Terraform module which creates DocumentDB resources on AWS
Root module calls these modules which can also be used separately to create independent resources:
- db_subnet_group - creates DocumentDB subnet group
- db_parameter_group - creates DocumentDB parameter group
module "docdb" {
source = "osgurisdosre/documentdb/aws"
cluster_identifier = "demodb"
engine = "docdb"
engine_version = "4.0.0"
cluster_size = 3
instance_class = "db.t3.medium"
# Credentials
master_username = "user"
create_db_password = true
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
vpc_security_group_ids = ["sg-12345678"]
# DB subnet group
create_db_subnet_group = true
subnet_ids = ["subnet-123456789", "subnet-987654321" "subnet-123321123"]
# Database Deletion Protection
deletion_protection = true
# DB parameter group
create_db_parameter_group = true
parameters = [{
name = "tls"
value = "enabled"
}]
}module "docdb" {
source = "osgurisdosre/documentdb/aws"
# Disable creation of DocumentDB instance(s)
create_db = false
# Enable creation of a random password
create_db_password = true
# Enable creation of subnet group
create_db_subnet_group = true
# Enable creation of parameter group
create_db_parameter_group = true
}Users have the ability to:
- Create a new parameter group (use cluster identifier as name):
create_db_parameter_group = true
parameters = [{
name = "tls"
value = "enabled"
}]- Pass the name of a parameter group to use that has been created outside of the module:
create_db_parameter_group = false
db_parameter_group_name = "custom-docdb-4.0" # must already exist in AWS- Use a default parameter group provided by AWS
create_db_parameter_group = falseTo-do:
- This module does not create DocumentDB security group. Use terraform-aws-security-group module for this.
- By default, the variable
create_db_passwordis set to true. Therefore, even if the user provides a password, it will not be read. Thecreate_db_passwordvariable should be set to false and thepasswordvariable should have a non-null value to be read and used.
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.45 |
| random | >= 3.1 |
| Name | Version |
|---|---|
| aws | >= 4.45 |
| random | >= 3.1 |
| Name | Source | Version |
|---|---|---|
| docdb_parameter_group | ./modules/docdb_parameter_group | n/a |
| docdb_subnet_group | ./modules/docdb_subnet_group | n/a |
| Name | Type |
|---|---|
| aws_docdb_cluster.this | resource |
| aws_docdb_cluster_instance.this | resource |
| random_password.master_password | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window. | bool |
false |
no |
| auto_minor_version_upgrade | This parameter does not apply to Amazon DocumentDB.Amazon DocumentDB does not perform minor version upgrades regardless of the value set. | bool |
false |
no |
| availability_zones | A list of EC2 Availability Zones that instances in the DB cluster can be created in. | list(string) |
n/a | no |
| backup_retention_period | The days to retain backups for. | number |
7 |
no |
| cluster_identifier | The cluster identifier. If omitted, Terraform will assign a random, unique identifier. | string |
n/a | yes |
| cluster_size | Number of instances. | number |
3 |
no |
| create | Create the resource? | bool |
true |
no |
| create_db | Create the resource? | bool |
true |
no |
| create_db_parameter_group | Create the resource? | bool |
false |
no |
| create_db_password | Create the resource? | bool |
false |
no |
| create_db_subnet_group | Create the resource? | bool |
false |
no |
| db_cluster_parameter_group_name | A cluster parameter group to associate with the cluster. | string |
null |
no |
| db_parameter_group_name | A cluster parameter group name. | string |
"" |
no |
| db_subnet_group_name | The DB subnet group to associate with this DB instance. | string |
"" |
no |
| deletion_protection | A value that indicates whether the DB cluster has deletion protection enabled. | bool |
false |
no |
| enable_performance_insights | A value that indicates whether to enable Performance Insights for the DB Instance. | bool |
true |
no |
| enabled_cloudwatch_logs_exports | List of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, profiler. | list(string) |
[ |
no |
| engine | The name of the database engine to be used for this DB cluster. | string |
"docdb" |
no |
| engine_version | The database engine version. Updating this argument results in an outage. | string |
n/a | yes |
| family | The family of the documentDB cluster parameter group. | string |
"docdb4.0" |
no |
| final_snapshot_identifier | The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made. | string |
null |
no |
| identifier_prefix | Creates a unique identifier beginning with the specified prefix. | string |
null |
no |
| instance_class | The instance class to use. | string |
null |
no |
| kms_key_id | The ARN for the KMS encryption key. | string |
null |
no |
| master_password | Password for the master DB user. | string |
null |
no |
| master_username | Username for the master DB user. | string |
n/a | yes |
| parameter_description | Description for the parameter group. | string |
"Parameter group for" |
no |
| parameters | List of DB parameters to apply. | list(map(string)) |
[] |
no |
| password | Password for the master DB user. | string |
null |
no |
| performance_insights_kms_key_id | The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. | string |
null |
no |
| port | The port on which the DB accepts connections. | number |
27017 |
no |
| preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. | string |
"03:00-05:00" |
no |
| preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC). | string |
"sat:05:00-sat:08:00" |
no |
| promotion_tier | Failover Priority setting on instance level. | number |
0 |
no |
| random_password_length | The length of the string desired. | number |
16 |
no |
| sg_name_prefix | Creates a unique name beginning with the specified prefix. | string |
null |
no |
| skip_final_snapshot | Determines whether a final DB snapshot is created before the DB cluster is deleted. | bool |
true |
no |
| snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. | string |
null |
no |
| storage_encrypted | Specifies whether the DB cluster is encrypted. | bool |
true |
no |
| subnet_description | Allowed subnets for DB cluster instances. | string |
null |
no |
| subnet_ids | A list of VPC subnet IDs. | list(string) |
[] |
no |
| vpc_security_group_ids | List of VPC security groups to associate with the Cluster. | list(string) |
n/a | yes |
| vpc_tags | A map of tags to add to all resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| db_instance_endpoint | The DNS address of the DocDB Cluster |
| db_instance_endpoint_reader | The DNS address of the DocDB Cluster |
| db_instance_password | The database password (this password may be old, because Terraform doesn't track it after initial creation) |
Module is maintained by Emidio Neto, Leonardo Jardim and Yuri Azeredo
Apache 2 Licensed. See LICENSE for full details.