terraform-aws-modules · antonbabenko · Sep 22, 2020 · Jun 3, 2020 · Sep 21, 2020 · Sep 21, 2020
diff --git a/README.md b/README.md
@@ -62,6 +62,7 @@ module "db" {
 - [MySQL](examples/mysql): A simple example with VPC and MySQL cluster.
 - [Serverless](examples/serverless): Serverless PostgreSQL cluster.
 - [Advanced](examples/advanced): A PostgreSQL cluster with enhanced monitoring and autoscaling enabled.
+- [Custom Instance Settings](examples/custom_instance_settings): A PostgreSQL cluster with custom instance settings.
 
 ## Documentation
 
@@ -113,6 +114,7 @@ Terraform documentation is generated automatically using [pre-commit hooks](http
 | iam\_roles | A List of ARNs for the IAM roles to associate to the RDS Cluster. | `list(string)` | `[]` | no |
 | instance\_type | Instance type to use at master instance. If instance\_type\_replica is not set it will use the same type for replica instances | `string` | n/a | yes |
 | instance\_type\_replica | Instance type to use at replica instance | `string` | `null` | no |
+| instances\_parameters | Customized instance settings. Supported keys: instance\_name, instance\_type, instance\_promotion\_tier, publicly\_accessible | `list(map(string))` | `[]` | no |
 | kms\_key\_id | The ARN for the KMS encryption key if one is set to the cluster. | `string` | `""` | no |
 | monitoring\_interval | The interval (seconds) between points when Enhanced Monitoring metrics are collected | `number` | `0` | no |
 | monitoring\_role\_arn | IAM role for RDS to send enhanced monitoring metrics to CloudWatch | `string` | `""` | no |

diff --git a/examples/custom_instance_settings/main.tf b/examples/custom_instance_settings/main.tf
@@ -0,0 +1,81 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+######################################
+# Data sources to get VPC and subnets
+######################################
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnet_ids" "all" {
+  vpc_id = data.aws_vpc.default.id
+}
+
+#############
+# RDS Aurora
+#############
+module "aurora" {
+  source                          = "../../"
+  name                            = "aurora-example-postgresql"
+  engine                          = "aurora-postgresql"
+  engine_version                  = "11.6"
+  subnets                         = data.aws_subnet_ids.all.ids
+  vpc_id                          = data.aws_vpc.default.id
+  replica_count                   = 3
+  instance_type                   = "db.r5.large"
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_parameter_group_name         = aws_db_parameter_group.aurora_db_postgres11_parameter_group.id
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_cluster_postgres11_parameter_group.id
+  //  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+  security_group_description = ""
+
+  instances_parameters = [
+    // List index should be equal to `replica_count`
+    // Omitted keys replaced by module defaults
+    {
+      instance_type       = "db.r5.2xlarge"
+      publicly_accessible = true
+    },
+    {
+      instance_type = "db.r5.2xlarge"
+    },
+    {
+      instance_name           = "reporting"
+      instance_type           = "db.r5.large"
+      instance_promotion_tier = 15
+    }
+  ]
+}
+
+resource "aws_db_parameter_group" "aurora_db_postgres11_parameter_group" {
+  name        = "test-aurora-db-postgres11-parameter-group"
+  family      = "aurora-postgresql11"
+  description = "test-aurora-db-postgres11-parameter-group"
+}
+
+resource "aws_rds_cluster_parameter_group" "aurora_cluster_postgres11_parameter_group" {
+  name        = "test-aurora-postgres11-cluster-parameter-group"
+  family      = "aurora-postgresql11"
+  description = "test-aurora-postgres11-cluster-parameter-group"
+}
+
+############################
+# Example of security group
+############################
+resource "aws_security_group" "app_servers" {
+  name_prefix = "app-servers-"
+  description = "For application servers"
+  vpc_id      = data.aws_vpc.default.id
+}
+
+resource "aws_security_group_rule" "allow_access" {
+  type                     = "ingress"
+  from_port                = module.aurora.this_rds_cluster_port
+  to_port                  = module.aurora.this_rds_cluster_port
+  protocol                 = "tcp"
+  source_security_group_id = aws_security_group.app_servers.id
+  security_group_id        = module.aurora.this_security_group_id
+}
diff --git a/examples/custom_instance_settings/outputs.tf b/examples/custom_instance_settings/outputs.tf
@@ -0,0 +1,54 @@
+// aws_rds_cluster
+output "this_rds_cluster_id" {
+  description = "The ID of the cluster"
+  value       = module.aurora.this_rds_cluster_id
+}
+
+output "this_rds_cluster_resource_id" {
+  description = "The Resource ID of the cluster"
+  value       = module.aurora.this_rds_cluster_resource_id
+}
+
+output "this_rds_cluster_endpoint" {
+  description = "The cluster endpoint"
+  value       = module.aurora.this_rds_cluster_endpoint
+}
+
+output "this_rds_cluster_reader_endpoint" {
+  description = "The cluster reader endpoint"
+  value       = module.aurora.this_rds_cluster_reader_endpoint
+}
+
+output "this_rds_cluster_database_name" {
+  description = "Name for an automatically created database on cluster creation"
+  value       = module.aurora.this_rds_cluster_database_name
+}
+
+output "this_rds_cluster_master_password" {
+  description = "The master password"
+  value       = module.aurora.this_rds_cluster_master_password
+  sensitive   = true
+}
+
+output "this_rds_cluster_port" {
+  description = "The port"
+  value       = module.aurora.this_rds_cluster_port
+}
+
+output "this_rds_cluster_master_username" {
+  description = "The master username"
+  value       = module.aurora.this_rds_cluster_master_username
+}
+
+// aws_rds_cluster_instance
+output "this_rds_cluster_instance_endpoints" {
+  description = "A list of all cluster instance endpoints"
+  value       = module.aurora.this_rds_cluster_instance_endpoints
+}
+
+// aws_security_group
+output "this_security_group_id" {
+  description = "The security group ID of the cluster"
+  value       = module.aurora.this_security_group_id
+}
+
diff --git a/main.tf b/main.tf
@@ -64,8 +64,7 @@ resource "aws_rds_cluster" "this" {
   enabled_cloudwatch_logs_exports = var.enabled_cloudwatch_logs_exports
 
