Skip to content
/ terraform-postgres-setup Public

Terraform module for PostgreSQL database and roles setup

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star

anatomiq/terraform-postgres-setup

BranchesTags

Repository files navigation

PostgreSQL Setup

Configuration in this directory creates PostgreSQL databases, roles with random passwords and its permissions.

Usage

To use this module, you need to include it in your Terraform configuration. You can do this by adding the following to your main.tf file:

module "[module_name]" {
  source = [module_version]
  passwords_parameters = {
    length  = 21
    special = false
  }

  databases = {
    adventure = {}
    journey   = {}
  }

  extensions = {
    "uuid-ossp" = {
      databases = ["adventure"]
    }
    "pgcrypto" = {
      databases       = ["journey"]
      schema          = "public"
      create_cascade  = true
    }
  }

  roles = {
    "bill" = {
      database_access               = ["adventure"]
      grant_privileges_on_database  = ["CONNECT", "CREATE"]
      grant_privileges_on_schema    = ["USAGE", "CREATE"]
      grant_privileges_on_tables    = ["SELECT", "INSERT", "UPDATE", "DELETE", "TRUNCATE", "REFERENCES", "TRIGGER"]
      grant_privileges_on_sequences = ["USAGE", "SELECT"]
    }
    "ted" = {
      database_access               = ["adventure", "journey"]
      grant_privileges_on_database  = ["CONNECT", "CREATE"]
      grant_privileges_on_schema    = ["USAGE", "CREATE"]
      grant_privileges_on_tables    = ["SELECT", "INSERT", "UPDATE", "DELETE", "TRUNCATE", "REFERENCES", "TRIGGER"]
      grant_privileges_on_sequences = ["USAGE", "SELECT"]
    }
  }
}

To run this example execute:

$ terraform init
$ terraform plan
$ terraform apply

To destroy this example execute:

$ terraform destroy

Examples

Requirements

Name Version
terraform >= 1.12.2
postgresql 1.26.0

Providers

Name Version
postgresql 1.26.0
random n/a

Modules

No modules.

Resources

Name Type
postgresql_database.database resource
postgresql_default_privileges.db_functions resource
postgresql_default_privileges.db_schemas resource
postgresql_default_privileges.db_sequences resource
postgresql_default_privileges.db_tables resource
postgresql_default_privileges.db_types resource
postgresql_extension.extensions resource
postgresql_grant.database resource
postgresql_grant.fdw resource
postgresql_grant.schema resource
postgresql_grant.sequences resource
postgresql_grant.tables resource
postgresql_role.default resource
random_password.passwords resource

Inputs

Name Description Type Default Required
databases Databases to create (key is database name). If empty, no DBs are created. 
map(object({
    template               = optional(string, "template0")
    lc_collate             = optional(string, "en_US.UTF-8")
    connection_limit       = optional(number, -1)
    allow_connections      = optional(bool, true)
    alter_object_ownership = optional(bool, false)
  }))
 {} no
ephemeral_passwords If true, generate ephemeral_password instead of random_password bool false no
extensions PostgreSQL extensions to create, with target databases 
map(object({
    databases      = list(string)
    schema         = optional(string)
    version        = optional(string)
    drop_cascade   = optional(bool, false)
    create_cascade = optional(bool, false)
  }))
 {} no
external_passwords If true, do not generate passwords; expect provided_passwords map bool false no
passwords_parameters Parameters for random passwords 
object({
    length  = number
    special = bool
  })
 
{
  "length": 21,
  "special": false
}
 no
provided_passwords Optional map of user => password when external_passwords is true map(string) {} no
roles Set of roles to create; each can target one or more databases 
map(object({
    login                         = optional(bool, true)
    password                      = optional(bool, true)
    password_version              = optional(number, 1)
    grant_roles                   = optional(list(string), [])
    database_access               = list(string)
    grant_privileges_on_database  = optional(list(string), [])
    grant_privileges_on_schema    = optional(list(string), [])
    grant_privileges_on_tables    = optional(list(string), [])
    tables                        = optional(list(string), [])
    grant_privileges_on_sequences = optional(list(string), [])
    sequences                     = optional(list(string), [])
    grant_privileges_on_fdw       = optional(list(string), [])
    foreign_data_wrapper_access   = optional(list(string), [])
    schema                        = optional(string, "public")
  }))
 n/a yes
set_default_privileges Default privileges to apply per database and schema, with per-role customization 
map(object({
    schema             = optional(string, "public")
    objects_owner_user = optional(string, "postgres")
    roles = map(object({
      default_privileges_on_tables    = optional(list(string), [])
      default_privileges_on_sequences = optional(list(string), [])
      default_privileges_on_functions = optional(list(string), [])
      default_privileges_on_types     = optional(list(string), [])
      default_privileges_on_schemas   = optional(list(string), [])
    }))
  }))
 {} no

Outputs

Name Description
role_databases Databases list per role
role_passwords The passwords for each role

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform module for PostgreSQL database and roles setup

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 9

v1.1.0 Latest
Oct 27, 2025
+ 8 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages