This module provides prescriptive deployment for RDS Custom for Oracle. This module provides the ability to create primary instances and associated replicas.
Figure 1 shows an example configuration you can deploy using this module. For more details, common deployment examples can be found in examples/.
Figure 1. Example configuration of RDS Custom for Oracle with a primary instance, and two replicas.- RDS Custom for Oracle primary instance using a precreated Custom Engine Version (CEV)
- (optional) RDS Custom for Oracle replica instance(s) from the primary
- (optional) IAM Role and Instance Profile for the primary and replicas
- (optional) DBSubnet Group for the primary and replicas
- (optional) Security Group for the VPC endpoints, allowing the primary and replica instance(s) to communicate with dependent AWS services
- (optional) VPC endpoints, which are rquired for primary and replica instance(s) to communicate with dependent AWS services:
- com.amazonaws.region.s3
- com.amazonaws.region.ec2
- com.amazonaws.region.ec2messages
- com.amazonaws.region.monitoring
- com.amazonaws.region.ssm
- com.amazonaws.region.ssmmessages
- com.amazonaws.region.logs
- com.amazonaws.region.events
- com.amazonaws.region.secretsmanager
RDS Custom for Oracle requires a Custom Engine Version (CEV) to be created before creating the primary instance. The CEV must be created in the same region as the primary instance. The CEV must be created using customer managed symmetric AWS KMS Key.
For more information on RDS Custom for Oracle prerequisites, see Prerequisites for using Amazon RDS Custom for Oracle.
For more information on creating a CEV, see Creating a Custom Engine Version.
If not specified, primariy instances will be placed in the first subnet provided to subnet_config
. Replicas will be placed in subnets separate from the primary, starting with the second subnet.
To specify the placement to specific availability zones for the primary and replicas, use the aws_db_instance_primary.availability_zone
and aws_db_instance_replicas.availability_zones
attribute(s). If specifified, availability_zones will be applied in order to the replicas.
If not specified, the module will create an IAM role and instance profile for the primary and replicas.
To specify the IAM role and instance profile, use the iam_role_arn
and iam_instance_profile_arn
attributes. The role name and instance profile name must start with AWSRDSCustom
.
create_iam_role = false # Toggle to create or assign IAM role. Defaut name and description will be used.
iam_role_arn = "arn:aws:iam::123456789012:role/AWSRDSCustomInstanceRole-us-west-2"
create_iam_instance_profile = false # Toggle to create or assign IAM instance profile. Defaut name and description will be used.
iam_instance_profile_arn = "arn:aws:iam::123456789012:instance-profile/AWSRDSCustomInstanceProfile-us-west-2"
Please see our developer documentation for guidance on contributing to this module.
Name | Version |
---|---|
terraform | >= 1.0.0 |
aws | >= 4.0.0 |
Name | Version |
---|---|
aws | >= 4.0.0 |
Name | Source | Version |
---|---|---|
private_link_endpoints | ./modules/endpoints | n/a |
Name | Type |
---|---|
aws_db_instance.primary | resource |
aws_db_instance.replicas | resource |
aws_db_subnet_group.rdscustom | resource |
aws_iam_instance_profile.rdscustom | resource |
aws_iam_role.rdscustom | resource |
aws_caller_identity.current | data source |
aws_iam_policy.ssm_managed_default_policy | data source |
aws_kms_key.by_id | data source |
aws_region.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_db_instance_primary | Primary instance configuration values. Map where the key is the argument. For examples, see /examples/ folder. / aws_db_instance_primary = { allocated_storage = 50 apply_immediately = false ... } / |
object({ |
n/a | yes |
private_subnet_config | List of private subnets configurations for the RDS instance and replicas. Will be applied in order to the instance first, and then replicas. | list(object({ |
n/a | yes |
private_subnet_route_table_ids | List of private subnets route tables in which to associate the gateway endpoints. | list(string) |
n/a | yes |
vpc_cidr | VPC CIDR for the endpoints to communicate with. | string |
n/a | yes |
vpc_id | VPC Id. | string |
n/a | yes |
aws_db_instance_replicas | Replica instance(s) configuration values. Map where the key is the argument. For examples, see /examples/ folder. Replicas will be placed in subnets separate from the primary by default. If specifified, availability_zones will be applied in order to the replicas. If the number of availability_zones is less than the number of replicas, the availability_zones will be applied in order until the last availability_zone is reached. if specified, identifiers will be applied in order to the replicas. If the number of identifiers is less than the number of replicas, the identifiers will be applied in order until the last identifier is reached, and then default indentifiers will be applied. / aws_db_instance_primary = { replica_count = 2 availability_zones = ["us-east-1a", "us-east-1b"] identifiers = ["replica-01", "replica-03"] replicate_source_db = "instance-01" ... } / |
object({ |
{ |
no |
create_db_subnet_group | Toggle to create or assign db subnet group. | bool |
true |
no |
create_endpoint_security_group | Toggle to create or assign endpoint security group. | bool |
true |
no |
create_iam_instance_profile | Toggle to create or assign IAM instance profile. | bool |
true |
no |
create_iam_role | Toggle to create or assign IAM role. | bool |
true |
no |
create_vpc_endpoints | Toggle to create vpc endpoints. | bool |
true |
no |
db_subnet_group | DB Subnet Group to be used. Required if create_db_subnet_group is set to false . |
string |
"" |
no |
db_subnet_group_description | Description of the db subnet group created. | string |
"DB subnet group for RDSCustomForOracle" |
no |
db_subnet_group_name | Name of db subnet group created. | string |
null |
no |
endpoint_security_group_description | Description of the endpoint security group created. | string |
"Endpoint security group" |
no |
endpoint_security_group_id | Security group to be used. Required if create_endpoint_security_group is set to false . |
string |
"" |
no |
endpoint_security_group_name | Name of endpoint security group created. | string |
null |
no |
iam_instance_profile_arn | IAM instance profile to be used. Required if create_iam_instance_profile is set to false . |
string |
null |
no |
iam_instance_profile_name | Name of IAM instance profile created. | string |
null |
no |
iam_instance_profile_path | IAM instance profile path. | string |
null |
no |
iam_role_arn | IAM role to be used. Required if create_iam_role is set to false . |
string |
null |
no |
iam_role_description | Description of the role. | string |
"Role for RDS Custom for Oracle" |
no |
iam_role_name | Name to use on IAM role created. | string |
null |
no |
iam_role_path | IAM role path. | string |
null |
no |
kms_key_id | KMS Customer Managed Key Id. | string |
"" |
no |
tags | Additional tags (e.g. map('example-inc:cost-allocation:CostCenter','XYZ' ). |
map(string) |
{} |
no |
timeout | Optional nested block of timeout values. For examples, see /examples/ folder. / timeout = { create = "4h" delete = "4h" update = "4h" } / |
any |
{} |
no |
Name | Description |
---|---|
aws_db_instance_primary_attributes | DBInstance resource attributes. Full output of aws_db_instance. |
aws_db_instance_replicas_attributes | DBInstance resource attributes. Full output of aws_db_instance. |
db_subnet_group | RDS DB subnet group. |
iam_instance_profile_name | RDS IAM instance profile. |
iam_role | RDS IAM role. |