AWS Redshift Terraform module
Upstream version 7.1.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/redshift/aws81 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
allow_version_upgrade | bool | null | If `true`, major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is `true` |
apply_immediately | bool | null | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` |
authentication_profiles | map({...}) | {} | Map of authentication profiles to create |
automated_snapshot_retention_period | number | null | The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with create-cluster-snapshot. Default is 1 |
availability_zone | string | null | The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. Can only be changed if `availability_zone_relocation_enabled` is `true` |
availability_zone_relocation_enabled | bool | null | If `true`, the cluster can be relocated to another availability zone, either automatically by AWS or when requested. Default is `false`. Available for use on clusters from the RA3 instance family |
cloudwatch_log_group_kms_key_id | string | null | The ARN of the KMS Key to use when encrypting log data |
cloudwatch_log_group_retention_in_days | number | 0 | The number of days to retain CloudWatch logs for the redshift cluster |
cloudwatch_log_group_skip_destroy | bool | null | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state |
cloudwatch_log_group_tags | map(string) | {} | Additional tags to add to cloudwatch log groups created |
cluster_identifier | string | "" | The Cluster Identifier. Must be a lower case string |
cluster_timeouts | object({...}) | null | Create, update, and delete timeout configurations for the cluster |
cluster_version | string | null | The version of the Amazon Redshift engine software that you want to deploy on the cluster. The version selected runs on all the nodes in the cluster |
create | bool | true | Determines whether to create Redshift cluster and resources (affects all resources) |
create_cloudwatch_log_group | bool | false | Determines whether a CloudWatch log group is created for each `var.logging.log_exports` |
create_parameter_group | bool | true | Determines whether to create a parameter group or use existing |
create_scheduled_action_iam_role | bool | false | Determines whether a scheduled action IAM role is created |
create_security_group | bool | true | Determines whether to create security group for Redshift cluster |
create_subnet_group | bool | true | Determines whether to create a subnet group or use existing |
database_name | string | null | The name of the first database to be created when the cluster is created. If you do not provide a name, Amazon Redshift will create a default database called `dev` |
default_iam_role_arn | string | null | The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was created |
elastic_ip | string | null | The Elastic IP (EIP) address for the cluster |
encrypted | bool | null | If `true`, the data in the cluster is encrypted at rest |
endpoint_access | map({...}) | {} | Map of endpoint access (managed VPC endpoint) definitions to create |
enhanced_vpc_routing | bool | null | If `true`, enhanced VPC routing is enabled |
final_snapshot_identifier | string | null | The identifier of the final snapshot that is to be created immediately before deleting the cluster. If this parameter is provided, `skip_final_snapshot` must be `false` |
iam_role_arns | list(string) | [] | A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be associated to the cluster at any time |
iam_role_description | string | null | Description of the scheduled action IAM role |
iam_role_name | string | null | Name to use on scheduled action IAM role created |
iam_role_path | string | null | Scheduled action IAM role path |
iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the scheduled action IAM role |
iam_role_tags | map(string) | {} | A map of additional tags to add to the scheduled action IAM role created |
iam_role_use_name_prefix | string | true | Determines whether scheduled action the IAM role name (`iam_role_name`) is used as a prefix |
kms_key_arn | string | null | The ARN for the KMS encryption key. When specifying `kms_key_arn`, `encrypted` needs to be set to `true` |
logging | object({...}) | null | Logging configuration for the cluster |
maintenance_track_name | string | null | The name of the maintenance track for the restored cluster. When you take a snapshot, the snapshot inherits the MaintenanceTrack value from the cluster. The snapshot might be on a different track than the cluster that was the source for the snapshot. Default value is `current` |
manage_master_password | bool | true | Whether to use AWS SecretsManager to manage the cluster admin credentials. Conflicts with `master_password_wo`. One of `master_password_wo` or `manage_master_password` is required unless `snapshot_identifier` is provided |
manage_master_password_rotation | bool | false | Whether to manage the master user password rotation. Setting this value to false after previously having been set to true will disable automatic rotation |
manual_snapshot_retention_period | number | null | The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. Valid values are between `-1` and `3653`. Default value is `-1` |
