terraform-google-alloy-db

This module handles Google Cloud Platform AlloyDB cluster creation and configuration with Automated Backup Policy, Primary node instance and Read Node Pools. The resource/resources that this module will create are:

Creates an AlloyDB Cluster with/without automated backup policy
Creates a Primary Instance
Creates a pool of Read Instances

You can also create Cross Region Replica using this module. See example in cross_region_replica

Compatibility

This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3+. If you find incompatibilities using Terraform >=1.3, please open an issue.

Version

Current version is 2.X. Upgrade guides:

Usage

Functional examples are included in the examples directory.
If you want to create a cluster with failover replica and manage lifecycle of primary and secondary instance clusters lifecycle using this module, follow example in simple_example.
If you are planning to create cluster/instance with private service connect follow example in private_service_connect.

Basic usage of this module is as follows:

module "alloy-db" {
  source               = "GoogleCloudPlatform/alloy-db/google"
  version              = "~> 3.0"

  cluster_id           = "alloydb-cluster"
  cluster_location     = "us-central1"
  project_id           = <"PROJECT_ID">
  cluster_labels       = {}
  cluster_display_name = ""
  cluster_initial_user = {
    user     = "<USER_NAME>",
    password = "<PASSWORD>"
  }
  network_self_link = "projects/${project_id}/global/networks/${network_name}"

  automated_backup_policy = {
    location      = "us-central1"
    backup_window = "1800s",
    enabled       = true,
    weekly_schedule = {
      days_of_week = ["FRIDAY"],
      start_times  = ["2:00:00:00", ]
    }
    quantity_based_retention_count = 1,
    time_based_retention_count     = null,
    labels = {
      test = "alloydb-cluster"
    },
  }
  primary_instance = null

  read_pool_instance = null

}

Usage of this module for creating a AlloyDB Cluster with a primary instance and a read replica instance

module "alloy-db" {
  source               = "GoogleCloudPlatform/alloy-db/google"
  version              = "~> 3.0"
  project_id           = <PROJECT_ID>
  cluster_id           = "alloydb-cluster-with-primary-instance"
  cluster_location     = "us-central1"
  cluster_labels       = {}
  cluster_display_name = ""
  cluster_initial_user = {
    user     = "<USER_NAME>",
    password = "<PASSWORD>"
  }
  network_self_link = "projects/${project_id}/global/networks/${network_name}"

  automated_backup_policy = null

  primary_instance = {
    instance_id       = "primary-instance",
    instance_type     = "PRIMARY",
    machine_cpu_count = 2,
    database_flags    = {},
    display_name      = "alloydb-primary-instance"
  }

  read_pool_instance = [
    {
      instance_id        = "cluster-1-rr-1"
      display_name       = "cluster-1-rr-1"
      require_connectors = false
      ssl_mode           = "ALLOW_UNENCRYPTED_AND_ENCRYPTED"
    }
  ]