   dynamic "scaling_configuration" {
-    for_each = length(keys(var.scaling_configuration)) == 0 ? [] : [
-    var.scaling_configuration]
+    for_each = length(keys(var.scaling_configuration)) == 0 ? [] : [var.scaling_configuration]
 
     content {
       auto_pause               = lookup(scaling_configuration.value, "auto_pause", null)
@@ -82,20 +81,20 @@ resource "aws_rds_cluster" "this" {
 resource "aws_rds_cluster_instance" "this" {
   count = var.replica_scale_enabled ? var.replica_scale_min : var.replica_count
 
-  identifier                      = "${var.name}-${count.index + 1}"
+  identifier                      = length(var.instances_parameters) > count.index ? lookup(var.instances_parameters[count.index], "instance_name", "${var.name}-${count.index + 1}") : "${var.name}-${count.index + 1}"
   cluster_identifier              = aws_rds_cluster.this.id
   engine                          = var.engine
   engine_version                  = var.engine_version
-  instance_class                  = count.index > 0 ? coalesce(var.instance_type_replica, var.instance_type) : var.instance_type
-  publicly_accessible             = var.publicly_accessible
+  instance_class                  = length(var.instances_parameters) > count.index ? lookup(var.instances_parameters[count.index], "instance_type", var.instance_type) : count.index > 0 ? coalesce(var.instance_type_replica, var.instance_type) : var.instance_type
+  publicly_accessible             = length(var.instances_parameters) > count.index ? lookup(var.instances_parameters[count.index], "publicly_accessible", var.publicly_accessible) : var.publicly_accessible
   db_subnet_group_name            = local.db_subnet_group_name
   db_parameter_group_name         = var.db_parameter_group_name
   preferred_maintenance_window    = var.preferred_maintenance_window
   apply_immediately               = var.apply_immediately
   monitoring_role_arn             = local.rds_enhanced_monitoring_arn
   monitoring_interval             = var.monitoring_interval
   auto_minor_version_upgrade      = var.auto_minor_version_upgrade
-  promotion_tier                  = count.index + 1
+  promotion_tier                  = length(var.instances_parameters) > count.index ? lookup(var.instances_parameters[count.index], "instance_promotion_tier", count.index + 1) : count.index + 1
   performance_insights_enabled    = var.performance_insights_enabled
   performance_insights_kms_key_id = var.performance_insights_kms_key_id
   ca_cert_identifier              = var.ca_cert_identifier

diff --git a/variables.tf b/variables.tf
@@ -344,3 +344,9 @@ variable "ca_cert_identifier" {
   type        = string
   default     = "rds-ca-2019"
 }
+
+variable "instances_parameters" {
+  description = "Customized instance settings. Supported keys: instance_name, instance_type, instance_promotion_tier, publicly_accessible"
+  type        = list(map(string))
+  default     = []
+}