master_password_rotate_immediately | bool | null | Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window |
master_password_rotation_automatically_after_days | number | null | Specifies the number of days between automatic scheduled rotations of the secret. Either `master_user_password_rotation_automatically_after_days` or `master_user_password_rotation_schedule_expression` must be specified |
master_password_rotation_duration | string | null | The length of the rotation window in hours. For example, 3h for a three hour window |
master_password_rotation_schedule_expression | string | null | A cron() or rate() expression that defines the schedule for rotating your secret. Either `master_user_password_rotation_automatically_after_days` or `master_user_password_rotation_schedule_expression` must be specified |
master_password_secret_kms_key_id | string | null | ID of the KMS key used to encrypt the cluster admin credentials secret |
master_password_wo | string | null | Password for the master DB user. Must contain at least 8 chars, one uppercase letter, one lowercase letter, and one number |
master_password_wo_version | string | null | Used together with `master_password_wo` to trigger an update. Increment this value when an update to the `master_password_wo` is required |
master_username | string | "awsuser" | Username for the master DB user. Defaults to `awsuser` |
multi_az | bool | null | Specifies if the Redshift cluster is multi-AZ |
node_type | string | "" | The node type to be provisioned for the cluster |
number_of_nodes | number | 1 | Number of nodes in the cluster. Defaults to 1. Note: values greater than 1 will trigger `cluster_type` to switch to `multi-node` |
owner_account | string | null | The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot |
parameter_group_description | string | null | The description of the Redshift parameter group. Defaults to `Managed by Terraform` |
parameter_group_family | string | "redshift-2.0" | The family of the Redshift parameter group |
parameter_group_name | string | null | The name of the Redshift parameter group, existing or to be created |
parameter_group_parameters | list({...}) | null | A list of Redshift parameters to apply |
parameter_group_tags | map(string) | {} | Additional tags to add to the parameter group |
port | number | 5439 | The port number on which the cluster accepts incoming connections. Default port is `5439` |
preferred_maintenance_window | string | "sat:10:00-sat:10:30" | The weekly time range (in UTC) during which automated cluster maintenance can occur. Format: `ddd:hh24:mi-ddd:hh24:mi` |
publicly_accessible | bool | null | If true, the cluster can be accessed from a public network |
region | string | null | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration |
scheduled_actions | map({...}) | {} | Map of scheduled action definitions to create |
security_group_description | string | null | The description of the security group. If value is set to empty string it will contain cluster name in the description |
security_group_egress_rules | map({...}) | {} | Map of security group egress rules to add to the security group created |
security_group_ingress_rules | map({...}) | {} | Map of security group ingress rules to add to the security group created |
security_group_name | string | "" | The security group name |
security_group_tags | map(string) | {} | Additional tags for the security group |
security_group_use_name_prefix | bool | true | Determines whether the security group name (`security_group_name`) is used as a prefix |
skip_final_snapshot | bool | true | Determines whether a final snapshot of the cluster is created before Redshift deletes the cluster. If true, a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted |
snapshot_arn | string | null | The ARN of the snapshot from which to create the new cluster. Conflicts with `snapshot_identifier` |
snapshot_cluster_identifier | string | null | The name of the cluster the source snapshot was created from |
snapshot_copy | object({...}) | null | Configuration of automatic copy of snapshots from one region to another |
snapshot_identifier | string | null | The name of the snapshot from which to create the new cluster. Conflicts with `snapshot_arn` |
snapshot_schedule | object({...}) | null | Configuration for creating a snapshot schedule and associating it with the cluster |
subnet_group_description | string | null | The description of the Redshift Subnet group. Defaults to `Managed by Terraform` |
subnet_group_name | string | null | The name of the Redshift subnet group, existing or to be created |
subnet_group_tags | map(string) | {} | Additional tags to add to the subnet group |
subnet_ids | list(string) | [] | An array of VPC subnet IDs to use in the subnet group |
tags | map(string) | {} | A map of tags to add to all resources |
usage_limits | map({...}) | {} | Map of usage limit definitions to create |
vpc_id | string | "" | ID of the VPC where to create security group |
vpc_security_group_ids | list(string) | [] | A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster |