This is a Terraform module for a Microsoft SQL Server (Standard Edition) for AWS RDS
- Note that credentials are stored in AWS Secrets Manger
Once the mssql RDS is up and running, you may want to test connectivity from the cluster. To do this:
- Start an interactive diagnostic pod with mssql tooling (note your shell will hang, so you'll likely need multiple terminals open):
kubectl run mssql-diag --image=mcr.microsoft.com/mssql-tools --restart=Never -n default --overrides='{"spec":{"tolerations":[{"effect": "NoSchedule","key": "CriticalAddonsOnly","operator": "Exists" }]}}' -i --tty- In a separate terminal, shell into the
mssql-diagpod and run the following command to test connectivity:
sqlcmd -U regscale -P <password> -S <server-url> -Q "SELECT * FROM SYSOBJECTS WHERE xtype='U';"You should see output showing the tables in the mssql database.
- Delete the
mssql-diagpod when finished
| Name | Version |
|---|---|
| terraform | >= 1.2 |
| aws | >= 4.61.0 |
| Name | Version |
|---|---|
| aws | >= 4.61.0 |
| Name | Source | Version |
|---|---|---|
| mssql-db | terraform-aws-modules/rds/aws | 5.2.3 |
| Name | Type |
|---|---|
| aws_db_instance_role_association.s3_integration | resource |
| aws_db_subnet_group.db_subnet_group | resource |
| aws_route53_record.www | resource |
| aws_security_group.mssql | resource |
| aws_security_group_rule.db_egress | resource |
| aws_security_group_rule.db_ingress_cidr_blocks | resource |
| aws_security_group_rule.db_ingress_prefix_lists | resource |
| aws_security_group_rule.db_ingress_security_groups | resource |
| aws_route53_zone.cms_zone | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_attached_security_group_ids | n/a | list(string) |
[] |
no |
| allocated_storage | n/a | number |
20 |
no |
| allowed_cidr_blocks | n/a | list(string) |
[] |
no |
| allowed_prefix_lists | n/a | list(string) |
[] |
no |
| allowed_security_group_ids | n/a | list(string) |
[] |
no |
| apply_immediately | n/a | bool |
false |
no |
| auto_minor_version_upgrade | n/a | bool |
true |
no |
| backup_retention_period | The days to retain backups for. Default 7 | number |
7 |
no |
| backup_window | n/a | string |
"03:00-06:00" |
no |
| ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string |
"rds-ca-rsa2048-g1" |
no |
| create_random_password | Determines whether to create random password for RDS primary cluster | bool |
true |
no |
| deletion_protection | n/a | bool |
false |
no |
| instance_class | Instance classes for instances created under the cluster | string |
"db.r5.xlarge" |
no |
| maintenance_window | n/a | string |
"Mon:00:00-Mon:03:00" |
no |
| master_username | n/a | string |
"admin" |
no |
| max_allocated_storage | n/a | number |
100 |
no |
| name | n/a | string |
n/a | yes |
| options | A list of Options to apply | any |
[] |
no |
| port | n/a | number |
1433 |
no |
| route53_record_name | n/a | string |
n/a | yes |
| route53_zone_base_domain | If route53_zone_id is an empty string, this variable is used to lookup the r53 zone dynamicaly | string |
"" |
no |
| route53_zone_id | n/a | string |
"" |
no |
| s3_integration_role_arn | n/a | string |
"" |
no |
| skip_final_snapshot | n/a | bool |
false |
no |
| subnet_group_name_override | Override the subnet group name. If not set, the name will be the same as the name of the RDS instance | string |
"" |
no |
| subnet_ids | n/a | list(string) |
n/a | yes |
| tags | n/a | map(string) |
{ |
no |
| vpc_id | n/a | string |
n/a | yes |
| Name | Description |
|---|---|
| db_database_name | Name for an automatically created database on creation |
| db_endpoint | Endpoint for the db |
| db_engine_version_actual | The running version of the RDS database |
| db_hosted_zone_id | The Route53 Hosted Zone ID of the endpoint |
| db_id | The RDS Identifier |
| db_instance_arn | Amazon Resource Name (ARN) of RDS instance |
| db_master_password | The database master password |
| db_master_username | The database master username |
| db_port | The database port |
| db_resource_id | The RDS Resource ID |