Skip to content

opszero/terraform-aws-documentdb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

128 Commits
.github
.github
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
LICENSE
LICENSE
 
 
LICENSE_PRO
LICENSE_PRO
 
 
README.md
README.md
 
 
SUPPORT
SUPPORT
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
usage.md
usage.md
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform-aws-documentdb

Terraform AWS Cloud DocumentDB Module

Table of Contents

Introduction

This Terraform module creates an AWS documentdb along with additional configuration options.

Usage

To use this module, you can include it in your Terraform configuration. Here's an example of how to use it:

Examples

Example: documentdb-secured

module "documentdb-secured" {
  source            = "git::https://github.com/opszero/terraform-aws-documentdb.git.git?ref=v1.0.1"
  name              = "documentdb"
  vpc_id            = module.vpc.vpc_id
  ssh_allowed_ip    = ["0.0.0.0/0"]
  ssh_allowed_ports = [27017]

  subnet_list             = module.subnet.public_subnet_id
  skip_final_snapshot     = var.skip_final_snapshot
  storage_encrypted       = var.storage_encrypted
  instance_class          = var.instance_class
  cluster_family          = "docdb5.0"
  cluster_size            = var.cluster_size
  deletion_protection     = true
  preferred_backup_window = "07:00-07:30"
  ca_cert_identifier      = "rds-ca-rsa2048-g1"
  parameters = [
    {
      apply_method = "immediate"
      name         = "tls"
      value        = "enabled"
    }
  ]
}

Example: documentdb-simple

module "documentdb-simple" {
  source            = "git::https://github.com/opszero/terraform-aws-documentdb.git.git?ref=v1.0.1"
  name              = "dev"

  vpc_id            = module.vpc.vpc_id
  ssh_allowed_ip    = ["0.0.0.0/0"]
  ssh_allowed_ports = [27017]

  subnet_list         = module.subnet.public_subnet_id
  master_username     = "test"
  master_password     = var.master_password
  instance_class      = var.instance_class
  cluster_size        = var.cluster_size
  deletion_protection = false
}

Examples

For detailed examples on how to use this module, please refer to the Examples directory within this repository.

Author

Your Name Replace MIT and opsZero with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Providers

Name Version
aws >= 6.14.0
random >= 3.7.2

Inputs

Name Description Type Default Required
allowed_ip List of allowed ip. list(any) 
[
  "0.0.0.0/0"
]
 no
allowed_ports List of allowed ingress ports list(any) 
[
  80,
  443
]
 no
apply_immediately Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. bool true no
ca_cert_identifier The identifier of the certificate authority (CA) certificate for the DB instance. string null no
cluster_family The family of the DocumentDB cluster parameter group. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-parameter-group-create.html . string "docdb5.0" no
cluster_size Number of DB instances to create in the cluster string "2" no
deletion_protection (optional) describe your variable bool null no
egress_ipv4_cidr_block List of CIDR blocks. Cannot be specified with source_security_group_id or self. list(string) 
[
  "0.0.0.0/0"
]
 no
egress_ipv4_from_port Egress Start port (or ICMP type number if protocol is icmp or icmpv6). number 0 no
egress_ipv4_protocol Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number string "-1" no
egress_ipv4_to_port Egress end port (or ICMP code if protocol is icmp). number 65535 no
egress_ipv6_cidr_block List of CIDR blocks. Cannot be specified with source_security_group_id or self. list(string) 
[
  "::/0"
]
 no
egress_ipv6_from_port Egress Start port (or ICMP type number if protocol is icmp or icmpv6). number 0 no
egress_ipv6_protocol Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number string "-1" no
egress_ipv6_to_port Egress end port (or ICMP code if protocol is icmp). number 65535 no
egress_rule Enable to create egress rule bool true no
enable_security_group Enable default Security Group with only Egress traffic allowed. bool true no
enabled_cloudwatch_logs_exports List of log types to export to cloudwatch. The following log types are supported: audit, error, general, slowquery. list(string) 
[
  "audit",
  "profiler"
]
 no
engine The name of the database engine to be used for this DB cluster. Defaults to docdb. Valid values: docdb. string "docdb" no
engine_version The version number of the database engine to use. string "" no
instance_class The instance class to use. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs . string "db.t3.medium" no
is_external enable to udated existing security Group bool false no
master_password (Required unless a snapshot_identifier is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. string "" no
master_username (Required unless a snapshot_identifier is provided) Username for the master DB user. string "root" no
name Name of the database. string n/a yes
parameters A list of DocumentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources. 
list(object({
    apply_method = optional(string)
    name         = string
    value        = string
  }))
 [] no
preferred_backup_window Daily time range during which the backups happen. string "07:00-09:00" no
protocol The protocol. If not icmp, tcp, udp, or all use the. string "tcp" no
retention_period Number of days to retain backups for. string "7" no
sg_description The security group description. string "Instance default security group (only egress access is allowed)." no
sg_egress_description Description of the egress and ingress rule string "Description of the rule." no
sg_egress_ipv6_description Description of the egress_ipv6 rule string "Description of the rule." no
sg_ids of the security group id. list(any) [] no
sg_ingress_description Description of the ingress rule string "Description of the ingress rule use elasticache." no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB cluster is deleted. bool false no
snapshot_identifier Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot. string "" no
ssh_allowed_ip List of allowed ip. list(any) [] no
ssh_allowed_ports List of allowed ingress ports list(any) [] no
ssh_protocol The protocol. If not icmp, tcp, udp, or all use the. string "tcp" no
ssh_sg_ingress_description Description of the ingress rule string "Description of the ingress rule use elasticache." no
storage_encrypted Specifies whether the DB cluster is encrypted. bool true no
subnet_list List of subnet IDs database instances should deploy into. list(string) 
[
  ""
]
 no
tags Additional tags (e.g. map(BusinessUnit,XYZ). map(string) {} no
vpc_id The ID of the VPC that the instance security group belongs to. string "" no

Resources

Name Type
aws_docdb_cluster.this resource
aws_docdb_cluster_instance.this resource
aws_docdb_cluster_parameter_group.this resource
aws_docdb_subnet_group.this resource
aws_security_group.default resource
aws_security_group_rule.egress_ipv4 resource
aws_security_group_rule.egress_ipv6 resource
aws_security_group_rule.ingress resource
aws_security_group_rule.ssh_ingress resource
random_password.master resource

Outputs

Name Description
arn Amazon Resource Name (ARN) of the cluster.
cluster_name Cluster Identifier.
master_password password for the master DB user.
master_username Username for the master DB user.
reader_endpoint A read-only endpoint of the DocumentDB cluster, automatically load-balanced across replicas.
writer_endpoint Endpoint of the DocumentDB cluster.

🚀 Built by opsZero!

opsZero provides software and consulting for Cloud + AI. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.

Our software and consulting solutions enable organizations to:

  • migrate workloads to the Cloud
  • setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.
  • FinOps solutions to reduce the cost of running Cloud workloads
  • Kubernetes optimized for web scale and AI workloads
  • finding underutilized Cloud resources
  • setting up custom AI training and delivery
  • building data integrations and scrapers
  • modernizing onto modern ARM based processors

We do this with a high-touch support model where you:

  • Get access to us on Slack, Microsoft Teams or Email
  • Get 24/7 coverage of your infrastructure
  • Get an accelerated migration to Kubernetes

Please schedule a call if you need support.



AWS Advanced Tier AWS DevOps Competency AWS EKS Delivery AWS Public Sector

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Sep 16, 2025

Sponsor this project

Packages

No packages published

Contributors 5

Languages