This project deploys a Google Cloud infrastructure using Terraform to create Postgresql .
To use this module, you should have Terraform installed and configured for GCP. This module provides the necessary Terraform configuration for creating GCP resources, and you can customize the inputs as needed. Below is an example of how to use this module:
module "postgresql-db" {
source = "cypik/postgresql/google"
version = "1.0.2"
name = "testdb"
environment = "test"
db_name = "postgresql"
root_password = "G5PX1SDW0R"
user_password = "Y2512FCNU85HEE9"
database_version = "POSTGRES_14"
zone = "us-central1-c"
region = "us-central1"
edition = "ENTERPRISE_PLUS"
tier = "db-perf-optimized-N-2"
data_cache_enabled = true
random_instance_name = true
deletion_protection = false
ip_configuration = {
ipv4_enabled = true
private_network = null
ssl_mode = "ENCRYPTED_ONLY"
allocated_ip_range = null
authorized_networks = [{
name = "sample-gcp-health-checkers-range"
value = "130.211.0.0/28"
}]
}
}module "postgresql-db" {
source = "cypik/postgresql/google"
version = "1.0.2"
name = local.name
environment = "test"
user_name = "app"
user_password = "foobar"
db_name = "dbtest"
db_charset = "UTF8"
db_collation = "en_US.UTF8"
database_version = "POSTGRES_15"
region = "asia-northeast1"
tier = "db-custom-2-7680"
zone = "asia-northeast1-a"
availability_type = "REGIONAL"
maintenance_window_day = 7
maintenance_window_hour = 12
maintenance_window_update_track = "stable"
random_instance_name = true
deletion_protection = false
database_flags = [{ name = "autovacuum", value = "off" }]
user_labels = {
foo = "bar"
}
insights_config = {
query_plans_per_minute = 5
}
ip_configuration = {
ipv4_enabled = false
psc_enabled = true
ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
}
backup_configuration = {
enabled = true
start_time = "20:55"
location = null
point_in_time_recovery_enabled = false
transaction_log_retention_days = null
retained_backups = 365
retention_unit = "COUNT"
}
additional_databases = [
{
name = "${local.name}-additional"
charset = "UTF8"
collation = "en_US.UTF8"
},
]
additional_users = [
{
name = "tftest2"
password = "abcdefg"
host = "localhost"
random_password = false
},
{
name = "tftest3"
password = "abcdefg"
host = "localhost"
random_password = false
},
]
}module "postgresql-db" {
source = "cypik/postgresql/google"
version = "1.0.2"
name = "example-iam"
environment = "test"
db_name = "postgresql"
database_version = "POSTGRES_9_6"
zone = "asia-northeast1-a"
region = "asia-northeast1"
tier = "db-custom-1-3840"
deletion_protection = false
random_instance_name = true
enable_random_password_special = true
ip_configuration = {
ipv4_enabled = true
private_network = null
ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
allocated_ip_range = null
authorized_networks = [{
name = "sample-gcp-health-checkers-range"
value = "130.211.0.0/28"
}]
}
password_validation_policy_config = {
complexity = "COMPLEXITY_DEFAULT"
disallow_username_substring = true
min_length = 8
password_change_interval = "3600s"
reuse_interval = 1
}
database_flags = [
{
name = "cloudsql.iam_authentication"
value = "on"
},
]
additional_users = [
{
name = "tftest2"
password = "Ex@mp!e1"
host = "localhost"
random_password = false
},
{
name = "tftest3"
password = "Ex@mp!e2"
host = "localhost"
random_password = false
},
]
iam_users = [
{
id = "cloudsql_pg_sa",
email = "example@gmail.com"
},
{
id = "dbadmin",
email = "dbadmin@develop.blueprints.joonix.net"
},
{
id = "subtest",
email = "subtest@develop.blueprints.joonix.net"
type = "CLOUD_IAM_GROUP"
}
]
}module "postgresql-db" {
source = "cypik/postgresql/google"
version = "1.0.2"
name = local.name
user_name = "app"
environment = "test"
user_password = "foobar"
db_name = "dbtest"
db_charset = "UTF8"
db_collation = "en_US.UTF8"
database_version = "POSTGRES_9_6"
region = "asia-northeast1"
tier = "db-custom-1-3840"
zone = "asia-northeast1-a"
availability_type = "REGIONAL"
maintenance_window_day = 7
maintenance_window_hour = 12
maintenance_window_update_track = "stable"
deletion_protection = false
random_instance_name = true
database_flags = [{ name = "autovacuum", value = "off" }]
user_labels = {
foo = "bar"
}
ip_configuration = {
ipv4_enabled = true
ssl_mode = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
private_network = null
allocated_ip_range = null
authorized_networks = [
{
name = "cidr"
value = "192.10.10.10/32"
},
]
}
backup_configuration = {
enabled = true
start_time = "20:55"
location = null
point_in_time_recovery_enabled = false
transaction_log_retention_days = null
retained_backups = 365
retention_unit = "COUNT"
}
additional_databases = [
{
name = "${local.name}-additional"
charset = "UTF8"
collation = "en_US.UTF8"
},
]
additional_users = [
{
name = "tftest2"
password = "abcdefg"
host = "localhost"
random_password = false
},
{
name = "tftest3"
password = "abcdefg"
host = "localhost"
random_password = false
},
]
}This example demonstrates how to create various GCP resources using the provided modules. Adjust the input values to suit your specific requirements.
