|
| 1 | +# Azure Database for PostgreSQL Terraform Module |
| 2 | + |
| 3 | +Azure Database for PostgreSQL Single Server is a fully managed database service with minimal requirements for customizations of database. The single server platform is designed to handle most of the database management functions such as patching, backups, high availability, security with minimal user configuration and control. The architecture is optimized for built-in high availability with 99.99% availability on single availability zone. It supports community version of PostgreSQL 9.5, 9,6, 10, and 11. |
| 4 | + |
| 5 | +## Module Usage (PostgreSQL with optional resrouces) |
| 6 | + |
| 7 | +```terraform |
| 8 | +module "postgresql-db" { |
| 9 | + source = "kumarvna/postgresql-db/azurerm" |
| 10 | + version = "1.1.0" |
| 11 | +
|
| 12 | + # By default, this module will create a resource group |
| 13 | + # proivde a name to use an existing resource group and set the argument |
| 14 | + # to `create_resource_group = false` if you want to existing resoruce group. |
| 15 | + # If you use existing resrouce group location will be the same as existing RG. |
| 16 | + create_resource_group = false |
| 17 | + resource_group_name = "rg-shared-westeurope-01" |
| 18 | + location = "westeurope" |
| 19 | +
|
| 20 | + # PostgreSQL Server and Database settings |
| 21 | + postgresql_server_name = "mypostgresdbsrv01" |
| 22 | +
|
| 23 | + postgresql_server_settings = { |
| 24 | + sku_name = "GP_Gen5_8" |
| 25 | + storage_mb = 640000 |
| 26 | + version = "9.6" |
| 27 | + # default admin user `postgresadmin` and can be specified as per the choice here |
| 28 | + # by default random password created by this module. required password can be specified here |
| 29 | + admin_username = "postgresadmin" |
| 30 | + admin_password = "H@Sh1CoR3!" |
| 31 | + # Database name, charset and collection arguments |
| 32 | + database_name = "demo-postgres-db" |
| 33 | + charset = "UTF8" |
| 34 | + collation = "English_United States.1252" |
| 35 | + # Storage Profile and other optional arguments |
| 36 | + auto_grow_enabled = true |
| 37 | + backup_retention_days = 7 |
| 38 | + geo_redundant_backup_enabled = true |
| 39 | + public_network_access_enabled = true |
| 40 | + ssl_enforcement_enabled = true |
| 41 | + ssl_minimal_tls_version_enforced = "TLS1_2" |
| 42 | + } |
| 43 | +
|
| 44 | + # PostgreSQL Server Parameters |
| 45 | + # For more information: https://bit.ly/3dbYTtB |
| 46 | + postgresql_configuration = { |
| 47 | + backslash_quote = "on" |
| 48 | + } |
| 49 | +
|
| 50 | + # Use Virtual Network service endpoints and rules for Azure Database for PostgreSQL |
| 51 | + subnet_id = var.subnet_id |
| 52 | +
|
| 53 | + # The URL to a Key Vault custom managed key |
| 54 | + key_vault_key_id = var.key_vault_key_id |
| 55 | +
|
| 56 | + # To enable Azure Defender for database set `enable_threat_detection_policy` to true |
| 57 | + enable_threat_detection_policy = true |
| 58 | + log_retention_days = 30 |
| 59 | + email_addresses_for_alerts = ["user@example.com", "firstname.lastname@example.com"] |
| 60 | +
|
| 61 | + # AD administrator for an Azure database for PostgreSQL |
| 62 | + # Allows you to set a user or group as the AD administrator for PostgreSQL server |
| 63 | + ad_admin_login_name = "firstname.lastname@example.com" |
| 64 | +
|
| 65 | + # (Optional) To enable Azure Monitoring for Azure PostgreSQL database |
| 66 | + # (Optional) Specify `storage_account_name` to save monitoring logs to storage. |
| 67 | + log_analytics_workspace_name = "loganalytics-we-sharedtest2" |
| 68 | +
|
| 69 | + # Firewall Rules to allow azure and external clients and specific Ip address/ranges. |
| 70 | + firewall_rules = { |
| 71 | + access-to-azure = { |
| 72 | + start_ip_address = "0.0.0.0" |
| 73 | + end_ip_address = "0.0.0.0" |
| 74 | + }, |
| 75 | + desktop-ip = { |
| 76 | + start_ip_address = "49.204.228.223" |
| 77 | + end_ip_address = "49.204.228.223" |
| 78 | + } |
| 79 | + } |
| 80 | +
|
| 81 | + # Tags for Azure Resources |
| 82 | + tags = { |
| 83 | + Terraform = "true" |
| 84 | + Environment = "dev" |
| 85 | + Owner = "test-user" |
| 86 | + } |
| 87 | +} |
| 88 | +``` |
| 89 | + |
| 90 | +## Module Usage (PostgreSQL with private link and optional resrouces) |
| 91 | + |
| 92 | +```terraform |
| 93 | +module "postgresql-db" { |
| 94 | + source = "kumarvna/postgresql-db/azurerm" |
| 95 | + version = "1.1.0" |
| 96 | +
|
| 97 | + # By default, this module will create a resource group |
| 98 | + # proivde a name to use an existing resource group and set the argument |
| 99 | + # to `create_resource_group = false` if you want to existing resoruce group. |
| 100 | + # If you use existing resrouce group location will be the same as existing RG. |
| 101 | + create_resource_group = false |
| 102 | + resource_group_name = "rg-shared-westeurope-01" |
| 103 | + location = "westeurope" |
| 104 | +
|
| 105 | + # PostgreSQL Server and Database settings |
| 106 | + postgresql_server_name = "mypostgresdbsrv01" |
| 107 | +
|
| 108 | + postgresql_server_settings = { |
| 109 | + sku_name = "GP_Gen5_8" |
| 110 | + storage_mb = 640000 |
| 111 | + version = "9.6" |
| 112 | + # default admin user `postgresadmin` and can be specified as per the choice here |
| 113 | + # by default random password created by this module. required password can be specified here |
| 114 | + admin_username = "postgresadmin" |
| 115 | + admin_password = "H@Sh1CoR3!" |
| 116 | + # Database name, charset and collection arguments |
| 117 | + database_name = "demo-postgres-db" |
| 118 | + charset = "UTF8" |
| 119 | + collation = "English_United States.1252" |
| 120 | + # Storage Profile and other optional arguments |
| 121 | + auto_grow_enabled = true |
| 122 | + backup_retention_days = 7 |
| 123 | + geo_redundant_backup_enabled = true |
| 124 | + public_network_access_enabled = true |
| 125 | + ssl_enforcement_enabled = true |
| 126 | + ssl_minimal_tls_version_enforced = "TLS1_2" |
| 127 | + } |
| 128 | +
|
| 129 | + # PostgreSQL Server Parameters |
| 130 | + # For more information: https://bit.ly/3dbYTtB |
| 131 | + postgresql_configuration = { |
| 132 | + backslash_quote = "on" |
| 133 | + } |
| 134 | +
|
| 135 | + # Use Virtual Network service endpoints and rules for Azure Database for PostgreSQL |
| 136 | + subnet_id = var.subnet_id |
| 137 | +
|
| 138 | + # The URL to a Key Vault custom managed key |
| 139 | + key_vault_key_id = var.key_vault_key_id |
| 140 | +
|
| 141 | + # To enable Azure Defender for database set `enable_threat_detection_policy` to true |
| 142 | + enable_threat_detection_policy = true |
| 143 | + log_retention_days = 30 |
| 144 | + email_addresses_for_alerts = ["user@example.com", "firstname.lastname@example.com"] |
| 145 | +
|
| 146 | + # AD administrator for an Azure database for PostgreSQL |
| 147 | + # Allows you to set a user or group as the AD administrator for PostgreSQL server |
| 148 | + ad_admin_login_name = "firstname.lastname@example.com" |
| 149 | +
|
| 150 | + # (Optional) To enable Azure Monitoring for Azure PostgreSQL database |
| 151 | + # (Optional) Specify `storage_account_name` to save monitoring logs to storage. |
| 152 | + log_analytics_workspace_name = "loganalytics-we-sharedtest2" |
| 153 | +
|
| 154 | + # Creating Private Endpoint requires, VNet name and address prefix to create a subnet |
| 155 | + # By default this will create a `privatelink.mysql.database.azure.com` DNS zone. |
| 156 | + # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name |
| 157 | + enable_private_endpoint = true |
| 158 | + virtual_network_name = "vnet-shared-hub-westeurope-001" |
| 159 | + private_subnet_address_prefix = ["10.1.5.0/29"] |
| 160 | + # existing_private_dns_zone = "demo.example.com" |
| 161 | +
|
| 162 | + # Firewall Rules to allow azure and external clients and specific Ip address/ranges. |
| 163 | + firewall_rules = { |
| 164 | + access-to-azure = { |
| 165 | + start_ip_address = "0.0.0.0" |
| 166 | + end_ip_address = "0.0.0.0" |
| 167 | + }, |
| 168 | + desktop-ip = { |
| 169 | + start_ip_address = "49.204.228.223" |
| 170 | + end_ip_address = "49.204.228.223" |
| 171 | + } |
| 172 | + } |
| 173 | +
|
| 174 | + # Tags for Azure Resources |
| 175 | + tags = { |
| 176 | + Terraform = "true" |
| 177 | + Environment = "dev" |
| 178 | + Owner = "test-user" |
| 179 | + } |
| 180 | +} |
| 181 | +``` |
| 182 | + |
| 183 | +## Terraform Usage |
| 184 | + |
| 185 | +To run this example you need to execute following Terraform commands |
| 186 | + |
| 187 | +```hcl |
| 188 | +terraform init |
| 189 | +
|
| 190 | +terraform plan |
| 191 | +
|
| 192 | +terraform apply |
| 193 | +``` |
| 194 | + |
| 195 | +Run `terraform destroy` when you don't need these resources. |
| 196 | + |
| 197 | +## Outputs |
| 198 | + |
| 199 | +| Name | Description | |
| 200 | +|--|--| |
| 201 | +`resource_group_name`|The name of the resource group in which resources are created |
| 202 | +`resource_group_location`|The location of the resource group in which resources are created |
| 203 | +`storage_account_id`|The resource ID of the storage account |
| 204 | +`storage_account_name`|The name of the storage account |
| 205 | +`postgresql_server_id`|The resource ID of the PostgreSQL Server |
| 206 | +`postgresql_server_fqdn`|The FQDN of the PostgreSQL Server |
| 207 | +`postgresql_database_id`|The ID of the PostgreSQL Database |
| 208 | +`postgresql_server_private_endpoint`|id of the PostgreSQL server Private Endpoint |
| 209 | +`postgresql_server_private_dns_zone_domain`|DNS zone name of PostgreSQL server Private endpoints dns name records |
| 210 | +`postgresql_server_private_endpoint_ip`|PostgreSQL server private endpoint IPv4 Addresses |
| 211 | +`postgresql_server_private_endpoint_fqdn`|PostgreSQL server private endpoint FQDN Addresses |
0 commit comments