diff --git a/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md b/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md
index d5884a39c..ae6262a90 100644
--- a/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md
+++ b/docs/reference/modules/terraform-aws-data-storage/aurora/aurora.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Aurora Module
-View Source
+View Source
-Release Notes
+Release Notes
This module creates an Amazon Aurora, a MySQL and PostgreSQL compatible relational database built for the cloud.
@@ -59,7 +59,7 @@ Cluster](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.h
## How do you configure this module?
This module allows you to configure a number of parameters, such as backup windows, maintenance window, port number,
-and encryption. For a list of all available variables and their descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/aurora/variables.tf).
+and encryption. For a list of all available variables and their descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/aurora/variables.tf).
## How do you create a cross-region read replica cluster?
@@ -77,7 +77,7 @@ module "replica" {
}
```
-See the example [here](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/examples/aurora-with-cross-region-replica) for more details.
+See the example [here](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/examples/aurora-with-cross-region-replica) for more details.
## How do you destroy a cross-region read replica?
@@ -137,7 +137,7 @@ see [Limitations of Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/lat
module "aurora" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -287,6 +287,11 @@ module "aurora" {
# you are creating.
db_name = null
+ # If true, delete all automated backups when the DB cluster is deleted. If
+ # false, automated backups are retained until the retention period expires.
+ # Defaults to true.
+ delete_automated_backups = null
+
# Timeout for DB deleting
deleting_timeout = "120m"
@@ -519,7 +524,7 @@ module "aurora" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/aurora?ref=v0.40.7"
}
inputs = {
@@ -672,6 +677,11 @@ inputs = {
# you are creating.
db_name = null
+ # If true, delete all automated backups when the DB cluster is deleted. If
+ # false, automated backups are retained until the retention period expires.
+ # Defaults to true.
+ delete_automated_backups = null
+
# Timeout for DB deleting
deleting_timeout = "120m"
@@ -1192,6 +1202,15 @@ The name for your database of up to 8 alpha-numeric characters. If you do not pr
+
+
+
+If true, delete all automated backups when the DB cluster is deleted. If false, automated backups are retained until the retention period expires. Defaults to true.
+
+
+
+
+
@@ -1666,11 +1685,11 @@ Timeout for DB updating
diff --git a/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md b/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md
index a1142f561..e5944decc 100644
--- a/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md
+++ b/docs/reference/modules/terraform-aws-data-storage/backup-plan/backup-plan.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Backup Plan Module
-View Source
+View Source
Release Notes
@@ -22,7 +22,7 @@ This Terraform Module creates the following AWS Backup resources:
1. Backup plans - specifying **how and when** to back things up
2. Resource selections - specifying **which resources** to back up
-You associate your plans with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/backup-vault).
+You associate your plans with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/backup-vault).
## What is a Backup Plan?
@@ -91,7 +91,7 @@ module "backup_plan" {
## How do you troubleshoot Backup jobs?
-See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/core-concepts.md#troubleshooting-aws-backup) in the core-concepts guide.
+See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/core-concepts.md#troubleshooting-aws-backup) in the core-concepts guide.
## Sample Usage
@@ -106,7 +106,7 @@ See [Troubleshooting AWS Backup](https://github.com/gruntwork-io/terraform-aws-d
module "backup_plan" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -137,7 +137,7 @@ module "backup_plan" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.40.7"
}
inputs = {
@@ -244,11 +244,11 @@ The ARN of the IAM service role used by Backup plans
diff --git a/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md b/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md
index 611fb53f3..051f5f51a 100644
--- a/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md
+++ b/docs/reference/modules/terraform-aws-data-storage/backup-vault/backup-vault.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Backup Vault Module
-View Source
+View Source
Release Notes
@@ -51,6 +51,25 @@ module "backup_vault" {
}
```
+## How do you create a logically air-gapped vault?
+
+AWS Backup supports logically air-gapped vaults that provide additional protection against ransomware and malicious actors. Air-gapped vaults can only receive recovery points from copy jobs and enforce strict retention policies. To create an air-gapped vault, set the `air_gapped` attribute to true:
+
+```hcl
+module "backup_vault" {
+
+ vaults = {
+ "air-gapped-vault" = {
+ air_gapped = true
+ min_retention_days = 30
+ max_retention_days = 120
+ }
+ }
+}
+```
+
+Note: Air-gapped vaults cannot be locked using the vault lock feature and can only receive recovery points through copy actions from other vaults.
+
## How do you enable vault notifications?
Backup vaults can publish notifications to an SNS topic. This is useful when you want to monitor for any problems with your backup workflows. To enable notifications for a vault when configuring a new vault with this module, set the `enable_notifications` attribute to true like so:
@@ -96,7 +115,7 @@ then you will end up with many potentially large recovery points that you cannot
module "backup_vault" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -140,7 +159,7 @@ module "backup_vault" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-vault?ref=v0.40.7"
}
inputs = {
@@ -303,11 +322,11 @@ A map of tags assigned to the vault resources, including those inherited from th
diff --git a/docs/reference/modules/terraform-aws-data-storage/dms/dms.md b/docs/reference/modules/terraform-aws-data-storage/dms/dms.md
index f2e95ac39..056d3cca8 100644
--- a/docs/reference/modules/terraform-aws-data-storage/dms/dms.md
+++ b/docs/reference/modules/terraform-aws-data-storage/dms/dms.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# DMS Module
-View Source
+View Source
Release Notes
@@ -32,7 +32,7 @@ This module creates an Amazon Database Migration Service (DMS) that makes it pos
module "dms" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/dms?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/dms?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -276,7 +276,7 @@ module "dms" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/dms?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/dms?ref=v0.40.7"
}
inputs = {
@@ -1082,11 +1082,11 @@ A map of maps containing the replication tasks created and their full output of
diff --git a/docs/reference/modules/terraform-aws-data-storage/efs/efs.md b/docs/reference/modules/terraform-aws-data-storage/efs/efs.md
index 36e1dd163..b27a2009e 100644
--- a/docs/reference/modules/terraform-aws-data-storage/efs/efs.md
+++ b/docs/reference/modules/terraform-aws-data-storage/efs/efs.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# EFS Module
-View Source
+View Source
Release Notes
@@ -45,13 +45,13 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
If you want to deploy this repo in production, check out the following resources:
-* [efs module variables](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/efs/variables.tf): Configuration variables available for the EFS module. At minimum, you should configure the `allow_connections_from_cidr_blocks` and `allow_connections_from_security_groups` values to only allow access from your private VPC(s). You may also want to enable `storage_encrypted` to encrypt data at-rest.
+* [efs module variables](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/efs/variables.tf): Configuration variables available for the EFS module. At minimum, you should configure the `allow_connections_from_cidr_blocks` and `allow_connections_from_security_groups` values to only allow access from your private VPC(s). You may also want to enable `storage_encrypted` to encrypt data at-rest.
## Manage
@@ -74,7 +74,7 @@ If you want to deploy this repo in production, check out the following resources
module "efs" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -187,7 +187,7 @@ module "efs" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/efs?ref=v0.40.7"
}
inputs = {
@@ -586,11 +586,11 @@ The IDs of the security groups created for the file system.
diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md b/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md
index 339eff586..b64852141 100644
--- a/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md
+++ b/docs/reference/modules/terraform-aws-data-storage/lambda-cleanup-snapshots/lambda-cleanup-snapshots.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Delete Snapshots Lambda Module
-View Source
+View Source
Release Notes
@@ -29,7 +29,7 @@ Note that to use this module, you must have access to the Gruntwork [Continuous
This module allows you to configure a number of parameters, such as which database to backup, how often to run the
backups, what account to share the backups with, and more. For a list of all available variables and their
-descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-cleanup-snapshots/variables.tf).
+descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-cleanup-snapshots/variables.tf).
## Sample Usage
@@ -44,7 +44,7 @@ descriptions, see [variables.tf](https://github.com/gruntwork-io/terraform-aws-d
module "lambda_cleanup_snapshots" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -114,7 +114,7 @@ module "lambda_cleanup_snapshots" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-cleanup-snapshots?ref=v0.40.7"
}
inputs = {
@@ -292,11 +292,11 @@ Namespace of snapshots that will be cleaned up by this module. If specified then
diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md
index 086fc6a9e..76f352f86 100644
--- a/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md
+++ b/docs/reference/modules/terraform-aws-data-storage/lambda-copy-shared-snapshot/lambda-copy-shared-snapshot.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Copy Snapshot Lambda Module
-View Source
+View Source
Release Notes
@@ -108,7 +108,7 @@ account 222222222222. To be able to make a copy of that snapshot in account 2222
## Background info
For more info on how to backup RDS snapshots to a separate AWS account, check out the [lambda-create-snapshot module
-documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-create-snapshot).
+documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-create-snapshot).
## Sample Usage
@@ -123,7 +123,7 @@ documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v
module "lambda_copy_shared_snapshot" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -199,7 +199,7 @@ module "lambda_copy_shared_snapshot" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-copy-shared-snapshot?ref=v0.40.7"
}
inputs = {
@@ -393,11 +393,11 @@ Namespace all Lambda scheduling resources created by this module with this name.
diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md
index 9fe12caad..f22b5774f 100644
--- a/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md
+++ b/docs/reference/modules/terraform-aws-data-storage/lambda-create-snapshot/lambda-create-snapshot.md
@@ -9,15 +9,15 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Database backup
-View Source
+View Source
Release Notes
-This module, along with the [lambda-share-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-share-snapshot) and [lambda-copy-shared-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-copy-shared-snapshot) modules, can be used to backup your RDS database to another AWS account (e.g., for disaster recovery) on a configurable schedule. Under the hood, each module runs a Lambda function that instructs your database to take a snapshot (this module), share the snapshot with another account (the `lambda-share-snapshot` module), and make a copy of the snapshot (`lambda-copy-shared-snapshot`).
+This module, along with the [lambda-share-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-share-snapshot) and [lambda-copy-shared-snapshot](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-copy-shared-snapshot) modules, can be used to backup your RDS database to another AWS account (e.g., for disaster recovery) on a configurable schedule. Under the hood, each module runs a Lambda function that instructs your database to take a snapshot (this module), share the snapshot with another account (the `lambda-share-snapshot` module), and make a copy of the snapshot (`lambda-copy-shared-snapshot`).
@@ -29,7 +29,7 @@ This module, along with the [lambda-share-snapshot](https://github.com/gruntwork
* Configurable backup schedule (e.g., using cron expressions)
-* Clean up old snapshots automatically using the [lambda-cleanup-snapshots](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-cleanup-snapshots) module.
+* Clean up old snapshots automatically using the [lambda-cleanup-snapshots](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-cleanup-snapshots) module.
* Add tags to snapshots by passing in `additional_environment_variables`
@@ -41,9 +41,9 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
### Core concepts
-* [What is Amazon RDS?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/rds/core-concepts.md#what-is-amazon-rds)
+* [What is Amazon RDS?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/rds/core-concepts.md#what-is-amazon-rds)
-* [How does this differ from RDS automatic snapshots?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-create-snapshot/core-concepts.md#how-does-this-differ-from-rds-automatic-snapshots)
+* [How does this differ from RDS automatic snapshots?](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-create-snapshot/core-concepts.md#how-does-this-differ-from-rds-automatic-snapshots)
* [RDS documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html): Amazon’s docs for RDS that cover core concepts such as the types of databases supported, security, backup & restore, and monitoring.
