Skip to content
A Terraform module to create an Amazon Web Services (AWS) PostgreSQL Relational Database Server (RDS).
HCL Shell
Branch: develop
Clone or download



A Terraform module to create an Amazon Web Services (AWS) PostgreSQL Relational Database Server (RDS).


module "postgresql_rds" {
  source = ""
  vpc_id = "vpc-20f74844"
  allocated_storage = "32"
  engine_version = "9.4.4"
  instance_type = "db.t2.micro"
  storage_type = "gp2"
  database_identifier = "jl23kj32sdf"
  database_name = "hector"
  database_username = "hector"
  database_password = "secret"
  database_port = "5432"
  backup_retention_period = "30"
  backup_window = "04:00-04:30"
  maintenance_window = "sun:04:30-sun:05:30"
  auto_minor_version_upgrade = false
  multi_availability_zone = true
  storage_encrypted = false
  subnet_group =
  parameter_group =
  monitoring_interval = "60"
  deletion_protection = true
  cloudwatch_logs_exports = ["postgresql"]

  alarm_cpu_threshold = "75"
  alarm_disk_queue_threshold = "10"
  alarm_free_disk_threshold = "5000000000"
  alarm_free_memory_threshold = "128000000"
  alarm_actions = ["arn:aws:sns..."]
  ok_actions = ["arn:aws:sns..."]
  insufficient_data_actions = ["arn:aws:sns..."]

  project = "Something"
  environment = "Staging"

Note about Enhanced Monitoring support

If the monitoring_interval passed as an input to this module is 0, an empty monitoring_role_arn value will be passed to the aws_db_instance resource.

This is because, if a value for monitoring_role_arn is passed to an aws_db_instance, along with a monitoring_interval of 0, the following error will occur:

InvalidParameterCombination: You must specify a MonitoringInterval value other than 0 when you specify a MonitoringRoleARN value.

If you're curious to know more, see the discussion within


  • vpc_id - ID of VPC meant to house database
  • project - Name of project this VPC is meant to house (default: Unknown)
  • environment - Name of environment this VPC is targeting (default: Unknown)
  • allocated_storage - Storage allocated to database instance (default: 32)
  • engine_version - Database engine version (default: 11.5)
  • instance_type - Instance type for database instance (default: db.t3.micro)
  • storage_type - Type of underlying storage for database (default: gp2)
  • iops - The amount of provisioned IOPS. Setting this implies a storage_type of io1 (default: 0)
  • database_identifier - Identifier for RDS instance
  • snapshot_identifier - The name of the snapshot (if any) the database should be created from
  • database_name - Name of database inside storage engine
  • database_username - Name of user inside storage engine
  • database_password - Database password inside storage engine
  • database_port - Port on which database will accept connections (default 5432)
  • backup_retention_period - Number of days to keep database backups (default: 30)
  • backup_window - 30 minute time window to reserve for backups (default: 04:00-04:30)
  • maintenance_window - 60 minute time window to reserve for maintenance (default: sun:04:30-sun:05:30)
  • auto_minor_version_upgrade - Minor engine upgrades are applied automatically to the DB instance during the maintenance window (default: true)
  • final_snapshot_identifier - Identifier for final snapshot if skip_final_snapshot is set to false (default: terraform-aws-postgresql-rds-snapshot)
  • skip_final_snapshot - Flag to enable or disable a snapshot if the database instance is terminated (default: true)
  • copy_tags_to_snapshot - Flag to enable or disable copying instance tags to the final snapshot (default: false)
  • multi_availability_zone - Flag to enable hot standby in another availability zone (default: false)
  • storage_encrypted - Flag to enable storage encryption (default: false)
  • monitoring_interval - The interval, in seconds, between points when Enhanced Monitoring metrics are collected (default: 0)
  • deletion_protection - Flag to protect the database instance from deletion (default: false)
  • cloudwatch_logs_exports - List of logs to publish to CloudWatch Logs. See all available options. (default: ["postgresql, "upgrade"])
  • subnet_group - Database subnet group
  • parameter_group - Database engine parameter group (default: default.postgres11)
  • alarm_cpu_threshold - CPU alarm threshold as a percentage (default: 75)
  • alarm_disk_queue_threshold - Disk queue alarm threshold (default: 10)
  • alarm_free_disk_threshold - Free disk alarm threshold in bytes (default: 5000000000)
  • alarm_free_memory_threshold - Free memory alarm threshold in bytes (default: 128000000)
  • alarm_cpu_credit_balance_threshold - CPU credit balance threshold (default: 30). Only used for db.t* instance types
  • alarm_actions - List of ARNs to be notified via CloudWatch when alarm enters ALARM state
  • ok_actions - List of ARNs to be notified via CloudWatch when alarm enters OK state
  • insufficient_data_actions - List of ARNs to be notified via CloudWatch when alarm enters INSUFFICIENT_DATA state
  • tags - Extra tags to attach to the RDS resources (default: {})


  • id - The database instance ID
  • database_security_group_id - Security group ID of the database
  • hosted_zone_id - The zone id for the autogenerated DNS name given in endpoint.
  • hostname - Public DNS name of database instance
  • port - Port of database instance
  • endpoint - Public DNS name and port separated by a colon Use this when creating a short-name DNS alias for the endpoint
You can’t perform that action at this time.