Manages a RDS Aurora Cluster or a RDS Multi-AZ DB Cluster. To manage cluster instances that inherit configuration from the cluster (when not running the cluster in serverless
engine mode), see the aws_rds_cluster_instance
resource. To manage non-Aurora DB instances (e.g., MySQL, PostgreSQL, SQL Server, etc.), see the aws_db_instance
resource.
For information on the difference between the available Aurora MySQL engines see Comparison between Aurora MySQL 1 and Aurora MySQL 2 in the Amazon RDS User Guide.
Changes to an RDS Cluster can occur when you manually change a parameter, such as port
, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the apply_immediately
flag to instruct the service to apply the change immediately (see documentation below).
resource "aws_rds_cluster" "default" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-mysql"
engine_version = "5.7.mysql_aurora.2.03.2"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
resource "aws_rds_cluster" "default" {
cluster_identifier = "aurora-cluster-demo"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
resource "aws_rds_cluster" "postgresql" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-postgresql"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
To create a Multi-AZ RDS cluster, you must additionally specify the engine
, storage_type
, allocated_storage
, iops
and db_cluster_instance_class
attributes.
resource "aws_rds_cluster" "example" {
cluster_identifier = "example"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
engine = "mysql"
db_cluster_instance_class = "db.r6gd.xlarge"
storage_type = "io1"
allocated_storage = 100
iops = 1000
master_username = "test"
master_password = "mustbeeightcharaters"
}
To create a Serverless v2 RDS cluster, you must additionally specify the engine_mode
and serverlessv2_scaling_configuration
attributes. An aws_rds_cluster_instance
resource must also be added to the cluster with the instance_class
attribute specified.
resource "aws_rds_cluster" "example" {
cluster_identifier = "example"
engine = "aurora-postgresql"
engine_mode = "provisioned"
engine_version = "13.6"
database_name = "test"
master_username = "test"
master_password = "must_be_eight_characters"
storage_encrypted = true
serverlessv2_scaling_configuration {
max_capacity = 1.0
min_capacity = 0.5
}
}
resource "aws_rds_cluster_instance" "example" {
cluster_identifier = aws_rds_cluster.example.id
instance_class = "db.serverless"
engine = aws_rds_cluster.example.engine
engine_version = aws_rds_cluster.example.engine_version
}
You can specify the manage_master_user_password
attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the manage_master_user_password
attribute and removing the master_password
attribute (removal is required).
resource "aws_rds_cluster" "test" {
cluster_identifier = "example"
database_name = "test"
manage_master_user_password = true
master_username = "test"
}
You can specify the master_user_secret_kms_key_id
attribute to specify a specific KMS Key.
resource "aws_kms_key" "example" {
description = "Example KMS Key"
}
resource "aws_rds_cluster" "test" {
cluster_identifier = "example"
database_name = "test"
manage_master_user_password = true
master_username = "test"
master_user_secret_kms_key_id = aws_kms_key.example.key_id
}
data "aws_db_cluster_snapshot" "example" {
db_cluster_identifier = "example-original-cluster"
most_recent = true
}
resource "aws_rds_cluster" "example" {
# Because the global cluster is sourced from this cluster, the initial
# engine and engine_version values are defined here and automatically
# inherited by the global cluster.
engine = "aurora"
engine_version = "5.6.mysql_aurora.1.22.4"
cluster_identifier = "example"
snapshot_identifier = data.aws_db_cluster_snapshot.example.id
lifecycle {
ignore_changes = [snapshot_identifier, global_cluster_identifier]
}
}
resource "aws_rds_global_cluster" "example" {
global_cluster_identifier = "example"
source_db_cluster_identifier = aws_rds_cluster.example.arn
force_destroy = true
}
For more detailed documentation about each argument, refer to the AWS official documentation :
This argument supports the following arguments:
allocated_storage
- (Optional, Required for Multi-AZ DB cluster) The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.allow_major_version_upgrade
- (Optional) Enable to allow major engine version upgrades when changing engine versions. Defaults to false
.apply_immediately
- (Optional) Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false
. See Amazon RDS Documentation for more information.availability_zones
- (Optional) List of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created.
RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next Terraform apply.
We recommend specifying 3 AZs or using the lifecycle
configuration block ignore_changes
argument if necessary.
