Top / Amazon Web Service / AWS Amazon RDS / Option Group

AWS Amazon RDS Option Group

This page shows how to write Terraform and CloudFormation for Amazon RDS Option Group and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_db_option_group (Terraform)

The Option Group in Amazon RDS can be configured in Terraform with the resource name aws_db_option_group. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

13.2.tf#L2
resource "aws_db_option_group" "example" {
  name                 = "example"
  engine_name          = "mysql"
  major_engine_version = "5.7"
  #追加対象を追加
  option {
s3_bucker.tf#L22
resource "aws_db_option_group" "rdsoptiongrp" {
  name                     = "option-group-rdsmssql"
  option_group_description = "rds Option Group"
  engine_name              = "sqlserver-ex"
  major_engine_version     = "14.00"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an RDS DB option group resource. Documentation of the available options for various RDS engines can be found at:

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon RDS Resources

In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_db_instance

Ensure backup retension of your RDS instance is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster

Ensure backup retension of your RDS cluster is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster_instance

Ensure your RDS cluster instance blocks unwanted access

It's better to limit accessibily to the minimum that is required for the application to work.

Review your AWS Amazon RDS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::RDS::OptionGroup (CloudFormation)

The OptionGroup in RDS can be configured in CloudFormation with the resource name AWS::RDS::OptionGroup. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

3_AWS_OptionGroup_Creation.yml#L7
    Type: 'AWS::RDS::OptionGroup'
    Properties:
      EngineName: oracle-ee
      MajorEngineVersion: '12.2'
      Tags:
        - Key: wokload-type
invalid.yml#L4
    Type: "AWS::RDS::OptionGroup"
    Properties:
      EngineName: "oracle-se2"
      MajorEngineVersion: "12.1"
      OptionGroupDescription: "SSL and Timezone options"
      OptionConfigurations:
invalid.yml#L4
    Type: "AWS::RDS::OptionGroup"
    Properties:
      EngineName: "oracle-se2"
      MajorEngineVersion: "12.1"
      OptionGroupDescription: "SSL and Timezone options"
      OptionConfigurations:
invalid.yml#L4
    Type: "AWS::RDS::OptionGroup"
    Properties:
      EngineName: "oracle-se2"
      MajorEngineVersion: "12.1"
      OptionGroupDescription: "SSL and Timezone options"
      OptionConfigurations:
test.yml#L15
    Type: AWS::RDS::OptionGroup
    Properties:
      EngineName: test-engine
      MajorEngineVersion: '11.2'
      OptionConfigurations:
      - OptionName: test
simple-rds-restore-arn.json#L86
      "Type": "AWS::RDS::OptionGroup",
      "DependsOn" : "SQLMigrationRole",
      "Properties": {
        "EngineName": "sqlserver-se",
        "MajorEngineVersion": "11.00",
        "OptionGroupDescription": "Option group for SQL Restore from S3",
RDSOptionGroup.json#L5
        "Type": "AWS::RDS::OptionGroup",
        "Properties": {
            "EngineName": "oracle-ee",
            "MajorEngineVersion": "12.1",
            "OptionGroupDescription": "A test option group",
            "OptionConfigurations":[
prodenv-mysql.json#L43
            "Type": "AWS::RDS::OptionGroup",
            "Properties": {
                "EngineName": "mysql",
                "MajorEngineVersion": "5.6",
                "OptionGroupDescription": "RDS Option Group For Backend MySql Servers",
                "OptionConfigurations": [{
rdsoptiongroup.json#L4
  "Type" : "AWS::RDS::OptionGroup",
  "Properties" : {
    "EngineName": "{{settings["engine"]}}",
    "MajorEngineVersion": "{{settings["engineversion"]}}",
    "OptionGroupDescription": "{{settings["description"]}}",
    "OptionConfigurations": [
RDS.json#L382
  "resourceType" : "AWS::RDS::OptionGroup",
  "properties" : [ {
    "propertyName" : "EngineName",
    "propertyType" : "String",
    "required" : true
  }, {

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::RDS::OptionGroup resource creates or updates an option group, to enable and configure features that are specific to a particular DB engine.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon RDS Resources

Frequently asked questions

What is AWS Amazon RDS Option Group?

AWS Amazon RDS Option Group is a resource for Amazon RDS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon RDS Option Group?

For Terraform, the manbow1206/Big_terraform_file and ramesh8800/terraform_scripts_real source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the aelbadri21/cloudformation-migration-public, teamci/builder and teamci/builder source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents