AWS Amazon RDS Cluster Role Association
This page shows how to write Terraform and CloudFormation for Amazon RDS Cluster Role Association and write them securely.
aws_rds_cluster_role_association (Terraform)
The Cluster Role Association in Amazon RDS can be configured in Terraform with the resource name aws_rds_cluster_role_association
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
db_cluster_identifier
- (Required) DB Cluster Identifier to associate with the IAM Role.feature_name
- (Required) Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in theSupportedFeatureNames
list returned by AWS CLI rds describe-db-engine-versions.role_arn
- (Required) Amazon Resource Name (ARN) of the IAM Role to associate with the DB Cluster.
In addition to all arguments above, the following attributes are exported:
id
- DB Cluster Identifier and IAM Role ARN separated by a comma (,
)
Explanation in Terraform Registry
Manages a RDS DB Cluster association with an IAM Role. Example use cases:
Tips: Best Practices for The Other AWS Amazon RDS Resources
In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_db_instance
Ensure backup retension of your RDS instance is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster
Ensure backup retension of your RDS cluster is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster_instance
Ensure your RDS cluster instance blocks unwanted access
It's better to limit accessibily to the minimum that is required for the application to work.
AWS::RDS::DBCluster DBClusterRole (CloudFormation)
The DBCluster DBClusterRole in RDS can be configured in CloudFormation with the resource name AWS::RDS::DBCluster DBClusterRole
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
FeatureName
The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf. For the list of supported feature names, see the SupportedFeatureNames
description in DBEngineVersion in the Amazon RDS API Reference.
Required: No
Type: String
Update requires: No interruption
RoleArn
The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster.
Required: Yes
Type: String
Update requires: No interruption
Explanation in CloudFormation Registry
Describes an AWS Identity and Access Management (IAM) role that is associated with a DB cluster.