}

Inputs

Name	Description	Type	Default	Required
allocated_ip_range	The name of the allocated IP range for the private IP AlloyDB cluster. For example: google-managed-services-default. If set, the instance IPs for this cluster will be created in the allocated range	`string`	`null`	no
automated_backup_policy	The automated backup policy for this cluster. If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days	object({ location = optional(string) backup_window = optional(string) enabled = optional(bool) weekly_schedule = optional(object({ days_of_week = optional(list(string)) start_times = list(string) })), quantity_based_retention_count = optional(number) time_based_retention_count = optional(string) labels = optional(map(string)) backup_encryption_key_name = optional(string) })	`null`	no
cluster_display_name	Human readable display name for the Alloy DB Cluster	`string`	`null`	no
cluster_encryption_key_name	The fully-qualified resource name of the KMS key for cluster encryption. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]	`string`	`null`	no
cluster_id	The ID of the alloydb cluster	`string`	n/a	yes
cluster_initial_user	Alloy DB Cluster Initial User Credentials	object({ user = optional(string), password = string })	`null`	no
cluster_labels	User-defined labels for the alloydb cluster	`map(string)`	`{}`	no
cluster_location	Location where AlloyDb cluster will be deployed	`string`	n/a	yes
cluster_type	The type of cluster. If not set, defaults to PRIMARY. Default value is PRIMARY. Possible values are: PRIMARY, SECONDARY	`string`	`"PRIMARY"`	no
continuous_backup_enable	Whether continuous backup recovery is enabled. If not set, defaults to true	`bool`	`true`	no
continuous_backup_encryption_key_name	The fully-qualified resource name of the KMS key. Cloud KMS key should be in same region as Cluster and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]	`string`	`null`	no
continuous_backup_recovery_window_days	The numbers of days that are eligible to restore from using PITR (point-in-time-recovery). Defaults to 14 days. The value must be between 1 and 35	`number`	`14`	no
database_version	The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. Possible valus: POSTGRES_14, POSTGRES_15	`string`	`null`	no
network_self_link	Network ID where the AlloyDb cluster will be deployed. If network_self_link is set then psc_enabled should be set to false	`string`	`null`	no
primary_cluster_name	Primary cluster name. Required for creating cross region secondary cluster. Not needed for primary cluster	`string`	`null`	no
primary_instance	Primary cluster configuration that supports read and write operations.	object({ instance_id = string, display_name = optional(string), database_flags = optional(map(string)) labels = optional(map(string)) annotations = optional(map(string)) gce_zone = optional(string) availability_type = optional(string) machine_cpu_count = optional(number, 2) ssl_mode = optional(string) require_connectors = optional(bool) query_insights_config = optional(object({ query_string_length = optional(number) record_application_tags = optional(bool) record_client_address = optional(bool) query_plans_per_minute = optional(number) })) enable_public_ip = optional(bool, false) cidr_range = optional(list(string)) })	n/a	yes
project_id	The ID of the project in which to provision resources.	`string`	n/a	yes
psc_allowed_consumer_projects	List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance. These should be specified as project numbers only.	`list(string)`	`[]`	no
psc_enabled	Create an instance that allows connections from Private Service Connect endpoints to the instance. If psc_enabled is set to true, then network_self_link should be set to null	`bool`	`false`	no
read_pool_instance	List of Read Pool Instances to be created	list(object({ instance_id = string display_name = string node_count = optional(number, 1) database_flags = optional(map(string)) availability_type = optional(string) gce_zone = optional(string) machine_cpu_count = optional(number, 2) ssl_mode = optional(string) require_connectors = optional(bool) query_insights_config = optional(object({ query_string_length = optional(number) record_application_tags = optional(bool) record_client_address = optional(bool) query_plans_per_minute = optional(number) })) }))	`[]`	no

Outputs

Name	Description
cluster	Cluster created
cluster_id	ID of the Alloy DB Cluster created
cluster_name	ID of the Alloy DB Cluster created
primary_instance	Primary instance created
primary_instance_id	ID of the primary instance created
primary_psc_attachment_link	The private service connect (psc) attachment created for primary instance
primary_psc_dns_name	The DNS name of the instance for PSC connectivity created for primary instance
read_instance_ids	IDs of the read instances created
read_psc_attachment_links	The private service connect (psc) attachment created read replica instances
read_psc_dns_names	The DNS names of the instances for PSC connectivity created for replica instances
replica_instances	Replica instances created

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Terraform v1.3
Terraform Provider for GCP plugin >= v5.32+

Service Account

A service account with the following roles must be used to provision the resources of this module:

Cloud AlloyDB Admin: roles/alloydb.admin

APIs

A project with the following APIs enabled must be used to host the resources of this module:

alloydb.googleapis.com

Contributing

Refer to the contribution guidelines for information on contributing to this module.

Security Disclosures

Please see our security disclosure process.

GoogleCloudPlatform / terraform-google-alloy-db

readme