Terraform module: grant read-only privileges

Module is used for granting read-only privileges on all database objects.

Specs

Some variables have default values, thus could be omitted. Look at the description in Inputs section below.

Usage example

module "grant_ro_all" {
  source = "github.com/antonvigo/pg-iac-grant-read-only"

  host = {
    host             = "pg.host.com"
    port             = 5432
    username         = "root"
    password         = "Password123"
  }

  database = {
    name  = "some_db"
    owner = "some_db_admin"
  }

  group_role     = "group_ro_all"
  make_admin_own = false
  revoke_grants  = false

  depends_on = [module.last_existing_privileges_module_call]
}

• It's strongly recommended to replace input constants with predefined variables containing corresponding values.
• Even if empty list of privilegs is provided all possbile privileges will be granted. Same way for some other variables.

Requirements

Name	Version
terraform	>= 1.0.0
local	2.4.0
null	3.2.1

Providers

Name	Version
local	2.4.0
null	3.2.1

Modules

No modules.

Resources

Name	Type
local_file.rendered_script	resource
null_resource.drop_role	resource
null_resource.run_script	resource

Inputs

Name	Description	Type	Default	Required
database	Database to manage permissions at	object({ name = string, owner = string })	n/a	yes
group_role	Group role to be granted with specified privileges	string	"group_ro_all"	no
host	RDS connection data	object({ host = string port = number username = string password = string })	n/a	yes
make_admin_own	Is it necessary to grant admin user to database owner role or not. It is in case of RDS, because standard root account isn't a superuser.	bool	true	no
revoke_grants	Revoke all grants which were provided by this module just before or not	bool	false	no

Outputs

Name	Description
grants_to_group	Name of read-only role
sql_script	Applied SQL script