terraform-google-modules · eidam · Sep 14, 2025 · Oct 3, 2025 · Oct 8, 2025 · Dec 4, 2025
@@ -170,7 +170,7 @@ module "pg" {
 | read\_replica\_deletion\_protection | Used to block Terraform from deleting replica SQL Instances. | `bool` | `false` | no |
 | read\_replica\_deletion\_protection\_enabled | Enables protection of replica instance from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | `bool` | `false` | no |
 | read\_replica\_name\_suffix | The optional suffix to add to the read instance name | `string` | `""` | no |
-| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = optional(string)<br>    edition               = optional(string)<br>    availability_type     = optional(string)<br>    zone                  = optional(string)<br>    disk_type             = optional(string)<br>    disk_autoresize       = optional(bool)<br>    disk_autoresize_limit = optional(number)<br>    disk_size             = optional(string)<br>    user_labels           = map(string)<br>    connection_pool_config = optional(object({<br>      enabled = optional(bool, false)<br>      flags = optional(list(object({<br>        name  = string<br>        value = string<br>      })), [])<br>    }), null)<br>    database_flags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    insights_config = optional(object({<br>      query_plans_per_minute  = optional(number, 5)<br>      query_string_length     = optional(number, 1024)<br>      record_application_tags = optional(bool, false)<br>      record_client_address   = optional(bool, false)<br>    }), null)<br>    final_backup_config = optional(object({<br>      enabled        = optional(bool, false)<br>      retention_days = optional(number, 1)<br>    }), null)<br>    ip_configuration = object({<br>      authorized_networks                           = optional(list(map(string)), [])<br>      ipv4_enabled                                  = optional(bool)<br>      private_network                               = optional(string)<br>      ssl_mode                                      = optional(string)<br>      allocated_ip_range                            = optional(string)<br>      enable_private_path_for_google_cloud_services = optional(bool, false)<br>      psc_enabled                                   = optional(bool, false)<br>      psc_allowed_consumer_projects                 = optional(list(string), [])<br>    })<br>    encryption_key_name = optional(string)<br>    data_cache_enabled  = optional(bool)<br>  }))</pre> | `[]` | no |
+| read\_replicas | List of read replicas to create. Encryption key is required for replica in different region. For replica in same region as master set encryption\_key\_name = null | <pre>list(object({<br>    name                  = string<br>    name_override         = optional(string)<br>    tier                  = optional(string)<br>    edition               = optional(string)<br>    availability_type     = optional(string)<br>    zone                  = optional(string)<br>    disk_type             = optional(string)<br>    disk_autoresize       = optional(bool)<br>    disk_autoresize_limit = optional(number)<br>    disk_size             = optional(string)<br>    user_labels           = map(string)<br>    connection_pool_config = optional(object({<br>      enabled = optional(bool, false)<br>      flags = optional(list(object({<br>        name  = string<br>        value = string<br>      })), [])<br>    }), null)<br>    database_flags = optional(list(object({<br>      name  = string<br>      value = string<br>    })), [])<br>    insights_config = optional(object({<br>      query_plans_per_minute  = optional(number, 5)<br>      query_string_length     = optional(number, 1024)<br>      record_application_tags = optional(bool, false)<br>      record_client_address   = optional(bool, false)<br>    }), null)<br>    final_backup_config = optional(object({<br>      enabled        = optional(bool, false)<br>      retention_days = optional(number, 1)<br>    }), null)<br>    ip_configuration = object({<br>      authorized_networks                           = optional(list(map(string)), [])<br>      ipv4_enabled                                  = optional(bool)<br>      private_network                               = optional(string)<br>      ssl_mode                                      = optional(string)<br>      allocated_ip_range                            = optional(string)<br>      enable_private_path_for_google_cloud_services = optional(bool, false)<br>      psc_enabled                                   = optional(bool, false)<br>      psc_allowed_consumer_projects                 = optional(list(string), [])<br>    })<br>    encryption_key_name = optional(string)<br>    data_cache_enabled  = optional(bool)<br>    node_count          = optional(number)<br>  }))</pre> | `[]` | no |
 | region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
 | retain\_backups\_on\_delete | When this parameter is set to true, Cloud SQL retains backups of the instance even after the instance is deleted. The ON\_DEMAND backup will be retained until customer deletes the backup or the project. The AUTOMATED backup will be retained based on the backups retention setting. | `bool` | `false` | no |
 | root\_password | Initial root password during creation | `string` | `null` | no |

@@ -37,6 +37,8 @@ resource "google_sql_database_instance" "replicas" {
   master_instance_name = google_sql_database_instance.default.name
   deletion_protection  = var.read_replica_deletion_protection
   encryption_key_name  = (join("-", slice(split("-", lookup(each.value, "zone", local.zone)), 0, 2))) == var.region ? null : each.value.encryption_key_name
+  instance_type        = lookup(each.value, "node_count", null) != null ? "READ_POOL_INSTANCE" : "READ_REPLICA_INSTANCE"
+  node_count           = lookup(each.value, "node_count", null)
 
   settings {
     tier                        = lookup(each.value, "tier", null) == null ? var.tier : lookup(each.value, "tier", null)
@@ -121,8 +123,11 @@ resource "google_sql_database_instance" "replicas" {
       }
     }
 
-    location_preference {
-      zone = lookup(each.value, "zone", local.zone)
+    dynamic "location_preference" {
+      for_each = lookup(each.value, "node_count", null) == null ? ["read_pool_instance"] : []
+      content {
+        zone = lookup(each.value, "zone", local.zone)
+      }
     }
 
     dynamic "data_cache_config" {

@@ -394,8 +394,13 @@ variable "read_replicas" {
     })
     encryption_key_name = optional(string)
     data_cache_enabled  = optional(bool)
+    node_count          = optional(number)
   }))
   default = []
+  validation {
+    condition     = length([for replica in var.read_replicas : false if contains(keys(replica), "node_count") && (replica.node_count < 1 || replica.node_count > 20)]) == 0
+    error_message = "node_count for read replica must be between 1 and 20."
+  }
 }
 
 variable "read_replica_name_suffix" {