Resource: awsDbInstance
Provides an RDS instance resource. A DB instance is an isolated database environment in the cloud. A DB instance can contain multiple user-created databases.
Changes to a DB instance can occur when you manually change a parameter, such as allocatedStorage
, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the applyImmediately
flag to instruct the service to apply the change immediately (see documentation below).
When upgrading the major version of an engine, allowMajorVersionUpgrade
must be set to true
.
\~> Note: using applyImmediately
can result in a brief downtime as the server reboots. See the AWS Docs on RDS Instance Maintenance for more information.
\~> Note: All arguments including the username and password will be stored in the raw state as plain-text. Read more about sensitive data instate.
Hands-on: Try the Manage AWS RDS Instances tutorial on HashiCorp Learn.
RDS Instance Class Types
Amazon RDS supports three types of instance classes: Standard, Memory Optimized, and Burstable Performance. For more information please read the AWS RDS documentation about DB Instance Class Types
Low-Downtime Updates
By default, RDS applies updates to DB Instances in-place, which can lead to service interruptions. Low-downtime updates minimize service interruptions by performing the updates with an RDS Blue/Green deployment and switching over the instances when complete.
Low-downtime updates are only available for DB Instances using MySQL and MariaDB, as other engines are not supported by RDS Blue/Green deployments.
Backups must be enabled to use low-downtime updates.
Enable low-downtime updates by setting blueGreenUpdateEnabled
to true
.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dbInstance.DbInstance(this, "default", {
allocatedStorage: 10,
dbName: "mydb",
engine: "mysql",
engineVersion: "5.7",
instanceClass: "db.t3.micro",
parameterGroupName: "default.mysql5.7",
password: "foobarbaz",
skipFinalSnapshot: true,
username: "foo",
});
Storage Autoscaling
To enable Storage Autoscaling with instances that support the feature, define the maxAllocatedStorage
argument higher than the allocatedStorage
argument. Terraform will automatically hide differences with the allocatedStorage
argument value if autoscaling occurs.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dbInstance.DbInstance(this, "example", {
allocatedStorage: 50,
maxAllocatedStorage: 100,
});
Argument Reference
For more detailed documentation about each argument, refer to the AWS official documentation.
The following arguments are supported:
allocatedStorage
- (Required unless asnapshotIdentifier
orreplicateSourceDb
is provided) The allocated storage in gibibytes. IfmaxAllocatedStorage
is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. IfreplicateSourceDb
is set, the value is ignored during the creation of the instance.allowMajorVersionUpgrade
- (Optional) Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible.applyImmediately
- (Optional) Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default isfalse
. See Amazon RDS Documentation for more information.autoMinorVersionUpgrade
- (Optional) Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Defaults to true.availabilityZone
- (Optional) The AZ for the RDS instance.backupRetentionPeriod
- (Optional) The days to retain backups for. Must be between0
and35
. Default is0
. Must be greater than0
if the database is used as a source for a Read Replica, uses low-downtime updates, or will use RDS Blue/Green deployments.backupWindow
- (Optional) The daily time range (in UTC) during which automated backups are created if they are enabled. Example: "09:46-10:16". Must not overlap withmaintenanceWindow
.blueGreenUpdate
- (Optional) Enables low-downtime updates using RDS Blue/Green deployments. See blue_green_update belowcaCertIdentifier
- (Optional) The identifier of the CA certificate for the DB instance.characterSetName
- (Optional) The character set name to use for DB encoding in Oracle and Microsoft SQL instances (collation). This can't be changed. See Oracle Character Sets Supported in Amazon RDS or Server-Level Collation for Microsoft SQL Server for more information.copyTagsToSnapshot
– (Optional, boolean) Copy all Instancetags
to snapshots. Default isfalse
.customIamInstanceProfile
- (Optional) The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.dbName
- (Optional) The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the AWS documentation for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case. Cannot be specified for a replica.dbSubnetGroupName
- (Optional) Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in thedefault
VPC, or in EC2 Classic, if available. When working with read replicas, it should be specified only if the source database specifies an instance in another AWS Region. See DBSubnetGroupName in API action CreateDBInstanceReadReplica for additional read replica contraints.deleteAutomatedBackups
- (Optional) Specifies whether to remove automated backups immediately after the DB instance is deleted. Default istrue
.deletionProtection
- (Optional) If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set totrue
. The default isfalse
.domain
- (Optional) The ID of the Directory Service Active Directory domain to create the instance in.domainIamRoleName
- (Optional, but required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service.enabledCloudwatchLogsExports
- (Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending onengine
). MySQL and MariaDB:audit
,error
,general
,slowquery
. PostgreSQL:postgresql
,upgrade
. MSSQL:agent
,error
. Oracle:alert
,audit
,listener
,trace
.engine
- (Required unless asnapshotIdentifier
orreplicateSourceDb
is provided) The database engine to use. For supported values, see the Engine parameter in API action CreateDBInstance. Cannot be specified for a replica. Note that for Amazon Aurora instances the engine must match the DB cluster's engine'. For information on the difference between the available Aurora MySQL engines see Comparison between Aurora MySQL 1 and Aurora MySQL 2 in the Amazon RDS User Guide.engineVersion
- (Optional) The engine version to use. IfautoMinorVersionUpgrade
is enabled, you can provide a prefix of the version such as57
(for5710
). The actual engine version used is returned in the attributeengineVersionActual
