This module creates an Azure PostgreSQL Flexible server with databases along with logging activated firewall rules. A user is created for each databases created with this module. This module does not allow users to create new objects in the public schema regarding the CVE-2018-1058.
| Module version | Terraform version | AzureRM version |
|---|---|---|
| >= 7.x.x | 1.3.x | >= 3.0 |
| >= 6.x.x | 1.x | >= 3.0 |
| >= 5.x.x | 0.15.x | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 |
| >= 3.x.x | 0.12.x | >= 2.0 |
| >= 2.x.x | 0.12.x | < 2.0 |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "azure_region" {
source = "claranet/regions/azurerm"
version = "x.x.x"
azure_region = var.azure_region
}
module "rg" {
source = "claranet/rg/azurerm"
version = "x.x.x"
location = module.azure_region.location
client_name = var.client_name
environment = var.environment
stack = var.stack
}
module "logs" {
source = "claranet/run/azurerm//modules/logs"
version = "x.x.x"
client_name = var.client_name
environment = var.environment
stack = var.stack
location = module.azure_region.location
location_short = module.azure_region.location_short
resource_group_name = module.rg.resource_group_name
}
module "postgresql_flexible" {
source = "claranet/db-postgresql-flexible/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.resource_group_name
tier = "GeneralPurpose"
size = "D2s_v3"
storage_mb = 32768
postgresql_version = 13
allowed_cidrs = {
"1" = "10.0.0.0/24"
"2" = "12.34.56.78/32"
}
backup_retention_days = 14
geo_redundant_backup_enabled = true
administrator_login = "azureadmin"
databases = {
mydatabase = {
collation = "en_US.utf8"
charset = "UTF8"
}
}
maintenance_window = {
day_of_week = 3
start_hour = 3
start_minute = 0
}
logs_destinations_ids = [
module.logs.logs_storage_account_id,
module.logs.log_analytics_workspace_id
]
extra_tags = {
foo = "bar"
}
}
provider "postgresql" {
host = module.postgresql_flexible.postgresql_flexible_fqdn
port = 5432
username = module.postgresql_flexible.postgresql_flexible_administrator_login
password = module.postgresql_flexible.postgresql_flexible_administrator_password
sslmode = "require"
superuser = false
}
module "postgresql_users" {
source = "claranet/users/postgresql"
version = "x.x.x"
for_each = module.postgresql_flexible.postgresql_flexible_databases_names
administrator_login = module.postgresql_flexible.postgresql_flexible_administrator_login
database = each.key
}
module "postgresql_configuration" {
source = "claranet/database-configuration/postgresql"
version = "x.x.x"
for_each = module.postgresql_flexible.postgresql_flexible_databases_names
administrator_login = module.postgresql_flexible.postgresql_flexible_administrator_login
database_admin_user = module.postgresql_users[each.key].user
database = each.key
schema_name = each.key
}| Name | Version |
|---|---|
| azurecaf | ~> 1.2, >= 1.2.22 |
| azurerm | ~> 3.105 |
| random | >= 2.0 |
| Name | Source | Version |
|---|---|---|
| diagnostics | claranet/diagnostic-settings/azurerm | ~> 6.5.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| administrator_login | PostgreSQL administrator login. | string |
n/a | yes |
| administrator_password | PostgreSQL administrator password. Strong Password : https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords?view=sql-server-2017. | string |
null |
no |
| allowed_cidrs | Map of authorized cidrs. | map(string) |
n/a | yes |
| authentication | Authentication configurations for the PostgreSQL Flexible Server | object({ |
{} |
no |
| auto_grow_enabled | Enable auto grow for the PostgreSQL Flexible Server. | bool |
false |
no |
| backup_retention_days | Backup retention days for the PostgreSQL Flexible Server (Between 7 and 35 days). | number |
7 |
no |
| client_name | Name of client. | string |
n/a | yes |
| custom_diagnostic_settings_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
| custom_server_name | Custom Server Name identifier. | string |
"" |
no |
| databases | Map of databases configurations with database name as key and following available configuration option: * (optional) charset: Valid PostgreSQL charset : https://www.postgresql.org/docs/current/multibyte.html#CHARSET-TABLE * (optional) collation: Valid PostgreSQL collation : http://www.postgresql.cn/docs/13/collation.html - be careful about https://docs.microsoft.com/en-us/windows/win32/intl/locale-names?redirectedfrom=MSDN |
map(object({ |
{} |
no |
| delegated_subnet_id | Id of the subnet to create the PostgreSQL Flexible Server. (Should not have any resource deployed in) | string |
null |
no |
| environment | Name of application's environnement. | string |
n/a | yes |
| extra_tags | Map of custom tags. | map(string) |
{} |
no |
| geo_redundant_backup_enabled | Enable Geo Redundant Backup for the PostgreSQL Flexible Server. | bool |
false |
no |
| location | Azure location. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to specify an Azure EventHub to send logs and metrics to, you need to provide a formated string with both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the ` |
` character. | list(string) |
n/a |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| maintenance_window | Map of maintenance window configuration. | map(number) |
null |
no |
| name_prefix | Optional prefix for the generated name. | string |
"" |
no |
| name_suffix | Optional suffix for the generated name. | string |
"" |
no |
| postgresql_configurations | PostgreSQL configurations to enable. | map(string) |
{} |
no |
| postgresql_version | Version of PostgreSQL Flexible Server. Possible values are : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server#version. | number |
13 |
no |
| private_dns_zone_id | ID of the private DNS zone to create the PostgreSQL Flexible Server. | string |
null |
no |
| public_network_access_enabled | Enable public network access for the PostgreSQL Flexible Server. | bool |
false |
no |
| resource_group_name | Name of the application ressource group, herited from infra module. | string |
n/a | yes |
| size | Size for PostgreSQL Flexible server sku : https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compute-storage. | string |
"D2ds_v4" |
no |
| stack | Name of application stack. | string |
n/a | yes |
| standby_zone | Specify availability-zone to enable high_availability and create standby PostgreSQL Flexible Server. (Null to disable high-availability) | number |
2 |
no |
| storage_mb | Storage allowed for PostgresSQL Flexible server. Possible values : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server#storage_mb. | number |
32768 |
no |
| tier | Tier for PostgreSQL Flexible server sku : https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compute-storage. Possible values are: GeneralPurpose, Burstable, MemoryOptimized. | string |
"GeneralPurpose" |
no |
| use_caf_naming | Use the Azure CAF naming provider to generate default resource name. custom_server_name override this if set. Legacy default name is used if this is set to false. |
bool |
true |
no |
| use_caf_naming_for_databases | Use the Azure CAF naming provider to generate databases name. | bool |
false |
no |
| zone | Specify availability-zone for PostgreSQL Flexible main Server. | number |
1 |
no |
| Name | Description |
|---|---|
| postgresql_flexible_administrator_login | Administrator login for PostgreSQL Flexible server. |
| postgresql_flexible_administrator_password | Administrator password for PostgreSQL Flexible server. |
| postgresql_flexible_configurations | The map of all postgresql configurations set. |
| postgresql_flexible_database_ids | The map of all database resource ids. |
| postgresql_flexible_databases_names | Map of databases names. |
| postgresql_flexible_firewall_rules | Map of PostgreSQL created rules. |
| postgresql_flexible_fqdn | FQDN of the PostgreSQL server. |
| postgresql_flexible_server_id | PostgreSQL server ID. |
| terraform_module | Information about this Terraform module |
Microsoft Azure documentation: docs.microsoft.com/fr-fr/azure/postgresql/flexible-server/