Documentation Index
Fetch the complete documentation index at: https://mintlify.com/terraform-aws-modules/terraform-aws-rds/llms.txt
Use this file to discover all available pages before exploring further.
The module supports every engine available in Amazon RDS. The engine variable accepts the identifier string for the engine, and engine_version pins the version. Each engine has a default port, specific parameter group family naming conventions, and a small set of engine-specific variables.
Supported engines
| Engine identifier | Default port | Option groups | License model required |
|---|
mysql | 3306 | Yes | No |
mariadb | 3306 | Yes | No |
postgres | 5432 | No | No |
oracle-ee | 1521 | Yes | Yes |
oracle-se2 | 1521 | Yes | Yes |
oracle-se1 | 1521 | Yes | Yes |
oracle-se | 1521 | Yes | Yes |
sqlserver-ee | 1433 | Yes | Yes |
sqlserver-se | 1433 | Yes | Yes |
sqlserver-ex | 1433 | Yes | Yes |
sqlserver-web | 1433 | Yes | Yes |
Engine configurations
MySQL
PostgreSQL
Oracle
SQL Server
MySQL is the most commonly used engine with this module. The family parameter group identifier follows the pattern mysql{major}.{minor} and major_engine_version should match the major version.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-mysql"
engine = "mysql"
engine_version = "8.0"
family = "mysql8.0" # DB parameter group
major_engine_version = "8.0" # DB option group
instance_class = "db.t4g.large"
allocated_storage = 20
max_allocated_storage = 100
db_name = "completeMysql"
username = "complete_mysql"
port = 3306
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["general"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
parameters = [
{
name = "character_set_client"
value = "utf8mb4"
},
{
name = "character_set_server"
value = "utf8mb4"
}
]
tags = local.tags
}
engine_version values: 8.0, 8.0.36, 8.0.40, 8.4Valid enabled_cloudwatch_logs_exports: audit, error, general, slowquery PostgreSQL does not support option groups. The module automatically skips option group creation when engine = "postgres". The family follows the pattern postgres{major_version}.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-postgresql"
engine = "postgres"
engine_version = "17"
engine_lifecycle_support = "open-source-rds-extended-support-disabled"
family = "postgres17" # DB parameter group
major_engine_version = "17" # DB option group (ignored for postgres)
instance_class = "db.t4g.large"
allocated_storage = 20
max_allocated_storage = 100
# NOTE: Do NOT use 'user' as the value for 'username' as it throws:
# "Error creating DB Instance: InvalidParameterValue: MasterUsername
# user cannot be used as it is a reserved word used by the engine"
db_name = "completePostgresql"
username = "complete_postgresql"
port = 5432
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
parameters = [
{
name = "autovacuum"
value = 1
},
{
name = "client_encoding"
value = "utf8"
}
]
tags = local.tags
}
engine_version values: 14, 15, 16, 17engine_lifecycle_support: Set to open-source-rds-extended-support-disabled to opt out of Extended Support and avoid additional charges when a version reaches end of standard support. Applies only to MySQL and PostgreSQL.Valid enabled_cloudwatch_logs_exports: postgresql, upgrade Oracle requires a license_model value. Use bring-your-own-license if you have an existing Oracle license, or license-included to have AWS provide one (at higher cost). Oracle supports two engine-specific character set variables that can only be set at creation time.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "demodb-oracle"
engine = "oracle-ee"
engine_version = "19"
family = "oracle-ee-19" # DB parameter group
major_engine_version = "19" # DB option group
instance_class = "db.t3.large"
license_model = "bring-your-own-license"
allocated_storage = 20
max_allocated_storage = 100
# Make sure that database name is capitalized, otherwise RDS will try
# to recreate the RDS instance every time.
# Oracle database name cannot be longer than 8 characters.
db_name = "ORACLE"
username = "complete_oracle"
port = 1521
multi_az = true
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["alert", "audit"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
# See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html
character_set_name = "AL32UTF8"
nchar_character_set_name = "AL16UTF16"
tags = local.tags
}
Oracle-specific variables
| Variable | Description |
|---|
character_set_name | Character set for Oracle DB encoding. Cannot be changed after creation. Example: AL32UTF8. |
nchar_character_set_name | National character set used in NCHAR, NVARCHAR2, and NCLOB columns. Cannot be changed after creation. Example: AL16UTF16. |
license_model | bring-your-own-license or license-included. Required for Oracle. |
replica_mode | mounted or open-read-only (default). Oracle replicas only. |
engine_version values: 19, 21Engine identifiers: oracle-ee, oracle-se2, oracle-se1, oracle-seValid enabled_cloudwatch_logs_exports: alert, audit, listener, traceThe Oracle database name must be uppercase and cannot exceed 8 characters. If you use lowercase, Terraform will detect a diff on every plan and attempt to recreate the instance.
SQL Server requires license_model = "license-included" for most editions (Express is license-free but requires storage_encrypted = false). The timezone variable is SQL Server-specific and can only be set at creation time.module "db" {
source = "terraform-aws-modules/rds/aws"
identifier = "complete-mssql"
engine = "sqlserver-ex"
engine_version = "15.00"
family = "sqlserver-ex-15.0" # DB parameter group
major_engine_version = "15.00" # DB option group
instance_class = "db.t3.large"
allocated_storage = 20
max_allocated_storage = 100
# Encryption at rest is not available for DB instances running
# SQL Server Express Edition
storage_encrypted = false
username = "complete_mssql"
port = 1433
multi_az = false
db_subnet_group_name = module.vpc.database_subnet_group
vpc_security_group_ids = [module.security_group.security_group_id]
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["error"]
create_cloudwatch_log_group = true
backup_retention_period = 1
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = true
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_interval = 60
options = []
create_db_parameter_group = false
license_model = "license-included"
timezone = "GMT Standard Time"
character_set_name = "Latin1_General_CI_AS"
tags = local.tags
}
SQL Server-specific variables
| Variable | Description |
|---|
timezone | Windows timezone identifier. Can only be set at creation time. Example: "GMT Standard Time", "Eastern Standard Time". |
character_set_name | Collation for the DB instance. Example: "Latin1_General_CI_AS". |
license_model | license-included for Standard/Enterprise/Web. Express edition does not require this. |
engine_version values: 15.00 (SQL Server 2019), 16.00 (SQL Server 2022)Engine identifiers: sqlserver-ee, sqlserver-se, sqlserver-ex, sqlserver-webValid enabled_cloudwatch_logs_exports: agent, errorSQL Server Express Edition (sqlserver-ex) does not support encryption at rest. You must set storage_encrypted = false for this edition.
SQL Server does not support a db_name value. Omit the db_name variable entirely when using SQL Server engines.
Parameter group family naming
The family variable maps to the AWS parameter group family name. Use the following patterns:
| Engine | Example family |
|---|
| MySQL 8.0 | mysql8.0 |
| MySQL 8.4 | mysql8.4 |
| MariaDB 10.6 | mariadb10.6 |
| PostgreSQL 14 | postgres14 |
| PostgreSQL 17 | postgres17 |
| Oracle EE 19 | oracle-ee-19 |
| Oracle SE2 19 | oracle-se2-19 |
| SQL Server EX 15.0 | sqlserver-ex-15.0 |
| SQL Server SE 15.0 | sqlserver-se-15.0 |