@@ -55,7 +55,7 @@ This repo is a part of [the Gruntwork Infrastructure as Code Library](https://gr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
+* [examples folder](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/examples): The `examples` folder contains sample code optimized for learning, experimenting, and testing (but not production usage).
### Production deployment
@@ -67,7 +67,7 @@ If you want to deploy this repo in production, check out the following resources
### Day-to-day operations
-* [How to backup RDS snapshots to a separate AWS account](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-create-snapshot/core-concepts.md#how-do-you-backup-your-rds-snapshots-to-a-separate-aws-account)
+* [How to backup RDS snapshots to a separate AWS account](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-create-snapshot/core-concepts.md#how-do-you-backup-your-rds-snapshots-to-a-separate-aws-account)
### Major changes
@@ -86,7 +86,7 @@ If you want to deploy this repo in production, check out the following resources
module "lambda_create_snapshot" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -188,7 +188,7 @@ module "lambda_create_snapshot" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-create-snapshot?ref=v0.40.7"
}
inputs = {
@@ -462,11 +462,11 @@ Namespace all snapshots created by this module's jobs with this suffix. If not s
diff --git a/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md b/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md
index 78b94ed45..aad5fedac 100644
--- a/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md
+++ b/docs/reference/modules/terraform-aws-data-storage/lambda-share-snapshot/lambda-share-snapshot.md
@@ -9,23 +9,23 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Share Snapshot Lambda Module
-View Source
+View Source
Release Notes
This module creates an [AWS Lambda](https://aws.amazon.com/lambda/) function that can share snapshots of an [Amazon
Relational Database (RDS)](https://aws.amazon.com/rds/) database with another AWS account. Typically, the snapshots
-are created by the [lambda-create-snapshot module](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-create-snapshot), which can be configured to
+are created by the [lambda-create-snapshot module](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-create-snapshot), which can be configured to
automatically trigger this lambda function after each run.
## Background info
For more info on how to backup RDS snapshots to a separate AWS account, check out the [lambda-create-snapshot module
-documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/lambda-create-snapshot).
+documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/lambda-create-snapshot).
## Sample Usage
@@ -40,7 +40,7 @@ documentation](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v
module "lambda_share_snapshot" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -85,7 +85,7 @@ module "lambda_share_snapshot" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/lambda-share-snapshot?ref=v0.40.7"
}
inputs = {
@@ -197,11 +197,11 @@ The amount of time, in seconds, between retries.
diff --git a/docs/reference/modules/terraform-aws-data-storage/org-backup-policy/org-backup-policy.md b/docs/reference/modules/terraform-aws-data-storage/org-backup-policy/org-backup-policy.md
index 2d41a146b..ec5e4bb2c 100644
--- a/docs/reference/modules/terraform-aws-data-storage/org-backup-policy/org-backup-policy.md
+++ b/docs/reference/modules/terraform-aws-data-storage/org-backup-policy/org-backup-policy.md
@@ -9,17 +9,17 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Organization Backup Policies Module
-View Source
+View Source
Release Notes
This Terraform Module creates
the [AWS Organizations Backup Policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html).
-You associate your each plan on the backup policies with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/modules/backup-vault).
+You associate your each plan on the backup policies with a [Backup vault](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/modules/backup-vault).
## What are Backup Policies ?
@@ -42,7 +42,7 @@ account. This effective policy instructs AWS Backup how to automatically back up
module "org_backup_policy" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/org-backup-policy?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/org-backup-policy?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -155,7 +155,7 @@ module "org_backup_policy" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/org-backup-policy?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/org-backup-policy?ref=v0.40.7"
}
inputs = {
@@ -734,11 +734,11 @@ ID of the backup policies
diff --git a/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md b/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md
index 716bf7fb9..c559b6428 100644
--- a/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md
+++ b/docs/reference/modules/terraform-aws-data-storage/rds-proxy/rds-proxy.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# RDS Proxy Module
-View Source
+View Source
Release Notes
@@ -54,7 +54,7 @@ Before using this module, you need to:
## How to use the RDS Proxy Module
In order to setup a RDS proxy, you need to setup database credentials in AWS Secrets Manager and pass it to this module.
