 08:57:54"
avm_git_org = "lonegunmanb"
avm_git_repo = "terraform-yor-tag-test-module"
avm_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
} /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
}
To enable tracing tags, set the variable to true:
module "example" {
source = "{module_source}"
...
tracing_tags_enabled = true
}
The tracing_tags_enabled
is default to false
.
To customize the prefix for your tracing tags, set the tracing_tags_prefix
variable value in your Terraform configuration:
module "example" {
source = "{module_source}"
...
tracing_tags_prefix = "custom_prefix_"
}
The actual applied tags would be:
{
custom_prefix_git_commit = "3077cc6d0b70e29b6e106b3ab98cee6740c916f6"
custom_prefix_git_file = "main.tf"
custom_prefix_git_last_modified_at = "2023-05-05 08:57:54"
custom_prefix_git_org = "lonegunmanb"
custom_prefix_git_repo = "terraform-yor-tag-test-module"
custom_prefix_yor_trace = "a0425718-c57d-401c-a7d5-f3d88b2551a4"
}
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Name | Version |
---|---|
terraform | >= 1.2 |
azurerm | >= 3.0, < 4.0 |
Name | Version |
---|---|
azurerm | >= 3.0, < 4.0 |
No modules.
Name | Type |
---|---|
azurerm_postgresql_configuration.db_configs | resource |
azurerm_postgresql_database.dbs | resource |
azurerm_postgresql_firewall_rule.firewall_rules | resource |
azurerm_postgresql_server.server | resource |
azurerm_postgresql_virtual_network_rule.vnet_rules | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
administrator_login | The Administrator Login for the PostgreSQL Server. Changing this forces a new resource to be created. | string |
n/a | yes |
administrator_password | The Password associated with the administrator_login for the PostgreSQL Server. | string |
n/a | yes |
auto_grow_enabled | (Optional) Enable or disable incremental automatic growth of database space. Storage auto-grow prevents your server from running out of storage and becoming read-only. If storage auto grow is enabled, the storage automatically grows without impacting the workload. The default value if not explicitly specified is true . |
bool |
true |
no |
backup_retention_days | Backup retention days for the server, supported values are between 7 and 35 days. | number |
7 |
no |
create_mode | (Optional) The creation mode. Can be used to restore or replicate existing servers. Possible values are Default , Replica , GeoRestore , and PointInTimeRestore . Defaults to Default. |
string |
"Default" |
no |
creation_source_server_id | (Optional) For creation modes other than Default , the source server ID to use. |
string |
null |
no |
db_charset | Specifies the Charset for the PostgreSQL Database, which needs to be a valid PostgreSQL Charset. Changing this forces a new resource to be created. | string |
"UTF8" |
no |
db_collation | Specifies the Collation for the PostgreSQL Database, which needs to be a valid PostgreSQL Collation. Note that Microsoft uses different notation - en-US instead of en_US. Changing this forces a new resource to be created. | string |
"English_United States.1252" |
no |
db_names | The list of names of the PostgreSQL Database, which needs to be a valid PostgreSQL identifier. Changing this forces a new resource to be created. | list(string) |
[] |
no |
firewall_rule_prefix | Specifies prefix for firewall rule names. | string |
"firewall-" |
no |
firewall_rules | The list of maps, describing firewall rules. Valid map items: name, start_ip, end_ip. | list(map(string)) |
[] |
no |
geo_redundant_backup_enabled | Enable Geo-redundant or not for server backup. Valid values for this property are Enabled or Disabled, not supported for the basic tier. | bool |
true |
no |
infrastructure_encryption_enabled | Whether or not infrastructure is encrypted for this server | bool |
true |
no |
location | Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | string |
n/a | yes |
postgresql_configurations | A map with PostgreSQL configurations to enable. | map(string) |
{} |
no |
public_network_access_enabled | Whether or not public network access is allowed for this server. Possible values are Enabled and Disabled. | bool |
false |
no |
resource_group_name | The name of the resource group in which to create the PostgreSQL Server. Changing this forces a new resource to be created. | string |
n/a | yes |
server_name | Specifies the name of the PostgreSQL Server. Changing this forces a new resource to be created. | string |
n/a | yes |
server_version | Specifies the version of PostgreSQL to use. Valid values are 9.5 , 9.6 , 10.0 , 10.2 and 11 . Changing this forces a new resource to be created. |
string |
"9.5" |
no |
sku_name | Specifies the SKU Name for this PostgreSQL Server. The name of the SKU, follows the tier + family + cores pattern (e.g. B_Gen4_1, GP_Gen5_8). | string |
"GP_Gen5_4" |
no |
ssl_enforcement_enabled | Specifies if SSL should be enforced on connections. Possible values are Enabled and Disabled. | bool |
true |
no |
ssl_minimal_tls_version_enforced | (Optional) The minimum TLS version to support on the sever. Possible values are TLSEnforcementDisabled , TLS1_0 , TLS1_1 , and TLS1_2 . Defaults to TLS1_2 . ssl_minimal_tls_version_enforced must be set to TLSEnforcementDisabled when ssl_enforcement_enabled is set to false . |
string |
"TLS1_2" |
no |
storage_mb | Max storage allowed for a server. Possible values are between 5120 MB(5GB) and 1048576 MB(1TB) for the Basic SKU and between 5120 MB(5GB) and 4194304 MB(4TB) for General Purpose/Memory Optimized SKUs. | number |
102400 |
no |
tags | A map of tags to set on every taggable resources. Empty by default. | map(string) |
{} |
no |
threat_detection_policy | Threat detection policy configuration, known in the API as Server Security Alerts Policy | object( |
null |
no |
tracing_tags_enabled | Whether enable tracing tags that generated by BridgeCrew Yor. | bool |
false |
no |
tracing_tags_prefix | Default prefix for generated tracing tags | string |
"avm_" |
no |
vnet_rule_name_prefix | Specifies prefix for vnet rule names. | string |
"postgresql-vnet-rule-" |
no |
vnet_rules | The list of maps, describing vnet rules. Valud map items: name, subnet_id. | list(map(string)) |
[] |
no |
Name | Description |
---|---|
administrator_login | The Administrator login for the PostgreSQL Server |
administrator_password | The Password associated with the administrator_login for the PostgreSQL Server |
database_ids | The list of all database resource ids |
firewall_rule_ids | The list of all firewall rule resource ids |
server_fqdn | The fully qualified domain name (FQDN) of the PostgreSQL server |
server_id | The resource id of the PostgreSQL server |
server_name | The name of the PostgreSQL server |
vnet_rule_ids | The list of all vnet rule resource ids |