Terraform for Azure Managed Database PostgreSQL Flexible Server

Creates a PostgreSQL instance using the Azure Database for PostgreSQL - Flexible Server.

Usage

Examples for this module along with various configurations can be found in the examples/ folder.

Requirements

Name	Version
terraform	~> 1.5.7
azurerm	~> 4.26
postgresql	~> 1.25.0

Providers

Name	Version
azurerm	4.40.0

Modules

Name	Source	Version
enc_key_vault	git::https://gitlab.k8s.cloud.statcan.ca/cloudnative/platform/terraform/terraform-azure-key-vault.git	v5.0.0

Resources

Name	Type
azurerm_key_vault_access_policy.cmk	resource
azurerm_key_vault_access_policy.runner_manage_keys	resource
azurerm_key_vault_key.cmk	resource
azurerm_monitor_diagnostic_setting.postgresql_server	resource
azurerm_postgresql_flexible_server.pgsql	resource
azurerm_postgresql_flexible_server_active_directory_administrator.pgsql	resource
azurerm_postgresql_flexible_server_configuration.pgsql	resource
azurerm_postgresql_flexible_server_database.pgsql	resource
azurerm_postgresql_flexible_server_firewall_rule.pgsql	resource
azurerm_storage_account.pgsql	resource
azurerm_storage_container.pgsql	resource
azurerm_user_assigned_identity.pgsql	resource
azurerm_client_config.current	data source
azurerm_key_vault.pointer	data source
azurerm_key_vault_secret.pointer_sqladmin_password	data source
azurerm_monitor_diagnostic_categories.postgresql_server	data source

Inputs

Name	Description	Type	Default	Required
active_directory_administrator	n/a	list(object({ object_id = optional(string) principal_name = optional(string) principal_type = optional(string, "Group") }))	[]	no
administrator_login	The Administrator Login for the PostgreSQL Flexible Server.	string	n/a	yes
administrator_password	The Password associated with the administrator_login for the PostgreSQL Flexible Server.	string	n/a	yes
databases	The name, collation, and charset of the PostgreSQL database(s). (defaults: charset='utf8', collation='en_US.utf8')	map(map(string))	n/a	yes
delegated_subnet_id	The subnet where you want the database created. The subnet must be delegated to Microsoft.DBforPostgreSQL/flexibleServers.	string	null	no
diagnostics	Diagnostic settings for those resources that support it.	object({ destination = string eventhub_name = string })	null	no
environment	The environment used for keyvault access.	string	n/a	yes
firewall_rules	Specifies the Start IP Address associated with this Firewall Rule.	list(string)	n/a	yes
geo_redundant_backup_enabled	Is Geo-Redundant backup enabled on the PostgreSQL Flexible Server.	bool	false	no
ip_rules	List of public IP or IP ranges in CIDR Format.	list(string)	n/a	yes
kv_pointer_enable	Flag kv_pointer_enable can either be true (state from key vault), or false (state from terraform).	bool	false	no
kv_pointer_name	The key vault name to be used when kv_pointer_enable is set to true.	string	null	no
kv_pointer_rg	The key vault resource group to be used when kv_pointer_enable is set to true.	string	null	no
kv_pointer_sqladmin_password	The sqladmin password to be looked up in key vault when kv_pointer_enable is set to true.	string	null	no
kv_private_endpoints	The information required to create a private endpoint for the Key Vault.	list(object({ sub_resource_name = optional(string, "vault") subnet_id = string private_dns_zone_id = string }))	[]	no
kv_public_network_access_enabled	(Required) Whether or not public network access is allowed.	bool	false	no
kv_subnet_ids	The subnets for the key vault.	list(string)	null	no
location	Specifies the supported Azure location where the resource exists.	string	"canadacentral"	no
name	The name of the PostgreSQL Flexible Server.	string	n/a	yes
pgsql_version	The version of the PostgreSQL Flexible Server.	string	"16"	no
postgresql_configurations	n/a	map(string)	{ "azure.extensions": "POSTGIS,PGCRYPTO", "checkpoint_warning": "0", "client_min_messages": "log", "connection_throttle.enable": "on", "debug_pretty_print": "on", "debug_print_parse": "off", "debug_print_plan": "off", "debug_print_rewritten": "off", "log_checkpoints": "on", "log_duration": "off", "log_error_verbosity": "verbose", "log_line_prefix": "%m [%p] %q[user=%u,db=%d,app=%a,client=%h] ", "log_lock_waits": "off", "log_min_duration_statement": "10", "log_min_error_statement": "error", "log_min_messages": "warning", "log_statement": "ddl", "maintenance_work_mem": "32000", "max_wal_size": "512", "min_wal_size": "512", "pg_qs.query_capture_mode": "top", "pg_qs.track_utility": "off", "pg_stat_statements.track_utility": "off", "pgaudit.log": "ddl", "pgms_wait_sampling.query_capture_mode": "all", "row_security": "on", "temp_buffers": "16384", "wal_buffers": "8192", "wal_writer_delay": "200", "wal_writer_flush_after": "128", "work_mem": "2048000" }	no
private_dns_zone_id	The ID of the private DNS zone to create the PostgreSQL Flexible Server. The private DNS zone must end with the suffix .postgres.database.azure.com.	string	null	no
project	Name of client project	string	n/a	yes
public_network_access_enabled	(Optional) Specifies whether this PostgreSQL Flexible Server is publicly accessible.	bool	false	no
resource_group_name	The name of the resource group in which to create the PostgreSQL Flexible Server.	string	n/a	yes
sa_create_log	Creates a storage account to be used for diagnostics logging of the PostgreSQL database created if the variable is set to true.	bool	false	no
sa_subnet_ids	The subnets for the storage account.	list(string)	null	no
sku_name	Specifies the SKU Name for this PostgreSQL Flexible Server.	string	"GP_Standard_D4ds_v4"	no
storage_account_name	Name of the storage account used for diagnostics (optional, if not provided the name is auto-generated).	string	null	no
storagesize_mb	Specifies the storage size in MB for the PostgreSQL Flexible Server.	number	262144	no
tags	A mapping of tags to assign to the resource.	map(string)	n/a	yes

Outputs

Name	Description
administrator_login	n/a
fqdn	n/a
id	n/a

History

Change Log