Provides an RDS Cluster Resource. A Cluster Resource defines attributes that are applied to the entire cluster of RDS Cluster Instances. Use the RDS Cluster resource and RDS Cluster Instances to create and use Amazon Aurora, a MySQL-compatible database engine.

For more information on Amazon Aurora, see Aurora on Amazon RDS in the Amazon RDS User Guide.

For information on the difference between the available Aurora MySQL engines see Comparison between Aurora MySQL 1 and Aurora MySQL 2 in the Amazon RDS User Guide.

Changes to a RDS Cluster can occur when you manually change a parameter, such as port, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the apply_immediately flag to instruct the service to apply the change immediately (see documentation below).

Example Usage

Aurora MySQL 2.x (MySQL 5.7)

resource "aws_rds_cluster" "default" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-mysql"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"

Aurora MySQL 1.x (MySQL 5.6)

resource "aws_rds_cluster" "default" {
  cluster_identifier      = "aurora-cluster-demo"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"

Aurora with PostgreSQL engine

resource "aws_rds_cluster" "postgresql" {
  cluster_identifier      = "aurora-cluster-demo"
  engine                  = "aurora-postgresql"
  availability_zones      = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name           = "mydb"
  master_username         = "foo"
  master_password         = "bar"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"

Argument Reference

For more detailed documentation about each argument, refer to the AWS official documentation.

The following arguments are supported:

  • cluster_identifier - (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier.
  • cluster_identifier_prefix - (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifer.
  • database_name - (Optional) Name for an automatically created database on cluster creation. There are different naming restrictions per database engine: RDS Naming Constraints
  • master_password - (Required unless a snapshot_identifier is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the RDS Naming Constraints
  • master_username - (Required unless a snapshot_identifier is provided) Username for the master DB user. Please refer to the RDS Naming Constraints
  • final_snapshot_identifier - (Optional) The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.
  • skip_final_snapshot - (Optional) Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier. Default is false.
  • availability_zones - (Optional) A list of EC2 Availability Zones that instances in the DB cluster can be created in
  • backtrack_window - (Optional) The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Defaults to 0. Must be between 0 and 259200 (72 hours)
  • backup_retention_period - (Optional) The days to retain backups for. Default 1
  • preferred_backup_window - (Optional) The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00
  • preferred_maintenance_window - (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30
  • port - (Optional) The port on which the DB accepts connections
  • vpc_security_group_ids - (Optional) List of VPC security groups to associate with the Cluster
  • snapshot_identifier - (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.
  • storage_encrypted - (Optional) Specifies whether the DB cluster is encrypted. The default is false if not specified.
  • replication_source_identifier - (Optional) ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica.
  • apply_immediately - (Optional) Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false. See Amazon RDS Documentation for more information.
  • db_subnet_group_name - (Optional) A DB subnet group to associate with this DB instance. NOTE: This must match the db_subnet_group_name specified on every aws_rds_cluster_instance in the cluster.
  • db_cluster_parameter_group_name - (Optional) A cluster parameter group to associate with the cluster.
  • kms_key_id - (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true.
  • iam_roles - (Optional) A List of ARNs for the IAM roles to associate to the RDS Cluster.
  • iam_database_authentication_enabled - (Optional) Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.
  • engine - (Optional) The name of the database engine to be used for this DB cluster. Defaults to aurora. Valid Values: aurora, aurora-mysql, aurora-postgresql
  • engine_version - (Optional) The database engine version.
  • source_region - (Optional) The source region for an encrypted replica DB cluster.
  • enabled_cloudwatch_logs_exports - (Optional) List of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery.
  • tags - (Optional) A mapping of tags to assign to the DB cluster.

S3 Import Options

Full details on the core parameters and impacts are in the API Docs: RestoreDBClusterFromS3. Requires that the S3 bucket be in the same region as the RDS cluster you're trying to create. Sample:

resource "aws_rds_cluster" "db" {
  engine = "aurora"

  s3_import {
    source_engine = "mysql"
    source_engine_version = "5.6"
    bucket_name = "mybucket"
    bucket_prefix = "backups"
    ingestion_role = "arn:aws:iam::1234567890:role/role-xtrabackup-rds-restore"

This will not recreate the resource if the S3 object changes in some way. It's only used to initialize the database. This only works currently with the aurora engine. See AWS for currently supported engines and options. See Aurora S3 Migration Docs.

Attributes Reference

In addition to all arguments above, the following attributes are exported:


aws_rds_cluster provides the following Timeouts configuration options:

  • create - (Default 120 minutes) Used for Cluster creation
  • update - (Default 120 minutes) Used for Cluster modifications
  • delete - (Default 120 minutes) Used for destroying cluster. This includes any cleanup task during the destroying process.


RDS Clusters can be imported using the cluster_identifier, e.g.

$ terraform import aws_rds_cluster.aurora_cluster aurora-prod-cluster

© 2018 HashiCorpLicensed under the MPL 2.0 License.