, see Attributes Reference below. For supported values, see the EngineVersion parameter in API action CreateDBInstance. Note that for Amazon Aurora instances the engine version must match the DB cluster's engine version'. Cannot be specified for a replica.finalSnapshotIdentifier
- (Optional) The name of your final DB snapshot when this DB instance is deleted. Must be provided ifskipFinalSnapshot
is set tofalse
. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.iamDatabaseAuthenticationEnabled
- (Optional) Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.identifier
- (Optional, Forces new resource) The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier. Required ifrestoreToPointInTime
is specified.identifierPrefix
- (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts withidentifier
.instanceClass
- (Required) The instance type of the RDS instance.iops
- (Optional) The amount of provisioned IOPS. Setting this implies a storage_type of "io1". Can only be set whenstorageType
is"io1"
or"gp3"
. Cannot be specified for gp3 storage if theallocatedStorage
value is below a per-engine
threshold. See the RDS User Guide for details.kmsKeyId
- (Optional) The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN.licenseModel
- (Optional, but required for some DB engines, i.e., Oracle SE1) License model information for this DB instance.maintenanceWindow
- (Optional) The window to perform maintenance in. Syntax: "ddd:hh24:mi-ddd:hh24:mi". Eg: "Mon:00:00-Mon:03:00". See RDS Maintenance Window docs for more information.maxAllocatedStorage
- (Optional) When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences toallocatedStorage
. Must be greater than or equal toallocatedStorage
or0
to disable Storage Autoscaling.monitoringInterval
- (Optional) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.monitoringRoleArn
- (Optional) The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. You can find more information on the AWS Documentation what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.multiAz
- (Optional) Specifies if the RDS instance is multi-AZname
- (Optional, Deprecated usedbName
instead) The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the AWS documentation for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case. Cannot be specified for a replica.ncharCharacterSetName
- (Optional, Forces new resource) The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS.networkType
- (Optional) The network type of the DB instance. Valid values:ipv4
,dual
.optionGroupName
- (Optional) Name of the DB option group to associate.parameterGroupName
- (Optional) Name of the DB parameter group to associate.password
- (Required unless asnapshotIdentifier
orreplicateSourceDb
is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file.performanceInsightsEnabled
- (Optional) Specifies whether Performance Insights are enabled. Defaults to false.performanceInsightsKmsKeyId
- (Optional) The ARN for the KMS key to encrypt Performance Insights data. When specifyingperformanceInsightsKmsKeyId
,performanceInsightsEnabled
needs to be set to true. Once KMS key is set, it can never be changed.performanceInsightsRetentionPeriod
- (Optional) Amount of time in days to retain Performance Insights data. Valid values are7
,731
(2 years) or a multiple of31
. When specifyingperformanceInsightsRetentionPeriod
,performanceInsightsEnabled
needs to be set to true. Defaults to '7'.port
- (Optional) The port on which the DB accepts connections.publiclyAccessible
- (Optional) Bool to control if instance is publicly accessible. Default isfalse
.replicaMode
- (Optional) Specifies whether the replica is in eithermounted
oropenReadOnly
mode. This attribute is only supported by Oracle instances. Oracle replicas operate inopenReadOnly
mode unless otherwise specified. See Working with Oracle Read Replicas for more information.replicateSourceDb
- (Optional) Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to theidentifier
of another Amazon RDS Database to replicate (if replicating within a single region) or ARN of the Amazon RDS Database to replicate (if replicating cross-region). Note that if you are creating a cross-region replica of an encrypted database you will also need to specify akmsKeyId
. See DB Instance Replication and Working with PostgreSQL and MySQL Read Replicas for more information on using Replication.restoreToPointInTime
- (Optional, Forces new resource) A configuration block for restoring a DB instance to an arbitrary point in time. Requires theidentifier
argument to be set with the name of the new DB instance to be created. See Restore To Point In Time below for details.s3Import
- (Optional) Restore from a Percona Xtrabackup in S3. See Importing Data into an Amazon RDS MySQL DB InstancesecurityGroupNames
- (Optional/Deprecated) List of DB Security Groups to associate. Only used for DB Instances on the EC2-Classic Platform.skipFinalSnapshot
- (Optional) Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value fromfinalSnapshotIdentifier
. Default isfalse
.snapshotIdentifier
- (Optional) Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.storageEncrypted
- (Optional) Specifies whether the DB instance is encrypted. Note that if you are creating a cross-region read replica this field is ignored and you should instead declarekmsKeyId
with a valid ARN. The default isfalse
if not specified.storageType
- (Optional) One of "standard" (magnetic), "gp2" (general purpose SSD), "gp3" (general purpose SSD that needsiops
independently) or "io1" (provisioned IOPS SSD). The default is "io1" ifiops
is specified, "gp2" if not.storageThroughput
- (Optional) The storage throughput value for the DB instance. Can only be set whenstorageType
is"gp3"
. Cannot be specified if theallocatedStorage
value is below a per-engine
threshold. See the RDS User Guide for details.tags
- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.timezone
- (Optional) Time zone of the DB instance.timezone
is currently only supported by Microsoft SQL Server. Thetimezone
can only be set on creation. See MSSQL User Guide for more information.username
- (Required unless asnapshotIdentifier
orreplicateSourceDb
is provided) Username for the master DB user. Cannot be specified for a replica.vpcSecurityGroupIds
- (Optional) List of VPC security groups to associate.customerOwnedIpEnabled
- (Optional) Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See CoIP for RDS on Outposts for more information.