For detailed examples on how to use this module, please refer to the Examples directory within this repository.
Your Name Replace MIT and Cypik with the appropriate license and your information. Feel free to expand this README with additional details or usage instructions as needed for your specific use case.
This project is licensed under the MIT License - see the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >=1.9.5 |
| >=6.1.0 | |
| null | 3.2.3 |
| random | ~> 3.6.3 |
| Name | Version |
|---|---|
| >=6.1.0 | |
| null | 3.2.3 |
| random | ~> 3.6.3 |
| Name | Source | Version |
|---|---|---|
| labels | cypik/labels/google | 1.0.2 |
| Name | Type |
|---|---|
| google_project_iam_member.database_integration | resource |
| google_sql_database.additional_databases | resource |
| google_sql_database.default | resource |
| google_sql_database_instance.default | resource |
| google_sql_user.default | resource |
| google_sql_user.iam_account | resource |
| null_resource.module_depends_on | resource |
| random_id.suffix | resource |
| random_password.additional_passwords | resource |
| random_password.user_password | resource |
| google_client_config.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| activation_policy | The activation policy for the master instance.Can be either ALWAYS, NEVER or ON_DEMAND. |
string |
"ALWAYS" |
no |
| additional_databases | A list of additional databases to be created in the cluster, where each database is defined by its name, charset, and collation settings. | list(object({ |
[] |
no |
| additional_users | A list of users to be created in your cluster. A random password would be set for the user if the random_password variable is set. |
list(object({ |
[] |
no |
| availability_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either ZONAL or REGIONAL. |
string |
"ZONAL" |
no |
| backup_configuration | The database backup configuration. | object({ |
{ |
no |
| connector_enforcement | Enforce that clients use the connector library | bool |
false |
no |
| create_timeout | The optional timeout that is applied to limit long database creates. | string |
"30m" |
no |
| data_cache_enabled | Whether data cache is enabled for the instance. Defaults to false. Feature is only available for ENTERPRISE_PLUS tier and supported database_versions | bool |
false |
no |
| database_deletion_policy | The deletion policy for the database. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be deleted from the API if there are users other than cloudsqlsuperuser with access. Possible values are: "ABANDON". | string |
null |
no |
| database_flags | The database flags for the master instance. See more details | list(object({ |
[] |
no |
| database_integration_roles | The roles required by default database instance service account for integration with GCP services | list(string) |
[] |
no |
| database_version | The database version to use | string |
n/a | yes |
| db_charset | The charset for the default database | string |
"" |
no |
| db_collation | The collation for the default database. Example: 'en_US.UTF8' | string |
"" |
no |
| db_name | The name of the database to be created. | string |
"" |
no |
| delete_timeout | The optional timeout that is applied to limit long database deletes. | string |
"30m" |
no |
| deletion_protection | Used to block Terraform from deleting a SQL Instance. | bool |
true |
no |
| deletion_protection_enabled | Enables protection of an instance from accidental deletion across all surfaces (API, gcloud, Cloud Console and Terraform). | bool |
false |
no |
| deny_maintenance_period | The Deny Maintenance Period fields to prevent automatic maintenance from occurring during a 90-day time period. See more details | list(object({ |
[] |
no |
| disk_autoresize | Configuration to increase storage size. | bool |
true |
no |
| disk_autoresize_limit | The maximum size to which storage can be auto increased. | number |
0 |
no |
| disk_size | The disk size for the master instance. | number |
10 |
no |
| disk_type | The disk type for the master instance. | string |
"PD_SSD" |
no |
| edition | The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. | string |
null |
no |
| enable_default_db | Enable or disable the creation of the default database | bool |
true |
no |
| enable_default_user | Enable or disable the creation of the default user | bool |
true |
no |
| enable_google_ml_integration | Enable database ML integration | bool |
false |
no |
| enable_random_password_special | Enable special characters in generated random passwords. | bool |
false |
no |
| encryption_key_name | The full path to the encryption key used for the CMEK disk encryption | string |
null |
no |
| environment | Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| extra_tags | Additional tags for the resource. | map(string) |
{} |
no |
| follow_gae_application | A Google App Engine application whose zone to remain in. Must be in the same region as this instance. | string |
null |
no |
| iam_users | A list of IAM users to be created in your CloudSQL instance | list(object({ |
[] |
no |
| insights_config | The insights_config settings for the database. | object({ |
null |
no |
| instance_type | The type of the instance. The supported values are SQL_INSTANCE_TYPE_UNSPECIFIED, CLOUD_SQL_INSTANCE, ON_PREMISES_INSTANCE and READ_REPLICA_INSTANCE. Set to READ_REPLICA_INSTANCE if master_instance_name value is provided | string |
"CLOUD_SQL_INSTANCE" |
no |
| ip_configuration | The ip configuration for the Cloud SQL instances. | object({ |
{} |
no |
| label_order | Label order, e.g. sequence of application name and environment name,environment,'attribute' [webserver,qa,devops,public,] . |
list(any) |
[ |
no |
| maintenance_window_day | The day of week (1-7) for the master instance maintenance. | number |
1 |
no |
| maintenance_window_hour | The hour of day (0-23) maintenance window for the master instance maintenance. | number |
23 |
no |
| maintenance_window_update_track | The update track of maintenance window for the master instance maintenance.Can be either canary or stable. |
string |
"canary" |
no |
| managedby | ManagedBy, eg 'info@cypik.com'. | string |
"info@cypik.com" |
no |
| master_instance_name | Name of the master instance if this is a failover replica. Required for creating failover replica instance. Not needed for master instance. When removed, next terraform apply will promote this failover replica instance as master instance | string |
null |
no |
| module_depends_on | List of modules or resources this module depends on. | list(any) |
[] |
no |
| name | Name of the resource. Provided by the client when the resource is created. | string |
"test" |
no |
| password_validation_policy_config | The password validation policy settings for the database instance. | object({ |
null |
no |
| pricing_plan | The pricing plan for the master instance. | string |
"PER_USE" |
no |
| random_instance_name | Sets random suffix at the end of the Cloud SQL resource name | bool |
false |
no |
| region | The region of the Cloud SQL resources | string |
"us-central1" |
no |
| repository | Terraform current module repo | string |
"https://github.com/cypik/terraform-google-postgresql" |
no |
| root_password | Initial root password during creation | string |
null |
no |
| secondary_zone | The preferred zone for the secondary/failover instance, it should be something like: us-central1-a, us-east1-c. |
string |
null |
no |
| tier | The tier for the master instance. | string |
"db-f1-micro" |
no |
| update_timeout | The optional timeout that is applied to limit long database updates. | string |
"30m" |
no |
| user_deletion_policy | The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. Possible values are: "ABANDON". | string |
null |
no |
| user_labels | The key/value labels for the master instances. | map(string) |
{} |
no |
| user_name | The name of the default user | string |
"postgresql" |
no |
| user_password | The password for the default user. If not set, a random one will be generated and available in the generated_user_password output variable. | string |
"" |
no |
| zone | The zone for the master instance, it should be something like: us-central1-a, us-east1-c. |
string |
null |
no |
| Name | Description |
|---|---|
| connection_name | The connection name of the master instance to be used in connection strings |
| first_ip_address | The first IPv4 address of the addresses assigned. |
| generated_user_password | The auto-generated default user password if no input password was provided |
| iam_users | The list of the IAM users with access to the CloudSQL instance |
| instances | A list of all google_sql_database_instance resources we've created |
| ip_address | The IPv4 address assigned for the master instance |
| name | The instance name for the master instance |
| primary | The google_sql_database_instance resource representing the primary instance |
| private_ip_address | The first private (PRIVATE) IPv4 address assigned for the master instance |
| psc_service_attachment_link | The psc_service_attachment_link created for the master instance |
| public_ip_address | The first public (PRIMARY) IPv4 address assigned for the master instance |
| replicas | A list of google_sql_database_instance resources representing the replicas |
| self_link | The URI of the master instance |
| server_ca_cert | The CA certificate information used to connect to the SQL instance via SSL |
| service_account_email_address | The service account email address assigned to the master instance |