From 2c342e8b88fcf642d8d8e1c25301566e09995381 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sun, 2 Mar 2025 21:41:33 -0500 Subject: [PATCH 1/3] support aurora limitless --- README.md | 18 +++- examples/autoscaling/README.md | 4 +- examples/autoscaling/versions.tf | 2 +- examples/global-cluster/README.md | 6 +- examples/global-cluster/versions.tf | 2 +- examples/limitless/README.md | 59 +++++++++++++ examples/limitless/main.tf | 126 ++++++++++++++++++++++++++++ examples/limitless/outputs.tf | 14 ++++ examples/limitless/variables.tf | 0 examples/limitless/versions.tf | 14 ++++ examples/multi-az/README.md | 4 +- examples/multi-az/versions.tf | 2 +- examples/mysql/README.md | 4 +- examples/mysql/versions.tf | 2 +- examples/postgresql/README.md | 4 +- examples/postgresql/versions.tf | 2 +- examples/s3-import/README.md | 4 +- examples/s3-import/versions.tf | 2 +- examples/serverless/README.md | 4 +- examples/serverless/versions.tf | 2 +- main.tf | 26 +++++- outputs.tf | 19 +++++ variables.tf | 52 ++++++++++++ versions.tf | 2 +- 24 files changed, 348 insertions(+), 26 deletions(-) create mode 100644 examples/limitless/README.md create mode 100644 examples/limitless/main.tf create mode 100644 examples/limitless/outputs.tf create mode 100644 examples/limitless/variables.tf create mode 100644 examples/limitless/versions.tf diff --git a/README.md b/README.md index 4263f866..b034f5d8 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ Terraform module which creates AWS RDS Aurora resources. - Fine grained control of individual cluster instances - Custom endpoints - RDS multi-AZ support (not Aurora) +- Aurora Limitless ## Usage @@ -207,6 +208,7 @@ module "cluster" { ## Examples - [Autoscaling](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/autoscaling): A PostgreSQL cluster with enhanced monitoring and autoscaling enabled +- [Limitless](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/limitless): A PostgreSQL Limitless cluster - [Global Cluster](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/global-cluster): A PostgreSQL global cluster with clusters provisioned in two different region - [Multi-AZ](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/multi-az): A multi-AZ RDS cluster (not using Aurora engine) - [MySQL](https://github.com/terraform-aws-modules/terraform-aws-rds-aurora/tree/master/examples/mysql): A simple MySQL cluster @@ -224,13 +226,13 @@ Terraform documentation is generated automatically using [pre-commit hooks](http | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules @@ -253,6 +255,7 @@ No modules. | [aws_rds_cluster_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_instance) | resource | | [aws_rds_cluster_parameter_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_parameter_group) | resource | | [aws_rds_cluster_role_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster_role_association) | resource | +| [aws_rds_shard_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_shard_group) | resource | | [aws_secretsmanager_secret_rotation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_rotation) | resource | | [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | @@ -290,9 +293,11 @@ No modules. | [cluster\_performance\_insights\_enabled](#input\_cluster\_performance\_insights\_enabled) | Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster | `bool` | `null` | no | | [cluster\_performance\_insights\_kms\_key\_id](#input\_cluster\_performance\_insights\_kms\_key\_id) | Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the KMS Key ID to encrypt Performance Insights data. If not specified, the default RDS KMS key will be used (aws/rds) | `string` | `null` | no | | [cluster\_performance\_insights\_retention\_period](#input\_cluster\_performance\_insights\_retention\_period) | Valid only for Non-Aurora Multi-AZ DB Clusters. Specifies the amount of time to retain performance insights data for. Defaults to 7 days if Performance Insights are enabled. Valid values are 7, month * 31 (where month is a number of months from 1-23), and 731 | `number` | `null` | no | +| [cluster\_scalability\_type](#input\_cluster\_scalability\_type) | Specifies the scalability mode of the Aurora DB cluster. When set to limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation. Valid values: limitless, standard | `string` | `null` | no | | [cluster\_tags](#input\_cluster\_tags) | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | `map(string)` | `{}` | no | | [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no | | [cluster\_use\_name\_prefix](#input\_cluster\_use\_name\_prefix) | Whether to use `name` as a prefix for the cluster | `bool` | `false` | no | +| [compute\_redundancy](#input\_compute\_redundancy) | Specifies whether to create standby DB shard groups for the DB shard group | `number` | `null` | no | | [copy\_tags\_to\_snapshot](#input\_copy\_tags\_to\_snapshot) | Copy all Cluster `tags` to snapshots | `bool` | `null` | no | | [create](#input\_create) | Whether cluster should be created (affects nearly all resources) | `bool` | `true` | no | | [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | `bool` | `false` | no | @@ -302,6 +307,8 @@ No modules. | [create\_db\_subnet\_group](#input\_create\_db\_subnet\_group) | Determines whether to create the database subnet group or use existing | `bool` | `false` | no | | [create\_monitoring\_role](#input\_create\_monitoring\_role) | Determines whether to create the IAM role for RDS enhanced monitoring | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Determines whether to create security group for RDS cluster | `bool` | `true` | no | +| [create\_shard\_group](#input\_create\_shard\_group) | Whether to create a shard group resource | `bool` | `false` | no | +| [database\_insights\_mode](#input\_database\_insights\_mode) | The mode of Database Insights to enable for the DB cluster. Valid values: standard, advanced | `string` | `null` | no | | [database\_name](#input\_database\_name) | Name for an automatically created database on cluster creation | `string` | `null` | no | | [db\_cluster\_activity\_stream\_kms\_key\_id](#input\_db\_cluster\_activity\_stream\_kms\_key\_id) | The AWS KMS key identifier for encrypting messages in the database activity stream | `string` | `null` | no | | [db\_cluster\_activity\_stream\_mode](#input\_db\_cluster\_activity\_stream\_mode) | Specifies the mode of the database activity stream. Database events such as a change or access generate an activity stream event. One of: sync, async | `string` | `null` | no | @@ -317,6 +324,7 @@ No modules. | [db\_parameter\_group\_name](#input\_db\_parameter\_group\_name) | The name of the DB parameter group | `string` | `null` | no | | [db\_parameter\_group\_parameters](#input\_db\_parameter\_group\_parameters) | A list of DB parameters to apply. Note that parameters may differ from a family to an other | `list(map(string))` | `[]` | no | | [db\_parameter\_group\_use\_name\_prefix](#input\_db\_parameter\_group\_use\_name\_prefix) | Determines whether the DB parameter group name is used as a prefix | `bool` | `true` | no | +| [db\_shard\_group\_identifier](#input\_db\_shard\_group\_identifier) | The name of the DB shard group | `string` | `null` | no | | [db\_subnet\_group\_name](#input\_db\_subnet\_group\_name) | The name of the subnet group name (existing or created) | `string` | `""` | no | | [delete\_automated\_backups](#input\_delete\_automated\_backups) | Specifies whether to remove automated backups immediately after the DB cluster is deleted | `bool` | `null` | no | | [deletion\_protection](#input\_deletion\_protection) | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | `bool` | `null` | no | @@ -360,6 +368,8 @@ No modules. | [master\_user\_password\_rotation\_schedule\_expression](#input\_master\_user\_password\_rotation\_schedule\_expression) | A cron() or rate() expression that defines the schedule for rotating your secret. Either `master_user_password_rotation_automatically_after_days` or `master_user_password_rotation_schedule_expression` must be specified | `string` | `null` | no | | [master\_user\_secret\_kms\_key\_id](#input\_master\_user\_secret\_kms\_key\_id) | The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key | `string` | `null` | no | | [master\_username](#input\_master\_username) | Username for the master DB user. Required unless `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the secondary cluster of a global database | `string` | `null` | no | +| [max\_acu](#input\_max\_acu) | The maximum capacity of the DB shard group in Aurora capacity units (ACUs) | `number` | `null` | no | +| [min\_acu](#input\_min\_acu) | The minimum capacity of the DB shard group in Aurora capacity units (ACUs) | `number` | `null` | no | | [monitoring\_interval](#input\_monitoring\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disable. Default is `0` | `number` | `0` | no | | [monitoring\_role\_arn](#input\_monitoring\_role\_arn) | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | `string` | `""` | no | | [name](#input\_name) | Name used across resources created | `string` | `""` | no | @@ -383,6 +393,7 @@ No modules. | [security\_group\_tags](#input\_security\_group\_tags) | Additional tags for the security group | `map(string)` | `{}` | no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`var.name`) is used as a prefix | `bool` | `true` | no | | [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned` | `map(string)` | `{}` | no | +| [shard\_group\_timeouts](#input\_shard\_group\_timeouts) | Create, update, and