A maximum of 3 AZs can be configured.backtrack_window
- (Optional) Target backtrack window, in seconds. Only available for aurora
and aurora-mysql
engines currently. To disable backtracking, set this value to 0
. Defaults to 0
. Must be between 0
and 259200
(72 hours)backup_retention_period
- (Optional) Days to retain backups for. Default 1
cluster_identifier_prefix
- (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier
.cluster_identifier
- (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier.copy_tags_to_snapshot
– (Optional, boolean) Copy all Cluster tags
to snapshots. Default is false
.database_name
- (Optional) Name for an automatically created database on cluster creation. There are different naming restrictions per database engine: RDS Naming Constraintsdb_cluster_instance_class
- (Optional, Required for Multi-AZ DB cluster) The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge
. Not all DB instance classes are available in all AWS Regions, or for all database engines. For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.db_cluster_parameter_group_name
- (Optional) A cluster parameter group to associate with the cluster.db_instance_parameter_group_name
- (Optional) Instance parameter group to associate with all instances of the DB cluster. The db_instance_parameter_group_name
parameter is only valid in combination with the allow_major_version_upgrade
parameter.db_subnet_group_name
- (Optional) DB subnet group to associate with this DB cluster.
NOTE: This must match the db_subnet_group_name
specified on every aws_rds_cluster_instance
in the cluster.db_system_id
- (Optional) For use with RDS Custom.delete_automated_backups
- (Optional) Specifies whether to remove automated backups immediately after the DB cluster is deleted. Default is true
.deletion_protection
- (Optional) If the DB cluster should have deletion protection enabled.
The database can't be deleted when this value is set to true
.
The default is false
.domain
- (Optional) The ID of the Directory Service Active Directory domain to create the cluster in.domain_iam_role_name
- (Optional, but required if domain
is provided) The name of the IAM role to be used when making API calls to the Directory Service.enable_global_write_forwarding
- (Optional) Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster
's primary cluster. See the User Guide for Aurora for more information.enable_http_endpoint
- (Optional) Enable HTTP endpoint (data API). Only valid for some combinations of engine_mode
, engine
and engine_version
and only available in some regions. See the Region and version availability section of the documentation. This option also does not work with any of these options specified: snapshot_identifier
, replication_source_identifier
, s3_import
.enable_local_write_forwarding
- (Optional) Whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.. See the User Guide for Aurora for more information. NOTE: Local write forwarding requires Aurora MySQL version 3.04 or higher.enabled_cloudwatch_logs_exports
- (Optional) Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit
, error
, general
, slowquery
, postgresql
(PostgreSQL).engine_mode
- (Optional) Database engine mode. Valid values: global
(only valid for Aurora MySQL 1.21 and earlier), parallelquery
, provisioned
, serverless
. Defaults to: provisioned
. See the RDS User Guide for limitations when using serverless
.engine_version
- (Optional) Database engine version. Updating this argument results in an outage. See the Aurora MySQL and Aurora Postgres documentation for your configured engine to determine this value, or by running aws rds describe-db-engine-versions
. For example with Aurora MySQL 2, a potential value for this argument is 5.7.mysql_aurora.2.03.2
. The value can contain a partial version where supported by the API. The actual engine version used is returned in the attribute engine_version_actual
, , see Attribute Reference below.engine
- (Required) Name of the database engine to be used for this DB cluster. Valid Values: aurora-mysql
, aurora-postgresql
, mysql
, postgres
. (Note that mysql
and postgres
are Multi-AZ RDS clusters).final_snapshot_identifier
- (Optional) Name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.global_cluster_identifier
- (Optional) Global cluster identifier specified on aws_rds_global_cluster
.iam_database_authentication_enabled
- (Optional) Specifies whether or not mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see AWS Documentation for availability and limitations.iam_roles
- (Optional) List of ARNs for the IAM roles to associate to the RDS Cluster.iops
- (Optional) Amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster. For information about valid Iops values, see Amazon RDS Provisioned IOPS storage to improve performance in the Amazon RDS User Guide. (This setting is required to create a Multi-AZ DB cluster). Must be a multiple between .5 and 50 of the storage amount for the DB cluster.kms_key_id
- (Optional) ARN for the KMS encryption key. When specifying kms_key_id
, storage_encrypted
needs to be set to true.manage_master_user_password