-Refer to the [examples/rds-proxy](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.6/examples/rds-proxy) or [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns) for more information.
+Refer to the [examples/rds-proxy](https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.40.7/examples/rds-proxy) or [https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy-setup.html#rds-proxy-secrets-arns) for more information.
If you use a customer managed KMS key to encrypt the secret, you will need to provide the KMS key ARN to this module
using the `db_secret_kms_key_arn` parameter.
@@ -143,7 +143,7 @@ Each authentication method can be configured with:
module "rds_proxy" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -232,7 +232,7 @@ module "rds_proxy" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.40.7"
}
inputs = {
@@ -508,11 +508,11 @@ The ID of the security group associated with the RDS proxy. This security group
diff --git a/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md b/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md
index 04e07159f..7fa133ae4 100644
--- a/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md
+++ b/docs/reference/modules/terraform-aws-data-storage/rds-replicas/rds-replicas.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# RDS Read Replicas Module
-View Source
+View Source
Release Notes
@@ -77,7 +77,7 @@ terraform import aws_db_instance.
module "rds_replicas" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -315,7 +315,7 @@ module "rds_replicas" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-replicas?ref=v0.40.7"
}
inputs = {
@@ -1006,11 +1006,11 @@ Timeout for DB updating
diff --git a/docs/reference/modules/terraform-aws-data-storage/rds/rds.md b/docs/reference/modules/terraform-aws-data-storage/rds/rds.md
index fe418f0ee..763f8c627 100644
--- a/docs/reference/modules/terraform-aws-data-storage/rds/rds.md
+++ b/docs/reference/modules/terraform-aws-data-storage/rds/rds.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# RDS Module
-View Source
+View Source
-Release Notes
+Release Notes
This module creates an Amazon Relational Database Service (RDS) cluster that can run MySQL, Postgres, MariaDB, Oracle,
or SQL Server. The cluster is managed by AWS and automatically handles standby failover, read replicas, backups,
@@ -104,6 +104,25 @@ Note that low-downtime updates are only supported for MySQL, MariaDB, and Postgr
Set `multi_az=true`. When setting up a multi-AZ (Availability Zone) RDS deployment in AWS, both the primary and standby RDS instances are created in different Availability Zones for high availability. However, this doesn't mean they will have different endpoints. Both instances will have the same DNS endpoint, and AWS's internal infrastructure will handle the failover process transparently for you. AWS RDS provides automatic failover support for DB instances using Multi-AZ deployments for the supported database engines. Failover is automatically handled by RDS without any manual intervention.
+## Password Management
+
+This module supports multiple approaches for managing the master user password:
+
+### Regular Password Management
+
+* Use `master_password` to specify the password directly
+
+### AWS Managed Passwords
+
+* Set `manage_master_user_password = true` to have AWS manage the password in Secrets Manager
+* Optionally specify `master_user_secret_kms_key_id` for custom KMS encryption of the secret
+
+### Password Without State Storage (MySQL/PostgreSQL only)
+
+* Use `password_wo` instead of `master_password` to provide a password without storing the value in Terraform state
+* Use `password_wo_version` to specify the version number of the password
+* These parameters are only available for MySQL and PostgreSQL engines and provide enhanced security by preventing password storage in state files
+
## Sample Usage
@@ -113,11 +132,16 @@ Set `multi_az=true`. When setting up a multi-AZ (Availability Zone) RDS deployme
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S RDS MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
# ------------------------------------------------------------------------------------------------------
module "rds" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -406,6 +430,14 @@ module "rds" {
# Defaults to var.parameter_group_name if not set.
parameter_group_name_for_read_replicas = null
+ # The password for the master user without storing the value in Terraform
+ # state. This option is only available for MySQL and PostgreSQL engines.
+ password_wo = null # SENSITIVE
+
+ # The version number of the master user password. This option is only
+ # available for MySQL and PostgreSQL engines.
+ password_wo_version = null
+
# Specifies whether Performance Insights are enabled. Performance Insights can
# be enabled for specific versions of database engines. See
# https://aws.amazon.com/rds/performance-insights/ for more details.
@@ -501,10 +533,15 @@ module "rds" {
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S RDS MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds?ref=v0.40.7"
}
inputs = {
@@ -796,6 +833,14 @@ inputs = {
# Defaults to var.parameter_group_name if not set.
parameter_group_name_for_read_replicas = null
+ # The password for the master user without storing the value in Terraform
+ # state. This option is only available for MySQL and PostgreSQL engines.
+ password_wo = null # SENSITIVE
+
+ # The version number of the master user password. This option is only
+ # available for MySQL and PostgreSQL engines.
+ password_wo_version = null
+
# Specifies whether Performance Insights are enabled. Performance Insights can
# be enabled for specific versions of database engines. See
# https://aws.amazon.com/rds/performance-insights/ for more details.
@@ -1537,6 +1582,24 @@ Name of a DB parameter group to associate with read replica instances. Defaults
+
+
+
+The password for the master user without storing the value in Terraform state. This option is only available for MySQL and PostgreSQL engines.
+
+
+
+
+
+
+
+
+The version number of the master user password. This option is only available for MySQL and PostgreSQL engines.
+
+
+
+
+
@@ -1755,11 +1818,11 @@ Timeout for DB updating
diff --git a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
index 36a0da9c8..be5b46706 100644
--- a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
+++ b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Redshift Module
-View Source
+View Source
-Release Notes
+Release Notes
This module creates an Amazon Redshift cluster that you can use as a data warehouse. The cluster is managed by AWS and
automatically handles leader nodes, worker nodes, backups, patching, and encryption.
@@ -60,7 +60,7 @@ workaround, you can re-run the destroy command once the workspace gets deleted c
module "redshift" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.40.7"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -177,7 +177,7 @@ module "redshift" {
# be associated to the cluster at any time.
iam_roles = null
- # The instance type to use for the db (e.g. dc2.large). This field is
+ # The instance type to use for the db (e.g. ra3.large). This field is
# mandatory for provisioned Redshift.
instance_type = null
@@ -205,6 +205,9 @@ module "redshift" {
# names.
logging_s3_key_prefix = null
+ # The name of the maintenance track to apply to the cluster.
+ maintenance_track_name = null
+
# The weekly day and time range during which system maintenance can occur
# (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or
# there may even be a downtime during maintenance windows.
@@ -287,7 +290,7 @@ module "redshift" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.40.6"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/redshift?ref=v0.40.7"
}
inputs = {
@@ -407,7 +410,7 @@ inputs = {
# be associated to the cluster at any time.
iam_roles = null
- # The instance type to use for the db (e.g. dc2.large). This field is
+ # The instance type to use for the db (e.g. ra3.large). This field is
# mandatory for provisioned Redshift.
instance_type = null
@@ -435,6 +438,9 @@ inputs = {
# names.
logging_s3_key_prefix = null
+ # The name of the maintenance track to apply to the cluster.
+ maintenance_track_name = null
+
# The weekly day and time range during which system maintenance can occur
# (e.g. wed:04:00-wed:04:30). Time zone is UTC. Performance may be degraded or
# there may even be a downtime during maintenance windows.
@@ -747,7 +753,7 @@ A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be as
-The instance type to use for the db (e.g. dc2.large). This field is mandatory for provisioned Redshift.
+The instance type to use for the db (e.g. ra3.large). This field is mandatory for provisioned Redshift.
@@ -807,6 +813,15 @@ Required when log_destination_type is s3. Prefix applied to the log file names.
+
+
+
+The name of the maintenance track to apply to the cluster.
+
+
+
+
+
@@ -1039,11 +1054,11 @@ The ID of the Security Group that controls access to the cluster