Skip to content

squareops/terraform-aws-rds-mysql

BranchesTags

Repository files navigation

AWS RDS Terraform module

squareops_avatar

SquareOps Technologies Provide end to end solution for all your DevOps needs


The terraform-aws-rds-mysql module is a reusable infrastructure-as-code solution for deploying and managing an Amazon RDS MySQL database cluster using Terraform. It simplifies the process of provisioning and configuring a highly available and scalable MySQL database environment in AWS. Features
  1. High Availability: The module sets up a multi-AZ (Availability Zone) database cluster for enhanced fault tolerance and automatic failover.
  2. Scalability: Easily scale your database cluster by adjusting the instance count and instance type according to your needs.
  3. Security: The module integrates with AWS Identity and Access Management (IAM) for secure authentication and fine-grained access control.
  4. Backup and Recovery: Automated backups can be scheduled, and the module provides options for specifying the retention period and whether to skip a final snapshot during deletion.
  5. Encryption: Database encryption at rest can be enabled to ensure data security.
  6. Maintenance Window: Configure a maintenance window for performing regular database maintenance tasks.
  7. Public Accessibility: Choose whether the database cluster should be publicly accessible over the internet.
  8. Replication: Replicate data from another Amazon RDS database by specifying the source database identifier.
  9. Snapshot Restore: Restore the database from a specified snapshot ID to easily recreate database instances.
  10. VPC Support: Deploy the RDS cluster in a specific Virtual Private Cloud (VPC) and specify the associated subnets for network isolation.
  11. CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your RDS MYSQL status.
  12. Supports feature for storage autoscaling to avoid the storage bottleneck and Replica configuration with desired number of replicas.

Usage Example

module "rds-mysql" {
  source  = "squareops/rds-mysql/aws"

  name                             = "name"
  vpc_id                           = "vpc-0d2c255df1f"
  replica_enable                   = false
  replica_count                    = 1
  subnet_ids                       = ["subnet-04cecf2400","subnet-0ac69f821"]
  family                           = "mysql8.0
  db_name                          = "proddb"
  availability_zone                = "us-east-2a"
  multi_az                         = false
  environment                      = "prod"
  kms_key_arn                      = "arn:aws:kms:us-east-2:2222222222:key/a22ecc12-4-ae1be7590774"
  engine_version                   ="8.0.32"
  instance_class                   = "db.t3.medium"
  master_username                  = "admin"
  allocated_storage                = 20
  rds_instance_name                = "mysql"
  major_engine_version             = "8.0"
  allowed_security_groups          = ["sg-0e2f946c67"]
  publicly_accessible              = false
  skip_final_snapshot              = true
  backup_window                    = "03:00-06:00"
  snapshot_identifier              = null
  maintenance_window               = "Mon:00:00-Mon:03:00"
  final_snapshot_identifier_prefix = "prod-snapshot"
  deletion_protection              = true
  cloudwatch_metric_alarms_enabled = true
  alarm_cpu_threshold_percent      = 70
  disk_free_storage_space          = "10000000" # in bytes
  slack_username                   = "John"
  slack_channel                    = "skaf"
  slack_webhook_url                = "https://hooks/xxxxxxxx"
  custom_user_password             = "mysqlpassword"
  cluster_name                     = "" # cluster name
  namespace              = local.namespace
  create_namespace       = local.create_namespace
  mysqldb_backup_enabled = false
  bucket_provider_type   = "s3"
  mysqldb_backup_config = {
    mysql_database_name  = ""
    s3_bucket_region     = "us-west-1"
    cron_for_full_backup = "*/3 * * * *"
    bucket_uri           = "s3://mysql-rds-backup-store/"
  }
  mysqldb_restore_enabled = false
  mysqldb_restore_config = {
    bucket_uri       = "s3://mysql-rds-backup-store/mysqldump_20240709_071501.zip"
    file_name        = "mysqldump_20240709_071501.zip"
    s3_bucket_region = "us-west-1"
  }
}

Refer examples directory for more references.

IAM Permissions

The required IAM permissions to create resources from this module can be found here

Important Note

  1. By default, the variable create_random_password is set to true. Therefore, even if the user provides a password, it will not be read. The create_random_password variable should be set to false and the password variable should have a non-null value to be read and used.

  2. To make a backup and restore of RDS MySQL, you need to have a Kubernetes cluster set up in the cloud. This cluster will run a Kubernetes job that handles the backup and restore tasks.

Security & Compliance

Security scanning is graciously provided by Prowler. Proowler is the leading fully hosted, cloud-native solution providing continuous cluster security and compliance.

Benchmark Description
Ensure that encryption is enabled for RDS instances Enabled for RDS created using this module.

