| Name | Version |
|---|---|
| aws | >= 5.31.0 |
| random | >= 3.5.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alias | The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"alias/ec2-test" |
no |
| allowed_ip | List of allowed ip. | list(any) |
[ |
no |
| allowed_ports | List of allowed ingress ports | list(any) |
[ |
no |
| apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. | bool |
true |
no |
| attributes | Additional attributes (e.g. 1). |
list(string) |
[] |
no |
| ca_cert_identifier | The identifier of the certificate authority (CA) certificate for the DB instance. | string |
null |
no |
| cluster_family | The family of the DocumentDB cluster parameter group. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-parameter-group-create.html . | string |
"docdb5.0" |
no |
| cluster_size | Number of DB instances to create in the cluster | string |
"2" |
no |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. | string |
"SYMMETRIC_DEFAULT" |
no |
| deletion_protection | (optional) describe your variable | bool |
null |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource. | number |
7 |
no |
| egress_ipv4_cidr_block | List of CIDR blocks. Cannot be specified with source_security_group_id or self. | list(string) |
[ |
no |
| egress_ipv4_from_port | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | number |
0 |
no |
| egress_ipv4_protocol | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | string |
"-1" |
no |
| egress_ipv4_to_port | Egress end port (or ICMP code if protocol is icmp). | number |
65535 |
no |
| egress_ipv6_cidr_block | List of CIDR blocks. Cannot be specified with source_security_group_id or self. | list(string) |
[ |
no |
| egress_ipv6_from_port | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | number |
0 |
no |
| egress_ipv6_protocol | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | string |
"-1" |
no |
| egress_ipv6_to_port | Egress end port (or ICMP code if protocol is icmp). | number |
65535 |
no |
| egress_rule | Enable to create egress rule | bool |
true |
no |
| enable_key_rotation | Specifies whether key rotation is enabled. | string |
true |
no |
| enable_security_group | Enable default Security Group with only Egress traffic allowed. | bool |
true |
no |
| enabled_cloudwatch_logs_exports | List of log types to export to cloudwatch. The following log types are supported: audit, error, general, slowquery. | list(string) |
[ |
no |
| engine | The name of the database engine to be used for this DB cluster. Defaults to docdb. Valid values: docdb. |
string |
"docdb" |
no |
| engine_version | The version number of the database engine to use. | string |
"" |
no |
| instance_class | The instance class to use. For more details, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs . | string |
"db.t3.medium" |
no |
| is_enabled | Specifies whether the key is enabled. | bool |
true |
no |
| is_external | enable to udated existing security Group | bool |
false |
no |
| key_usage | Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. | string |
"ENCRYPT_DECRYPT" |
no |
| kms_description | The description of the key as viewed in AWS console. | string |
"KMS key for documentdb" |
no |
| kms_key_enabled | Specifies whether the kms is enabled or disabled. | bool |
true |
no |
| kms_multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool |
false |
no |
| master_password | (Required unless a snapshot_identifier is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. | string |
"" |
no |
| master_username | (Required unless a snapshot_identifier is provided) Username for the master DB user. | string |
"root" |
no |
| name | Name of the database. | string |
n/a | yes |
| parameters | A list of DocumentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources. | list(object({ |
[] |
no |
| preferred_backup_window | Daily time range during which the backups happen. | string |
"07:00-09:00" |
no |
| protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| retention_period | Number of days to retain backups for. | string |
"7" |
no |
| sg_description | The security group description. | string |
"Instance default security group (only egress access is allowed)." |
no |
| sg_egress_description | Description of the egress and ingress rule | string |
"Description of the rule." |
no |
| sg_egress_ipv6_description | Description of the egress_ipv6 rule | string |
"Description of the rule." |
no |
| sg_ids | of the security group id. | list(any) |
[] |
no |
| sg_ingress_description | Description of the ingress rule | string |
"Description of the ingress rule use elasticache." |
no |
| skip_final_snapshot | Determines whether a final DB snapshot is created before the DB cluster is deleted. | bool |
false |
no |
| snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot. | string |
"" |
no |
| ssh_allowed_ip | List of allowed ip. | list(any) |
[] |
no |
| ssh_allowed_ports | List of allowed ingress ports | list(any) |
[] |
no |
| ssh_protocol | The protocol. If not icmp, tcp, udp, or all use the. | string |
"tcp" |
no |
| ssh_sg_ingress_description | Description of the ingress rule | string |
"Description of the ingress rule use elasticache." |
no |
| subnet_list | List of subnet IDs database instances should deploy into. | list(string) |
[ |
no |
| tags | Additional tags (e.g. map(BusinessUnit,XYZ). |
map(string) |
{} |
no |
| vpc_id | The ID of the VPC that the instance security group belongs to. | string |
"" |
no |
| Name | Type |
|---|---|
| aws_docdb_cluster.this | resource |
| aws_docdb_cluster_instance.this | resource |
| aws_docdb_cluster_parameter_group.this | resource |
| aws_docdb_subnet_group.this | resource |
| aws_security_group.default | resource |
| aws_security_group_rule.egress_ipv4 | resource |
| aws_security_group_rule.egress_ipv6 | resource |
| aws_security_group_rule.ingress | resource |
| aws_security_group_rule.ssh_ingress | resource |
| random_password.master | resource |
| aws_iam_policy_document.kms | data source |
| Name | Description |
|---|---|
| arn | Amazon Resource Name (ARN) of the cluster. |
| cluster_name | Cluster Identifier. |
| master_password | password for the master DB user. |
| master_username | Username for the master DB user. |
| reader_endpoint | A read-only endpoint of the DocumentDB cluster, automatically load-balanced across replicas. |
| writer_endpoint | Endpoint of the DocumentDB cluster. |
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
