Aurora Cluster (Serverless v2 ready)

aws-aurora

Aurora PostgreSQL/MySQL cluster with instances, parameter groups, Serverless v2 scaling, and enhanced monitoring — ready to run db.serverless out of the box or any provisioned instance class. Works with Terraform and OpenTofu (>= 1.6), AWS provider >= 6.0, < 7.0.

Secure defaults:

• Storage always encrypted (AWS-managed aws/rds key, or your CMK via kms_key_arn)
• Master password generated by RDS and stored in Secrets Manager — never in state
• Instances are never publicly accessible; dedicated subnet group on your private subnets
• Deletion protection on and final snapshot kept (both overridable for test stacks)
• 7-day automated backups, tags copied to snapshots, auto minor version upgrades
• Dedicated cluster and instance parameter groups — never the shared AWS defaults
• Enhanced monitoring: set monitoring_interval > 0 and the module creates the IAM role

Serverless v2 is the default posture: instance_class = "db.serverless" plus a serverlessv2_scaling ACU band (0.5–4 by default). Switch to a provisioned class (e.g. db.r6g.large) and set serverlessv2_scaling = null for a classic cluster. Instance 1 is the writer; additional instances are readers with ascending promotion tiers.

Requirements

• Terraform or OpenTofu >= 1.6
• hashicorp/aws >= 6.0, < 7.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).