\~> NOTE: Removing the replicateSourceDb
attribute from an existing RDS Replicate database managed by Terraform will promote the database to a fully standalone database.
Restore To Point In Time
-> Note: You can restore to any point in time before the source DB instance's latestRestorableTime
or a point up to the number of days specified in the source DB instance's backupRetentionPeriod
. For more information, please refer to the Developer Guide. This setting does not apply to auroraMysql
or auroraPostgresql
DB engines. For Aurora, refer to the awsRdsCluster
resource documentation.
The restoreToPointInTime
block supports the following arguments:
restoreTime
- (Optional) The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified withuseLatestRestorableTime
.sourceDbInstanceIdentifier
- (Optional) The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required ifsourceDbInstanceAutomatedBackupsArn
orsourceDbiResourceId
is not specified.sourceDbInstanceAutomatedBackupsArn
- (Optional) The ARN of the automated backup from which to restore. Required ifsourceDbInstanceIdentifier
orsourceDbiResourceId
is not specified.sourceDbiResourceId
- (Optional) The resource ID of the source DB instance from which to restore. Required ifsourceDbInstanceIdentifier
orsourceDbInstanceAutomatedBackupsArn
is not specified.useLatestRestorableTime
- (Optional) A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults tofalse
. Cannot be specified withrestoreTime
.
S3 Import Options
Full details on the core parameters and impacts are in the API Docs: RestoreDBInstanceFromS3. Sample
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dbInstance.DbInstance(this, "db", {
s3Import: {
bucketName: "mybucket",
bucketPrefix: "backups",
ingestionRole: "arn:aws:iam::1234567890:role/role-xtrabackup-rds-restore",
sourceEngine: "mysql",
sourceEngineVersion: "5.6",
},
});
bucketName
- (Required) The bucket name where your backup is storedbucketPrefix
- (Optional) Can be blank, but is the path to your backupingestionRole
- (Required) Role applied to load the data.sourceEngine
- (Required, as of Feb 2018 only 'mysql' supported) Source engine for the backupsourceEngineVersion
- (Required, as of Feb 2018 only '5.6' supported) Version of the source engine used to make the backup
This will not recreate the resource if the S3 object changes in some way. It's only used to initialize the database.
blueGreenUpdate
enabled
- (Optional) Enables [low-downtime updates](#Low-Downtime Updates) whentrue
. Default isfalse
.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
address
- The hostname of the RDS instance. See alsoendpoint
andport
.arn
- The ARN of the RDS instance.allocatedStorage
- The amount of allocated storage.availabilityZone
- The availability zone of the instance.backupRetentionPeriod
- The backup retention period.backupWindow
- The backup window.caCertIdentifier
- Identifier of the CA certificate for the DB instance.dbName
- The database name.domain
- The ID of the Directory Service Active Directory domain the instance is joined todomainIamRoleName
- The name of the IAM role to be used when making API calls to the Directory Service.endpoint
- The connection endpoint inaddress:port
format.engine
- The database engine.engineVersionActual
- The running version of the database.hostedZoneId
- The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record).id
- The RDS instance ID.instanceClass
- The RDS instance class.latestRestorableTime
- The latest time, in UTC RFC3339 format, to which a database can be restored with point-in-time restore.listenerEndpoint
- Specifies the listener connection endpoint for SQL Server Always On. See endpoint below.maintenanceWindow
- The instance maintenance window.multiAz
- If the RDS instance is multi AZ enabled.name
- The database name.port
- The database port.resourceId
- The RDS Resource ID of this instance.status
- The RDS instance status.storageEncrypted
- Whether the DB instance is encrypted.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.username
- The master username for the database.
On Oracle and Microsoft SQL instances the following is exported additionally:
characterSetName
- The character set (collation) used on Oracle and Microsoft SQL instances.
Endpoint
address
- Specifies the DNS address of the DB instance.hostedZoneId
- Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.port
- Specifies the port that the database engine is listening on.
Timeouts
create
- (Default40M
)update
- (Default80M
)delete
- (Default60M
)
Import
DB Instances can be imported using the identifier
, e.g.,