<- All Blueprints
Customizable templates for deploying cloud infrastructure

AWS DB Instance

This blueprint creates an AWS RDS DB instance following best practices such as enabling encryption at rest for data security, setting Multi-AZ deployment by default for high availability, and disabling public access to enhance security. It organizes variables into intuitive groups to assist users—especially those not well-versed in cloud infrastructure—in configuring essential and advanced settings easily. The blueprint also encourages tagging for better resource identification and management.

Define and customize Blueprints to set what infrastructure configuration options are available to developers.

---
constants:
  __name: "{{ name }}_{{ __guid }}"
variables:
  name:
    desc: "Name of the DB instance."
    required: true
    group: DB Instance Details
  engine:
    desc: "The database engine to use."
    required: true
    group: DB Instance Details
    default: "mysql"
  engine_version:
    desc: "The version number of the database engine."
    required: false
    group: DB Instance Details
    default: "8.0"
  instance_class:
    desc: "The instance type of the RDS instance."
    required: true
    group: DB Instance Details
    default: "db.t3.medium"
  allocated_storage:
    desc: "Initial storage allocation (in GB)."
    required: true
    group: Storage
    default: 20
  max_allocated_storage:
    desc: "Maximum storage threshold (in GB) for autoscaling."
    required: false
    group: Storage
    default: 100
  storage_type:
    desc: "Storage type for the DB instance."
    required: false
    group: Storage
    default: "gp2"
  storage_encrypted:
    desc: "Enable storage encryption."
    required: false
    group: Security
    default: true
  kms_key_id:
    desc: "KMS key ARN for encryption."
    required: false
    group: Security
    links_to: resource.aws_kms_key.arn
  username:
    desc: "Master username for the database."
    required: true
    group: Credentials
  password:
    desc: "Master password for the database."
    required: true
    group: Credentials
  multi_az:
    desc: "Enable Multi-AZ deployment."
    required: false
    group: High Availability
    default: true
  backup_retention_period:
    desc: "Number of days to retain backups."
    required: false
    group: Backup
    default: 7
  db_subnet_group_name:
    desc: "DB subnet group name."
    required: true
    group: Network
    links_to: resource.aws_db_subnet_group.name
  publicly_accessible:
    desc: "Make the DB instance publicly accessible."
    required: false
    group: Network
    default: false
  vpc_security_group_ids:
    group: VPC Security Groups
    required: false
    links_to: resource.aws_security_group.id
  tags:
    group: Tags
    required: false
groups:
  DB Instance Details:
    order: 1
    desc: "Basic settings for the DB instance."
  Storage:
    order: 2
    desc: "Storage configuration."
  Security:
    order: 3
    desc: "Security settings."
  Credentials:
    order: 4
    desc: "Master credentials."
  High Availability:
    order: 5
    desc: "High availability options."
  Backup:
    order: 6
    desc: "Backup configuration."
  Network:
    order: 7
    desc: "Network settings."
  VPC Security Groups:
    order: 8
    desc: "Security groups for the DB instance."
  Tags:
    order: 9
    desc: "Tags to assign to the DB instance."
---

resource "aws_db_instance" "__name" {
  identifier              = {{ name }}
  engine                  = {{ engine }}
  engine_version          = {{ engine_version }}
  instance_class          = {{ instance_class }}
  allocated_storage       = {{ allocated_storage }}
  max_allocated_storage   = {{ max_allocated_storage }}
  storage_type            = {{ storage_type }}
  storage_encrypted       = {{ storage_encrypted }}
  kms_key_id              = {{ kms_key_id | required: false }}
  username                = {{ username }}
  password                = {{ password }}
  multi_az                = {{ multi_az }}
  backup_retention_period = {{ backup_retention_period }}
  db_subnet_group_name    = {{ db_subnet_group_name }}
  publicly_accessible     = {{ publicly_accessible }}

  vpc_security_group_ids = [
    {{# vpc_security_group_ids }}
      {{ vpc_security_group_ids }},
    {{/ vpc_security_group_ids }}
  ]

  tags = {
    Name = {{ name }}
    {{# tags }}
      {{ tags.key | required: false }} = {{ tags.value | required: false }}
    {{/ tags }}
  }
}

// Enforces encryption at rest for data security.
// Multi-AZ deployment is enabled by default for high availability.
// Public access is disabled by default to enhance security.
// Encourages the use of tags for resource identification and management.
//
A form is created automatically that accepts inputs that you defined in the Blueprint.
After filling out the Blueprint form, Terraform is generated and a PR is automatically submitted.
What am I looking at?

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!