IaC Bazaar
ScalewayStatic-verified

Scaleway Managed Database

RDB PostgreSQL/MySQL with HA, private-network endpoint, users, and ACLs.

terraformAlt & Specialty Clouds#scaleway

Compare Managed Relational Database across clouds →

scaleway-rdb-instanceterraform v1.7

Verification

Static-verified

Passed: validated and lint-clean (provider-schema-validated for AWS/Azure/GCP; Terraform-language lint elsewhere).

Conformance

  • Static validation (fmt · validate · tflint)
  • No applicable security policies for this provider
  • Plan tests (mocked: validation rules · outputs)

Provenance

  • SHA-256 checksum
  • Signature (pending)

Functional

  • Live test pending (no cloud run yet)

Last verified 2026-06-28 · how we verify

Documentation

scaleway-rdb-instance

A Scaleway Managed Database (RDB) instance with an admin user, additional least-privilege users, per-user database privileges, and a default-deny public ACL. Supports PostgreSQL and MySQL engines.

Status: static-validated, live-test pending. Validated with tofu validate + tflint + checkov against the scaleway/scaleway provider. Not yet applied against a live Scaleway project, so it ships under live-test quarantine.

Design & secure defaults

  • Public endpoint closed by default. No ACL rule is created until you list source CIDRs in acl_rules; attach a private_network_id to reach the instance privately and leave the public ACL empty.
  • HA by default (is_ha_cluster = true) on block storage — a precondition rejects the invalid HA + local-lssd combination.
  • Backups on with configurable frequency/retention; the managed endpoint enforces TLS (exported as certificate).
  • Least privilege: create app users via users and scope them to databases via privileges (readonly / readwrite / all / custom / none).

Usage

module "db" {
  source = "github.com/ITfreak/iacbazaar//artifacts/terraform/scaleway-rdb-instance"

  name           = "prod"
  engine         = "PostgreSQL-15"
  admin_password = var.db_admin_password
  acl_rules      = [{ ip = "203.0.113.0/24", description = "office" }]
}

See examples/basic for users + privileges wiring.

Key inputs

VariableDescriptionDefault
nameInstance namerequired
enginePostgreSQL-15, MySQL-8, …PostgreSQL-15
node_typeRDB node typeDB-DEV-S
is_ha_clusterHA standby replicatrue
volume_type / volume_size_in_gbStorage class / sizesbs_5k / 10
admin_user_name / admin_passwordInitial admin useradmin / required
acl_rulesPublic-endpoint allow-list[] (closed)
private_network_idAttach to a private networknull
usersAdditional users map{}
privilegesPer-user DB grants{}
backups_enabledAutomated backupstrue
region / project_idPlacementfr-par / provider default

Outputs

instance_id, endpoint_ip, endpoint_port, certificate, admin_user_name, user_names.

Provider

scaleway/scaleway >= 2.0, < 3.0. Requires Terraform/OpenTofu >= 1.6.

License

Commercial — LicenseRef-IaCBazaar-Commercial. See the IaC Bazaar terms.