Autonomous Database (Serverless)

oci-autonomous-database

ATP/ADW/JSON/APEX autonomous database with private endpoint, mTLS wallet output, ACLs, auto-scaling and backup config. Works with Terraform and OpenTofu (>= 1.6), OCI provider >= 8.0, < 9.0.

Secure defaults:

• Mutual TLS required for every connection
• No network path is opened implicitly — you either give a private-endpoint subnet or an explicit IP/VCN whitelist
• ECPU compute model with compute auto-scaling on, 60-day automatic backups
• Optional customer-managed encryption key (OCI Vault) and long-term backup
• is_free_tier = true flips to an Always Free database for $0 environments

Usage

module "atp" {
  source = "./oci-autonomous-database"

  compartment_id = "ocid1.compartment.oc1..xxxx"
  db_name        = "appdb"
  workload       = "OLTP"
  admin_password = var.adb_admin_password # inject, never hardcode

  # Private endpoint in your VCN:
  subnet_id              = module.vcn.subnet_ids["db"]
  nsg_ids                = [module.vcn.network_security_group_ids["db"]]
  private_endpoint_label = "appdb"

  ecpu_count      = 2
  storage_size_gb = 100

  generate_wallet = true
  wallet_password = var.adb_wallet_password
}

Inputs

Name	Type	Default	Description
compartment_id	string	—	Compartment OCID (required)
db_name	string	—	1-14 alphanumeric, starts with a letter (required)
display_name	string	null	Console name; defaults to db_name
workload	string	OLTP	OLTP, DW, AJD or APEX
db_version	string	23ai	Oracle Database version
admin_password	string (sensitive)	—	ADMIN password, 12-30 chars (required)
is_free_tier	bool	false	Always Free database (fixed shape, 20 GB)
ecpu_count	number	2	Provisioned ECPUs (paid tier)
storage_size_gb	number	50	Data storage GB (paid tier)
compute_auto_scaling_enabled	bool	true	Auto-scale compute up to 3x
storage_auto_scaling_enabled	bool	false	Auto-expand storage
license_model	string	LICENSE_INCLUDED	Or BRING_YOUR_OWN_LICENSE
mtls_required	bool	true	Require mutual TLS
subnet_id	string	null	Private-endpoint subnet
nsg_ids	list(string)	[]	NSGs on the private endpoint
private_endpoint_label	string	null	Private endpoint DNS label
whitelisted_ips	list(string)	[]	IP/CIDR/VCN-OCID ACL (no private endpoint)
kms_key_id / vault_id	string	null	Customer-managed encryption key
backup_retention_days	number	60	Automatic backup window (1-60)
long_term_backup_enabled	bool	false	One-off long-term backup
long_term_backup_retention_days	number	90	90-3650 days
generate_wallet	bool	false	Emit a wallet as a sensitive output
wallet_password	string (sensitive)	null	Required with generate_wallet
character_set / ncharacter_set	string	AL32UTF8 / AL16UTF16	Character sets
freeform_tags	map(string)	{}	Freeform tags

Outputs

autonomous_database_id, connection_strings, connection_urls, private_endpoint, private_endpoint_ip, wallet_base64 (sensitive), long_term_backup_id.

Notes

• The generated wallet (and admin_password/wallet_password) are stored in Terraform state — encrypt and access-control your state backend.
• Free tier: auto-scaling, ECPU count, storage size and license model are forced off/ignored by this module so OCI does not reject the request; you get 2 Always Free databases per tenancy.
• whitelisted_ips and a private endpoint are mutually exclusive — when subnet_id is set the ACL list is ignored by design.
• AJD/APEX workloads only allow LICENSE_INCLUDED.

Requirements

• Terraform or OpenTofu >= 1.6
• Provider oracle/oci >= 8.0, < 9.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).