tb_pulumi.rds

Infrastructural patterns related to AWS’s RDS product.

class tb_pulumi.rds.RdsDatabaseGroup(name: str, project: ThunderbirdPulumiProject, db_name: str, subnets: list[Output], vpc_cidr: str, vpc_id: str, allocated_storage: int = 20, auto_minor_version_upgrade: bool = True, apply_immediately: bool = False, backup_retention_period: int = 7, blue_green_update: bool = False, db_username: str = 'root', enabled_cluster_cloudwatch_logs_exports: list[str] = [], enabled_instance_cloudwatch_logs_exports: list[str] = [], engine: str = 'postgres', engine_version: str = '15.7', instance_class: str = 'db.t3.micro', internal: bool = True, max_allocated_storage: int = 0, num_instances: int = 1, override_special='!#$%&*()-_=+[]{}<>:?', parameters: list[dict] = None, parameter_group_family: str = 'postgres15', performance_insights_enabled: bool = False, port: int = None, secret_recovery_window_in_days: int = None, sg_cidrs: list[str] = None, skip_final_snapshot: bool = False, storage_type: str = 'gp3', tags: dict = {}, opts: ResourceOptions = None, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:rds:RdsDatabaseGroup

Using RDS, construct a primary database and zero or more read replicas. A Network Load Balancer (NLB) is created to spread load across the read replicas.

Produces the following resources:

• instances - A list of aws.rds.Instances in the group. The zeroth index will always be the primary/writer instance. If there are any replica/reader instances, those will follow.

• key - aws.kms.Key used to encrypt database storage.

• load_balancer - tb_pulumi.ec2.NetworkLoadBalancer routing traffic to the read databases.

• parameter_group - aws.rds.ParameterGroup defining how these databases operate.

• password - pulumi_random.RandomPassword for the database.

• secret - tb_pulumi.secrets.SecretsManagerSecret storing the password within AWS.

• security_group - tb_pulumi.network.SecurityGroupWithRules defining access to the database.

• ssm_param_db_name - aws.ssm.Parameter containing the database name.

• ssm_param_db_write_host - aws.ssm.Parameter containing the write instance’s hostname.

• ssm_param_port - aws.ssm.Parameter containing the database port.

• ssm_param_read_host - aws.ssm.Parameter containing the hostname of the read traffic load balancer.

• subnet_group - aws.rds.SubnetGroup, a logical grouping of subnets in which to build database instances.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• db_name (str) – What to call the name of the database at the schema level.

• subnets (list[pulumi.Output]) – List of subnet Output objects defining the network space to build in.

• vpc_cidr (str) – An IP range to allow incoming traffic from, which is a subset of the IP range allowed by the VPC in which this cluster is built. If you do not specify sg_cidrs, but internal is True, then ingress traffic will be limited to being sourced in this CIDR.

• vpc_id (str) – The ID of the VPC to build in.

• allocated_storage (int, optional) – GB of storage to allot to each instance. AWS may impose different minimum values for this option depending on other storage options. Details are found in AWS RDS documentation. Defaults to 20.

• auto_minor_version_upgrade (bool, optional) – Allow RDS to upgrade the engine as long as it’s only a minor version change, and therefore backward compatible. Defaults to True.

• apply_immediately (bool, optional) – When True, changes to the DB config will be applied right away instead of during the next maintenance window. Depending on the change, this could cause downtime. Defaults to False.

• backup_retention_period (int, optional) – Number of days to keep old backups. Defaults to 7.

• blue_green_update (bool, optional) – When RDS applies updates, it will deploy a new cluster and fail over to it. AWS Reference Defaults to False.

• db_username (str, optional) – The username to use for the root-level administrative user in the database. Defaults to ‘root’.

• enabled_cluster_cloudwatch_logs_exports (list[str], optional) – Any combination of valid log types for a DB instance to export. These include: audit, error, general, slowquery, postgresql. Defaults to [].

• enabled_instance_cloudwatch_logs_exports (list[str], optional) – Any combination of valid log types for a DB cluster to export. For details, see the “EnableCloudwatchLogsExports” section of these docs. Defaults to [].

• engine (str, optional) – The core database engine to use, such as “postgres” or “mysql”. Defaults to ‘postgres’.

• engine_version (str, optional) – The version of the engine to use. This is a specific string that AWS recognizes. You can see a list of those strings by running this command: aws rds describe-db-engine-versions. Defaults to ‘15.7’

• instance_class (str, optional) – One of the database sizes listed in these docs. Defaults to ‘db.t3.micro’.

• internal (bool, optional) – When True, if no sg_cidrs are set, allows ingress only from what vpc_cidr is set to. If False and no sg_cidrs are set, allows ingress from anywhere. Defaults to True.

• max_allocated_storage (int, optional) – Gigabytes of storage which storage autoscaling will refuse to increase beyond. To disable autoscaling, set this to zero. Defaults to 0.

• num_instances (int, optional) – Number of database servers to build. This must be at least 1. This module interprets this number to mean that we should build a primary instance and (num_instances - 1) read replicas. All servers will be built from the same set of options described here. Defaults to 1.

• override_special (str, optional) – The root password is generated using “special characters”. Set this value to a string containing only those special characters that you want included in your otherwise random password. Defaults to ‘!#$%&*()-_=+[]{}<>:?’.

• parameters (list[dict], optional) – A list of dicts describing parameters to override from the defaults set by the parameter_group_family. These dicts should describe one of these. Defaults to None

• parameter_group_family (str, optional) – A special string known to AWS describing the base set of DB parameters to use. These parameters can be overridden with the parameters option. You can get a list of options by running: aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" Defaults to ‘postgres15’.

• performance_insights_enabled (bool, optional) – Record more detailed monitoring metrics to CloudWatch. Incurs additional costs. Defaults to False.

• port (int, optional) – Specify a non-default listening port. Defaults to None.

• secret_recovery_window_in_days (int, optional) – Number of days to retain the database_url secret after it has been deleted. Set this to zero in testing environments to avoid issues during stack rebuilds. Defaults to None (which causes AWS to default to 7 days).

• sg_cidrs (list[str], optional) – A list of CIDRs from which ingress should be allowed. If this is left to the default value, a sensible default will be selected. If internal is True, this will allow access from the vpc_cidr. Otherwise, traffic will be allowed from anywhere. Defaults to None.

• skip_final_snapshot (bool, optional) – Allow deletion of an RDS instance without performing a final backup. Defaults to False.

• storage_type (str, optional) – Type of storage to provision. Defaults to gp3 but could be set to other values such as io2. For details, see Amazon RDS DB instance storage Defaults to ‘gp3’.

• tags (dict, optional) – Key/value pairs to merge with the default tags which get applied to all resources in this group. Defaults to {}.

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• kwargs – Key/value pairs describing additional arguments to be passed into all RDS Instance declarations. Detail can be found here.

Raises:

ValueError – Raised if no port is supplied, and if a default cannot be found in the lookup table in the constants module.