Requirements

Name Version
terraform >= 1.0
aws >= 4.23

Providers

Name Version
archive n/a
aws >= 4.23
random n/a

Modules

Name Source Version
cw_sns_slack ./lambda n/a
db terraform-aws-modules/rds/aws 6.1.0
db_replica terraform-aws-modules/rds/aws 6.1.0
security_group_rds terraform-aws-modules/security-group/aws 4.13.0

Resources

Name Type
aws_cloudwatch_metric_alarm.cache_cpu resource
aws_cloudwatch_metric_alarm.disk_free_storage_space_too_low resource
aws_kms_ciphertext.slack_url resource
aws_kms_key.this resource
aws_lambda_permission.sns_lambda_slack_invoke resource
aws_secretsmanager_secret.secret_master_db resource
aws_secretsmanager_secret_version.rds_credentials resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
aws_sns_topic.slack_topic resource
aws_sns_topic_subscription.slack-endpoint resource
random_password.master resource
archive_file.lambdazip data source

Inputs

Name Description Type Default Required
alarm_actions Alarm action list list(string) [] no
alarm_cpu_threshold_percent CPU threshold alarm level number 75 no
allocated_storage The storage capacity for the database number 20 no
allowed_cidr_blocks A list of CIDR blocks that are allowed to access the database list(any) [] no
allowed_security_groups A list of Security Group IDs to allow access to the database list(any) [] no
apply_immediately Specifies whether any cluster modifications are applied immediately or during the next maintenance window bool false no
availability_zone The Availability Zone of the RDS instance string null no
backup_retention_period The number of days to retain backups for number 5 no
backup_window The time window during which database backups are performed string "03:00-06:00" no
cloudwatch_log_group_retention_in_days The number of days to retain CloudWatch logs for the database instance number 7 no
cloudwatch_metric_alarms_enabled Boolean flag to enable/disable CloudWatch metrics alarms bool false no
create_db_subnet_group Whether to create a database subnet group bool true no
create_random_password Whether to create a random password for the primary database cluster bool false no
custom_user_password Custom password for the RDS master user string "" no
cw_sns_topic_arn The username to use when sending notifications to Slack. string "" no
db_name The name for an automatically created database on cluster creation string "" no
deletion_protection Whether accidental deletion protection is enabled bool true no
disk_free_storage_space Alarm threshold for the 'lowFreeStorageSpace' alarm string "10000000000" no
enable_general_log Whether to enable general logs in CloudWatch bool true no
enable_slow_query_log Whether to enable slow query logs in CloudWatch bool true no
enable_storage_autoscaling Whether enable storage autoscaling or not bool false no
engine The name of the database engine to be used for this DB cluster string "mysql" no
engine_version The database engine version. Updating this argument results in an outage. string "" no
environment Select enviroment type: dev, demo, prod string "demo" no
family Version of the MySQL DB family being created string "" no
final_snapshot_identifier_prefix The prefix name for the final snapshot on cluster destroy string "final" no
instance_class The instance type for the database string "" no
kms_key_arn The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified, the default KMS key created in your account will be used string null no
maintenance_window The maintenance window for performing database maintenance string "Mon:00:00-Mon:03:00" no
major_engine_version The major version of the database engine. Updating this argument results in an outage. string "" no
manage_master_user_password Whether to manage master user password through service linked secret manager bool false no
master_username The username for the RDS primary cluster string "" no
max_allocated_storage The Maximum storage capacity for the database value after autoscaling number null no
multi_az Enables multi-AZ for disaster recovery bool false no
name The name of the RDS instance string "" no
ok_actions The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) list(string) [] no
port The port for the database number 3306 no
publicly_accessible Specifies whether the database is publicly accessible over the internet bool false no
random_password_length The length of the randomly generated password. (default: 10) number 16 no
rds_instance_name The name of the RDS instance string "" no
replica_count The number of replica instance number 1 no
replica_enable Whether enable replica DB bool false no
replicate_source_db Specifies the identifier of another Amazon RDS Database to replicate as the source database string null no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB instance is deleted. If true, no DBSnapshot is created. If false, a DB snapshot is created using the value from final_snapshot_identifier bool true no
slack_channel The Slack channel where notifications will be posted. string "" no
slack_notification_enabled Whether to enable/disable slack notification. bool false no
slack_username The username to use when sending notifications to Slack. string "" no
slack_webhook_url The Slack Webhook URL where notifications will be sent. string "" no
snapshot_identifier Specifies whether to create this database from a snapshot. Use the snapshot ID found in the RDS console, e.g., rds:production-2015-06-26-06-05. string null no
storage_encrypted Specifies whether database encryption is enabled bool true no
storage_type The storage type for the database storage like gp2,gp3,io1 string "gp2" no
subnet_ids A list of subnet IDs used by the database subnet group created list(any) [] no
vpc_id The ID of the VPC where the RDS cluster should be deployed string "" no

Outputs

Name Description
db_instance_endpoint The endpoint for connecting to the database instance
db_instance_name The name of the database instance
db_instance_password The password for accessing the database instance (note: Terraform doesn't track changes to this password)
db_instance_username The master username for accessing the database instance
db_parameter_group_id The ID of the database parameter group
db_subnet_group_id The ID of the database subnet group
enhanced_monitoring_iam_role_arn The ARN of the monitoring role
master_credential_secret_arn The ARN of the master user secret (Only available when manage_master_user_password is set to true)
rds_dedicated_security_group The security group ID associated with the RDS cluster
replica_db_instance_address The ID of the replica database instance
replica_db_instance_endpoint The replica db endpoint for connecting to the database instance
replica_db_instance_name The name of the replica database instance

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.

About

Terraform module to create and manage an AWS RDS MySQL database.

squareops.com

Topics

mysql aws database terraform rds

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

16 stars

Watchers

1 watching

Forks

9 forks
Report repository

Releases 8

v1.1.5 Latest
Aug 20, 2024
+ 7 releases

Packages

No packages published

Contributors 9

Languages