delete timeout configurations for the shard group | `map(string)` | `{}` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | `bool` | `false` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | `string` | `null` | no | | [source\_region](#input\_source\_region) | The source region for an encrypted replica DB cluster | `string` | `null` | no | @@ -422,6 +433,9 @@ No modules. | [db\_cluster\_secretsmanager\_secret\_rotation\_enabled](#output\_db\_cluster\_secretsmanager\_secret\_rotation\_enabled) | Specifies whether automatic rotation is enabled for the secret | | [db\_parameter\_group\_arn](#output\_db\_parameter\_group\_arn) | The ARN of the DB parameter group created | | [db\_parameter\_group\_id](#output\_db\_parameter\_group\_id) | The ID of the DB parameter group created | +| [db\_shard\_group\_arn](#output\_db\_shard\_group\_arn) | ARN of the shard group | +| [db\_shard\_group\_endpoint](#output\_db\_shard\_group\_endpoint) | The connection endpoint for the DB shard group | +| [db\_shard\_group\_resource\_id](#output\_db\_shard\_group\_resource\_id) | The AWS Region-unique, immutable identifier for the DB shard group | | [db\_subnet\_group\_name](#output\_db\_subnet\_group\_name) | The db subnet group name | | [enhanced\_monitoring\_iam\_role\_arn](#output\_enhanced\_monitoring\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the enhanced monitoring role | | [enhanced\_monitoring\_iam\_role\_name](#output\_enhanced\_monitoring\_iam\_role\_name) | The name of the enhanced monitoring role | diff --git a/examples/autoscaling/README.md b/examples/autoscaling/README.md index 92c46b47..c40b4e5a 100644 --- a/examples/autoscaling/README.md +++ b/examples/autoscaling/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules diff --git a/examples/autoscaling/versions.tf b/examples/autoscaling/versions.tf index 529264fd..c00acf71 100644 --- a/examples/autoscaling/versions.tf +++ b/examples/autoscaling/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } diff --git a/examples/global-cluster/README.md b/examples/global-cluster/README.md index c492c319..af76781a 100644 --- a/examples/global-cluster/README.md +++ b/examples/global-cluster/README.md @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | | [random](#requirement\_random) | >= 2.2 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | -| [aws.secondary](#provider\_aws.secondary) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | +| [aws.secondary](#provider\_aws.secondary) | >= 5.89 | | [random](#provider\_random) | >= 2.2 | ## Modules diff --git a/examples/global-cluster/versions.tf b/examples/global-cluster/versions.tf index 2b46d381..157cc31a 100644 --- a/examples/global-cluster/versions.tf +++ b/examples/global-cluster/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } random = { diff --git a/examples/limitless/README.md b/examples/limitless/README.md new file mode 100644 index 00000000..efbf8c2c --- /dev/null +++ b/examples/limitless/README.md @@ -0,0 +1,59 @@ +# AWS RDS Auora Limitless + +Configuration in this directory creates a PostgreSQL Limitless cluster. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 5.89 | +| [random](#requirement\_random) | >= 3.5 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.89 | +| [random](#provider\_random) | >= 3.5 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [aurora](#module\_aurora) | ../../ | n/a | +| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [random_password.master](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [db\_shard\_group\_arn](#output\_db\_shard\_group\_arn) | ARN of the shard group | +| [db\_shard\_group\_endpoint](#output\_db\_shard\_group\_endpoint) | The connection endpoint for the DB shard group | +| [db\_shard\_group\_resource\_id](#output\_db\_shard\_group\_resource\_id) | The AWS Region-unique, immutable identifier for the DB shard group | + diff --git a/examples/limitless/main.tf b/examples/limitless/main.tf new file mode 100644 index 00000000..724d6ac8 --- /dev/null +++ b/examples/limitless/main.tf @@ -0,0 +1,126 @@ +provider "aws" { + region = local.region +} + +data "aws_availability_zones" "available" {} + +locals { + name = "ex-${basename(path.cwd)}" + region = "eu-west-1" + + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + tags = { + Example = local.name + GithubRepo = "terraform-aws-rds-aurora" + GithubOrg = "terraform-aws-modules" + } +} + +################################################################################ +# RDS Aurora Module +################################################################################ + +module "aurora" { + source = "../../" + + name = local.name + engine = "aurora-postgresql" + engine_version = "16.6-limitless" + master_username = "root" + storage_type = "aurora-iopt1" + cluster_monitoring_interval = 30 + cluster_scalability_type = "limitless" + cluster_performance_insights_enabled = true + cluster_performance_insights_retention_period = 31 + + create_shard_group = true + compute_redundancy = 0 + db_shard_group_identifier = local.name + max_acu = 16 + + # aurora limitless clusters do not support managed master user password + manage_master_user_password = false + master_password = random_password.master.result + + vpc_id = module.vpc.vpc_id + db_subnet_group_name = module.vpc.database_subnet_group_name + security_group_rules = { + vpc_ingress = { + cidr_blocks = module.vpc.private_subnets_cidr_blocks + } + egress_example = { + type = "egress" + cidr_blocks = ["10.33.0.0/28"] + description = "Egress to corporate printer closet" + } + } + + apply_immediately = true + skip_final_snapshot = true + + create_db_cluster_parameter_group = true + db_cluster_parameter_group_name = local.name + db_cluster_parameter_group_family = "aurora-postgresql16" + db_cluster_parameter_group_description = "${local.name} example cluster parameter group" + db_cluster_parameter_group_parameters = [ + { + name = "log_min_duration_statement" + value = 4000 + apply_method = "immediate" + }, { + name = "rds.force_ssl" + value = 1 + apply_method = "immediate" + } + ] + + enabled_cloudwatch_logs_exports = ["postgresql"] + create_cloudwatch_log_group = true + + cloudwatch_log_group_tags = { + Sensitivity = "high" + } + + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ + +resource "random_password" "master" { + length = 20 + special = false +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)] + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 3)] + database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 6)] + + tags = local.tags +} + +module "kms" { + source = "terraform-aws-modules/kms/aws" + version = "~> 2.0" + + deletion_window_in_days = 7 + description = "KMS key for ${local.name} cluster activity stream." + enable_key_rotation = true + is_enabled = true + key_usage = "ENCRYPT_DECRYPT" + + aliases = [local.name] + + tags = local.tags +} diff --git a/examples/limitless/outputs.tf b/examples/limitless/outputs.tf new file mode 100644 index 00000000..e44d3c4a --- /dev/null +++ b/examples/limitless/outputs.tf @@ -0,0 +1,14 @@ +output "db_shard_group_arn" { + description = "ARN of the shard group" + value = module.aurora.db_shard_group_arn +} + +output "db_shard_group_resource_id" { + description = "The AWS Region-unique, immutable identifier for the DB shard group" + value = module.aurora.db_shard_group_resource_id +} + +output "db_shard_group_endpoint" { + description = "The connection endpoint for the DB shard group" + value = module.aurora.db_shard_group_endpoint +} diff --git a/examples/limitless/variables.tf b/examples/limitless/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/examples/limitless/versions.tf b/examples/limitless/versions.tf new file mode 100644 index 00000000..2832cf71 --- /dev/null +++ b/examples/limitless/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.89" + } + random = { + source = "hashicorp/random" + version = ">= 3.5" + } + } +} diff --git a/examples/multi-az/README.md b/examples/multi-az/README.md index bb54647f..d97a1a80 100644 --- a/examples/multi-az/README.md +++ b/examples/multi-az/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules diff --git a/examples/multi-az/versions.tf b/examples/multi-az/versions.tf index 529264fd..c00acf71 100644 --- a/examples/multi-az/versions.tf +++ b/examples/multi-az/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } diff --git a/examples/mysql/README.md b/examples/mysql/README.md index fe233bf6..ec4fcab7 100644 --- a/examples/mysql/README.md +++ b/examples/mysql/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules diff --git a/examples/mysql/versions.tf b/examples/mysql/versions.tf index 529264fd..c00acf71 100644 --- a/examples/mysql/versions.tf +++ b/examples/mysql/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } diff --git a/examples/postgresql/README.md b/examples/postgresql/README.md index fe40ff88..223fd64a 100644 --- a/examples/postgresql/README.md +++ b/examples/postgresql/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules diff --git a/examples/postgresql/versions.tf b/examples/postgresql/versions.tf index 529264fd..c00acf71 100644 --- a/examples/postgresql/versions.tf +++ b/examples/postgresql/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } diff --git a/examples/s3-import/README.md b/examples/s3-import/README.md index a318344f..e128f91a 100644 --- a/examples/s3-import/README.md +++ b/examples/s3-import/README.md @@ -49,13 +49,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | ## Modules diff --git a/examples/s3-import/versions.tf b/examples/s3-import/versions.tf index 529264fd..c00acf71 100644 --- a/examples/s3-import/versions.tf +++ b/examples/s3-import/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } diff --git a/examples/serverless/README.md b/examples/serverless/README.md index 323f815b..42eb54ca 100644 --- a/examples/serverless/README.md +++ b/examples/serverless/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.86 | +| [aws](#requirement\_aws) | >= 5.89 | | [random](#requirement\_random) | >= 3.5 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.86 | +| [aws](#provider\_aws) | >= 5.89 | | [random](#provider\_random) | >= 3.5 | ## Modules diff --git a/examples/serverless/versions.tf b/examples/serverless/versions.tf index a7425345..2832cf71 100644 --- a/examples/serverless/versions.tf +++ b/examples/serverless/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } random = { source = "hashicorp/random" diff --git a/main.tf b/main.tf index d72640d6..8fc0e835 100644 --- a/main.tf +++ b/main.tf @@ -49,7 +49,9 @@ resource "aws_rds_cluster" "this" { cluster_identifier = var.cluster_use_name_prefix ? null : var.name cluster_identifier_prefix = var.cluster_use_name_prefix ? "${var.name}-" : null cluster_members = var.cluster_members + cluster_scalability_type = var.cluster_scalability_type copy_tags_to_snapshot = var.copy_tags_to_snapshot + database_insights_mode = var.database_insights_mode database_name = var.is_primary_cluster ? var.database_name : null db_cluster_instance_class = var.db_cluster_instance_class db_cluster_parameter_group_name = var.create_db_cluster_parameter_group ? aws_rds_cluster_parameter_group.this[0].id : var.db_cluster_parameter_group_name @@ -62,7 +64,7 @@ resource "aws_rds_cluster" "this" { enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports enable_http_endpoint = var.enable_http_endpoint engine = var.engine - engine_mode = var.engine_mode + engine_mode = var.cluster_scalability_type == "limitless" ? "" : var.engine_mode engine_version = var.engine_version engine_lifecycle_support = var.engine_lifecycle_support final_snapshot_identifier = var.final_snapshot_identifier @@ -473,3 +475,25 @@ resource "aws_secretsmanager_secret_rotation" "this" { schedule_expression = var.master_user_password_rotation_schedule_expression } } + +################################################################################ +# RDS Shard Group +################################################################################ + +resource "aws_rds_shard_group" "this" { + count = local.create && var.create_shard_group ? 1 : 0 + + compute_redundancy = var.compute_redundancy + db_cluster_identifier = aws_rds_cluster.this[0].id + db_shard_group_identifier = var.db_shard_group_identifier + max_acu = var.max_acu + min_acu = var.min_acu + publicly_accessible = var.publicly_accessible + tags = var.tags + + timeouts { + create = try(var.shard_group_timeouts.create, null) + update = try(var.shard_group_timeouts.update, null) + delete = try(var.shard_group_timeouts.delete, null) + } +} diff --git a/outputs.tf b/outputs.tf index f755d007..4dc94773 100644 --- a/outputs.tf +++ b/outputs.tf @@ -198,3 +198,22 @@ output "db_cluster_secretsmanager_secret_rotation_enabled" { description = "Specifies whether automatic rotation is enabled for the secret" value = try(aws_secretsmanager_secret_rotation.this[0].rotation_enabled, null) } + +################################################################################ +# RDS Shard Group +################################################################################ + +output "db_shard_group_arn" { + description = "ARN of the shard group" + value = try(aws_rds_shard_group.this[0].arn, null) +} + +output "db_shard_group_resource_id" { + description = "The AWS Region-unique, immutable identifier for the DB shard group" + value = try(aws_rds_shard_group.this[0].db_shard_group_resource_id, null) +} + +output "db_shard_group_endpoint" { + description = "The connection endpoint for the DB shard group" + value = try(aws_rds_shard_group.this[0].endpoint, null) +} diff --git a/variables.tf b/variables.tf index f9676340..a16f8dda 100644 --- a/variables.tf +++ b/variables.tf @@ -102,6 +102,12 @@ variable "cluster_members" { default = null } +variable "cluster_scalability_type" { + description = "Specifies the scalability mode of the Aurora DB cluster. When set to limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation. Valid values: limitless, standard" + type = string + default = null +} + variable "cluster_performance_insights_enabled" { description = "Valid only for Non-Aurora Multi-AZ DB Clusters. Enables Performance Insights for the RDS Cluster" type = bool @@ -132,6 +138,12 @@ variable "copy_tags_to_snapshot" { default = null } +variable "database_insights_mode" { + description = "The mode of Database Insights to enable for the DB cluster. Valid values: standard, advanced" + type = string + default = null +} + variable "database_name" { description = "Name for an automatically created database on cluster creation" type = string @@ -823,3 +835,43 @@ variable "master_user_password_rotation_schedule_expression" { type = string default = null } + +################################################################################ +# RDS Shard Group +################################################################################ + +variable "create_shard_group" { + description = "Whether to create a shard group resource" + type = bool + default = false +} + +variable "compute_redundancy" { + description = "Specifies whether to create standby DB shard groups for the DB shard group" + type = number + default = null +} + +variable "db_shard_group_identifier" { + description = "The name of the DB shard group" + type = string + default = null +} + +variable "max_acu" { + description = "The maximum capacity of the DB shard group in Aurora capacity units (ACUs)" + type = number + default = null +} + +variable "min_acu" { + description = "The minimum capacity of the DB shard group in Aurora capacity units (ACUs)" + type = number + default = null +} + +variable "shard_group_timeouts" { + description = "Create, update, and delete timeout configurations for the shard group" + type = map(string) + default = {} +} diff --git a/versions.tf b/versions.tf index 529264fd..c00acf71 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86" + version = ">= 5.89" } } } From 6dd0933641f1a81a88fc50b6d991c81fce217053 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Sun, 2 Mar 2025 21:47:34 -0500 Subject: [PATCH 2/3] add doc ref comment --- examples/limitless/main.tf | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/examples/limitless/main.tf b/examples/limitless/main.tf index 724d6ac8..5524cbd1 100644 --- a/examples/limitless/main.tf +++ b/examples/limitless/main.tf @@ -25,13 +25,15 @@ locals { module "aurora" { source = "../../" - name = local.name - engine = "aurora-postgresql" - engine_version = "16.6-limitless" - master_username = "root" - storage_type = "aurora-iopt1" - cluster_monitoring_interval = 30 - cluster_scalability_type = "limitless" + name = local.name + engine = "aurora-postgresql" + engine_version = "16.6-limitless" + master_username = "root" + storage_type = "aurora-iopt1" + cluster_monitoring_interval = 30 + cluster_scalability_type = "limitless" + + # https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless-reqs-limits.html cluster_performance_insights_enabled = true cluster_performance_insights_retention_period = 31 From 23478c40023dfab72273c6d48fad3ab7c79499e4 Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Mon, 3 Mar 2025 20:25:34 -0500 Subject: [PATCH 3/3] feedback changes --- README.md | 1 + main.tf | 2 +- variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b034f5d8..dd4bdc16 100644 --- a/README.md +++ b/README.md @@ -393,6 +393,7 @@ No modules. | [security\_group\_tags](#input\_security\_group\_tags) | Additional tags for the security group | `map(string)` | `{}` | no | | [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`var.name`) is used as a prefix | `bool` | `true` | no | | [serverlessv2\_scaling\_configuration](#input\_serverlessv2\_scaling\_configuration) | Map of nested attributes with serverless v2 scaling properties. Only valid when `engine_mode` is set to `provisioned` | `map(string)` | `{}` | no | +| [shard\_group\_tags](#input\_shard\_group\_tags) | Additional tags for the shard group | `map(string)` | `{}` | no | | [shard\_group\_timeouts](#input\_shard\_group\_timeouts) | Create, update, and delete timeout configurations for the shard group | `map(string)` | `{}` | no | | [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | `bool` | `false` | no | | [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | `string` | `null` | no | diff --git a/main.tf b/main.tf index 8fc0e835..6a438f73 100644 --- a/main.tf +++ b/main.tf @@ -489,7 +489,7 @@ resource "aws_rds_shard_group" "this" { max_acu = var.max_acu min_acu = var.min_acu publicly_accessible = var.publicly_accessible - tags = var.tags + tags = merge(var.tags, var.shard_group_tags) timeouts { create = try(var.shard_group_timeouts.create, null) diff --git a/variables.tf b/variables.tf index a16f8dda..c1f35581 100644 --- a/variables.tf +++ b/variables.tf @@ -870,6 +870,12 @@ variable "min_acu" { default = null } +variable "shard_group_tags" { + description = "Additional tags for the shard group" + type = map(string) + default = {} +} + variable "shard_group_timeouts" { description = "Create, update, and delete timeout configurations for the shard group" type = map(string)