Skip to content

aws.rds-cluster resource

Description

Cluster manages an Amazon Aurora or Multi-AZ DB cluster, the way CloudFormation models AWS::RDS::DBCluster. A cluster is created through one of four calls chosen by which input is set: a snapshot restore, an S3 restore, a point-in-time restore, or a plain create. Each restore call accepts only a subset of the cluster's settings, so the rest are reconciled by a follow-on ModifyDBCluster after the cluster becomes available. The IAM roles, global cluster membership, and HTTP endpoint are each reconciled by their own calls; everything else mutable is reconciled by ModifyDBCluster in Update, gated on a change to its own fields. Deletion optionally takes a final snapshot and first removes the cluster from any global cluster it belongs to.

Several create-time inputs are fixed by RDS and cannot change on an existing cluster, so a change to any of them replaces the cluster; see ReplaceFields. The four mode-selecting inputs are mutually exclusive, and several inputs conflict by mode; see Constraints. Not-found is the typed DBClusterNotFoundFault rather than an HTTP status.

Out of scope and not modeled: auto-minor-version-upgrade, character-set-name, publicly-accessible, the activity stream, RDS-custom cluster configuration, limitless-database, the option group (clusters do not take one), the performance-insights toggle as distinct from its key and retention, and the pre-signed-url cross-region restore plumbing. The apply-immediately flag is not an input: every ModifyDBCluster is sent with it set.

Source: internal/service/rds/cluster_rsrc.go:86

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.rds-cluster {
    # Set input fields here.
  }
}

Inputs

cluster-identifier

string

required

engine

string

required

engine-mode

optional(string)

engine-version

optional(string)

engine-lifecycle-support

optional(string)

cluster-scalability-type

optional(string)

database-insights-mode

optional(string)

database-name

optional(string)

db-system-id

optional(string)

allocated-storage

optional(integer)

iops

optional(integer)

storage-encrypted

optional(boolean)

storage-type

optional(string)

kms-key-id

optional(string)

network-type

optional(string)

port

optional(integer)

availability-zones

list(string)

vpc-security-group-ids

list(string)

db-cluster-instance-class

optional(string)

db-cluster-parameter-group-name

optional(string)

db-instance-parameter-group-name

optional(string)

db-subnet-group-name

optional(string)

ca-certificate-identifier

optional(string)

copy-tags-to-snapshot

optional(boolean)

deletion-protection

optional(boolean)

master-username

optional(string)

master-password

optional(string)

sensitive

manage-master-user-password

optional(boolean)

master-user-secret-kms-key-id

optional(string)

enable-iam-database-authentication

optional(boolean)

enable-global-write-forwarding

optional(boolean)

enable-local-write-forwarding

optional(boolean)

enable-http-endpoint

optional(boolean)

domain

optional(string)

domain-iam-role-name

optional(string)

monitoring-interval

optional(integer)

monitoring-role-arn

optional(string)

performance-insights-enabled

optional(boolean)

performance-insights-kms-key-id

optional(string)

performance-insights-retention-period

optional(integer)

backtrack-window

optional(integer)

backup-retention-period

optional(integer)

preferred-backup-window

optional(string)

preferred-maintenance-window

optional(string)

enabled-cloudwatch-logs-exports

list(string)

global-cluster-identifier

optional(string)

iam-roles

list(string)

replication-source-identifier

optional(string)

scaling

optional(object) 
optional(
  object({
    auto-pause: optional(boolean)
    max-capacity: optional(integer)
    min-capacity: optional(integer)
    seconds-before-timeout: optional(integer)
    seconds-until-auto-pause: optional(integer)
    timeout-action: optional(string)
  })
)

serverlessv2-scaling

optional(object) 
optional(
  object({
    max-capacity: optional(number)
    min-capacity: optional(number)
    seconds-until-auto-pause: optional(integer)
  })
)

snapshot-identifier

optional(string)

s3-import

optional(object) 
optional(
  object({
    bucket-name: string
    bucket-prefix: optional(string)
    ingestion-role: string
    source-engine: string
    source-engine-version: string
  })
)

restore-to-point-in-time

optional(object) 
optional(
  object({
    source-cluster-identifier: optional(string)
    source-cluster-resource-id: optional(string)
    restore-to-time: optional(string)
    use-latest-restorable-time: optional(boolean)
    restore-type: optional(string)
  })
)

source-region

optional(string)

skip-final-snapshot

optional(boolean)

final-snapshot-identifier

optional(string)

delete-automated-backups

optional(boolean)

tags

map(string)

Input Constraints

Field combinations

At most one of snapshot-identifier, s3-import, or restore-to-point-in-time.

Forbidden together: snapshot-identifier and global-cluster-identifier.

At most one of manage-master-user-password or master-password.

Engine mode rules

engine-mode must be one of global, multimaster, parallelquery, provisioned, or serverless.

Rule logic
When
input.engine-mode != null
Require
input.engine-mode == 'global'
|| input.engine-mode == 'multimaster'
|| input.engine-mode == 'parallelquery'
|| input.engine-mode == 'provisioned'
|| input.engine-mode == 'serverless'

Cluster scalability type rules

cluster-scalability-type must be standard or limitless.

Rule logic
When
input.cluster-scalability-type != null
Require
input.cluster-scalability-type == 'standard'
|| input.cluster-scalability-type == 'limitless'

Database insights mode rules

database-insights-mode must be standard or advanced.

Rule logic
When
input.database-insights-mode != null
Require
input.database-insights-mode == 'standard'
|| input.database-insights-mode == 'advanced'

Engine lifecycle support rules

engine-lifecycle-support must be open-source-rds-extended-support or open-source-rds-extended-support-disabled.

Rule logic
When
input.engine-lifecycle-support != null
Require
input.engine-lifecycle-support == 'open-source-rds-extended-support'
|| input.engine-lifecycle-support == 'open-source-rds-extended-support-disabled'

Network type rules

network-type must be DUAL or IPV4.

Rule logic
When
input.network-type != null
Require
input.network-type == 'DUAL'
|| input.network-type == 'IPV4'

Backup retention period rules

backup-retention-period must be at most 35.

Rule logic
When
input.backup-retention-period != null
Require
input.backup-retention-period == null
|| input.backup-retention-period <= 35

Backtrack window rules

backtrack-window must be between 0 and 259200.

Rule logic
When
input.backtrack-window != null
Require
(input.backtrack-window == null || input.backtrack-window >= 0)
&& (input.backtrack-window == null || input.backtrack-window <= 259200)

Enabled cloudwatch logs exports rules

enabled-cloudwatch-logs-exports entries must be valid cluster log types.

Rule logic
For each
input.enabled-cloudwatch-logs-exports
Require
@each.value == 'audit'
|| @each.value == 'error'
|| @each.value == 'general'
|| @each.value == 'iam-db-auth-error'
|| @each.value == 'instance'
|| @each.value == 'postgresql'
|| @each.value == 'slowquery'
|| @each.value == 'upgrade'

Outputs

arn

string

endpoint

string

reader-endpoint

string

hosted-zone-id

string

port

integer

cluster-resource-id

string

cluster-members

list(string)

master-user-secret

optional(object) 
optional(
  object({
    secret-arn: string
    kms-key-id: string
    secret-status: string
  })
)

engine-version-actual

string

global-cluster-identifier

string