- (Optional) Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password
is provided.master_password
- (Required unless manage_master_user_password
is set to true or unless a snapshot_identifier
or replication_source_identifier
is provided or unless a global_cluster_identifier
is provided when the cluster is the "secondary" cluster of a global database) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the RDS Naming Constraints. Cannot be set if manage_master_user_password
is set to true
.master_user_secret_kms_key_id
- (Optional) Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.master_username
- (Required unless a snapshot_identifier
or replication_source_identifier
is provided or unless a global_cluster_identifier
is provided when the cluster is the "secondary" cluster of a global database) Username for the master DB user. Please refer to the RDS Naming Constraints. This argument does not support in-place updates and cannot be changed during a restore from snapshot.network_type
- (Optional) Network type of the cluster. Valid values: IPV4
, DUAL
.port
- (Optional) Port on which the DB accepts connectionspreferred_backup_window
- (Optional) Daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per regionE.g., 04:00-09:00preferred_maintenance_window
- (Optional) Weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30replication_source_identifier
- (Optional) ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. If DB Cluster is part of a Global Cluster, use the lifecycle
configuration block ignore_changes
argument to prevent Terraform from showing differences for this argument instead of configuring this value.restore_to_point_in_time
- (Optional) Nested attribute for point in time restore. More details below.scaling_configuration
- (Optional) Nested attribute with scaling properties. Only valid when engine_mode
is set to serverless
. More details below.serverlessv2_scaling_configuration
- (Optional) Nested attribute with scaling properties for ServerlessV2. Only valid when engine_mode
is set to provisioned
. More details below.skip_final_snapshot
- (Optional) Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier
. Default is false
.snapshot_identifier
- (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot. Conflicts with global_cluster_identifier
. Clusters cannot be restored from snapshot and joined to an existing global cluster in a single operation. See the AWS documentation or the Global Cluster Restored From Snapshot example for instructions on building a global cluster starting with a snapshot.source_region
- (Optional) The source region for an encrypted replica DB cluster.storage_encrypted
- (Optional) Specifies whether the DB cluster is encrypted. The default is false
for provisioned
engine_mode
and true
for serverless
engine_mode
. When restoring an unencrypted snapshot_identifier
, the kms_key_id
argument must be provided to encrypt the restored cluster. Terraform will only perform drift detection if a configuration value is provided.storage_type
- (Optional, Required for Multi-AZ DB cluster) (Forces new for Multi-AZ DB clusters) Specifies the storage type to be associated with the DB cluster. For Aurora DB clusters, storage_type
modifications can be done in-place. For Multi-AZ DB Clusters, the iops
argument must also be set. Valid values are: ""
, aurora-iopt1
(Aurora DB Clusters); io1
, io2
(Multi-AZ DB Clusters). Default: ""
(Aurora DB Clusters); io1
(Multi-AZ DB Clusters).tags
- (Optional) A map of tags to assign to the DB cluster. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.vpc_security_group_ids
- (Optional) List of VPC security groups to associate with the ClusterFull details on the core parameters and impacts are in the API Docs: RestoreDBClusterFromS3. Requires that the S3 bucket be in the same region as the RDS cluster you're trying to create. Sample:
resource "aws_rds_cluster" "db" {
engine = "aurora"
s3_import {
source_engine = "mysql"
source_engine_version = "5.6"
bucket_name = "mybucket"
bucket_prefix = "backups"
ingestion_role = "arn:aws:iam::1234567890:role/role-xtrabackup-rds-restore"
}
}
bucket_name
- (Required) Bucket name where your backup is storedbucket_prefix
- (Optional) Can be blank, but is the path to your backupingestion_role
- (Required) Role applied to load the data.source_engine
- (Required) Source engine for the backupsource_engine_version
- (Required) Version of the source engine used to make the backupThis will not recreate the resource if the S3 object changes in some way. It's only used to initialize the database. This only works currently with the aurora engine. See AWS for currently supported engines and options. See Aurora S3 Migration Docs.
Example:
resource "aws_rds_cluster" "example-clone" {
# ... other configuration ...
restore_to_point_in_time {
source_cluster_identifier = "example"
restore_type = "copy-on-write"
use_latest_restorable_time = true
}
}
source_cluster_identifier
- (Required) Identifier of the source database cluster from which to restore. When restoring from a cluster in another AWS account, the identifier is the ARN of that cluster.restore_type
- (Optional) Type of restore to be performed.
Valid options are full-copy
(default) and copy-on-write
.use_latest_restorable_time
- (Optional) Set to true to restore the database cluster to the latest restorable backup time. Defaults to false. Conflicts with restore_to_time
.restore_to_time
- (Optional) Date and time in UTC format to restore the database cluster to. Conflicts with use_latest_restorable_time
.Example:
resource "aws_rds_cluster" "example" {
# ... other configuration ...
engine_mode = "serverless"
scaling_configuration {
auto_pause = true
max_capacity = 256
min_capacity = 2
seconds_until_auto_pause = 300
timeout_action = "ForceApplyCapacityChange"
}
}
auto_pause
- (Optional) Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Defaults to true
.max_capacity
- (Optional) Maximum capacity for an Aurora DB cluster in serverless
DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid Aurora MySQL capacity values are 1
, 2
, 4
, 8
, 16
, 32
, 64
, 128
, 256
. Valid Aurora PostgreSQL capacity values are (2
, 4
, 8
, 16
, 32
, 64
, 192
, and 384
). Defaults to 16
.min_capacity
- (Optional) Minimum capacity for an Aurora DB cluster in serverless
DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid Aurora MySQL capacity values are 1
, 2
, 4
, 8
, 16
, 32
, 64
, 128
, 256
. Valid Aurora PostgreSQL capacity values are (2
, 4
, 8
, 16
, 32
, 64
, 192
, and 384
). Defaults to 1
.seconds_until_auto_pause
- (Optional) Time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are 300
through 86400
. Defaults to 300
.timeout_action
- (Optional) Action to take when the timeout is reached. Valid values: ForceApplyCapacityChange
, RollbackCapacityChange
. Defaults to RollbackCapacityChange
. See documentation.Example:
resource "aws_rds_cluster" "example" {
# ... other configuration ...
serverlessv2_scaling_configuration {
max_capacity = 128.0
min_capacity = 0.5
}
}
max_capacity
- (Required) Maximum capacity for an Aurora DB cluster in provisioned
DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are in a range of 0.5
up to 128
in steps of 0.5
.min_capacity
- (Required) Minimum capacity for an Aurora DB cluster in provisioned
DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are in a range of 0.5
up to 128
in steps of 0.5
.This resource exports the following attributes in addition to the arguments above:
arn
- Amazon Resource Name (ARN) of clusterid
- RDS Cluster Identifiercluster_identifier
- RDS Cluster Identifiercluster_resource_id
- RDS Cluster Resource IDcluster_members
– List of RDS Instances that are a part of this clusteravailability_zones
- Availability zone of the instancebackup_retention_period
- Backup retention periodpreferred_backup_window
- Daily time range during which the backups happenpreferred_maintenance_window
- Maintenance windowendpoint
- DNS address of the RDS instancereader_endpoint
- Read-only endpoint for the Aurora cluster, automatically
load-balanced across replicasengine
- Database engineengine_version_actual
- Running version of the database.database_name
- Database nameport
- Database portmaster_username
- Master username for the databasemaster_user_secret
- Block that specifies the master user secret. Only available when manage_master_user_password
is set to true. Documented below.storage_encrypted
- Specifies whether the DB cluster is encryptedreplication_source_identifier
- ARN of the source DB cluster or DB instance if this DB cluster is created as a Read Replica.hosted_zone_id
- Route53 Hosted Zone ID of the endpointtags_all
- Map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.The master_user_secret
configuration block supports the following attributes:
kms_key_id
- Amazon Web Services KMS key identifier that is used to encrypt the secret.secret_arn
- Amazon Resource Name (ARN) of the secret.secret_status
- Status of the secret. Valid Values: creating
| active
| rotating
| impaired
.create
- (Default 120m
)update
- (Default 120m
)delete
- (Default 120m
)
any cleanup task during the destroying process.In Terraform v1.5.0 and later, use an import
block to import RDS Clusters using the cluster_identifier
. For example:
import {
to = aws_rds_cluster.aurora_cluster
id = "aurora-prod-cluster"
}
Using terraform import
, import RDS Clusters using the cluster_identifier
. For example:
% terraform import aws_rds_cluster.aurora_cluster aurora-prod-cluster