<- All Blueprints
Create a template that deploys...
AWS DB Instance
This blueprint creates an AWS RDS DB instance following best practices such as enabling encryption at rest for data security, setting Multi-AZ deployment by default for high availability, and disabling public access to enhance security. It organizes variables into intuitive groups to assist users—especially those not well-versed in cloud infrastructure—in configuring essential and advanced settings easily. The blueprint also encourages tagging for better resource identification and management.
Template code
Automatically generated UI
---
constants:
__name: "{{ name }}_{{ __guid }}"
variables:
name:
desc: "Name of the DB instance."
required: true
group: DB Instance Details
engine:
desc: "The database engine to use."
required: true
group: DB Instance Details
default: "mysql"
engine_version:
desc: "The version number of the database engine."
required: false
group: DB Instance Details
default: "8.0"
instance_class:
desc: "The instance type of the RDS instance."
required: true
group: DB Instance Details
default: "db.t3.medium"
allocated_storage:
desc: "Initial storage allocation (in GB)."
required: true
group: Storage
default: 20
max_allocated_storage:
desc: "Maximum storage threshold (in GB) for autoscaling."
required: false
group: Storage
default: 100
storage_type:
desc: "Storage type for the DB instance."
required: false
group: Storage
default: "gp2"
storage_encrypted:
desc: "Enable storage encryption."
required: false
group: Security
default: true
kms_key_id:
desc: "KMS key ARN for encryption."
required: false
group: Security
links_to: resource.aws_kms_key.arn
username:
desc: "Master username for the database."
required: true
group: Credentials
password:
desc: "Master password for the database."
required: true
group: Credentials
multi_az:
desc: "Enable Multi-AZ deployment."
required: false
group: High Availability
default: true
backup_retention_period:
desc: "Number of days to retain backups."
required: false
group: Backup
default: 7
db_subnet_group_name:
desc: "DB subnet group name."
required: true
group: Network
links_to: resource.aws_db_subnet_group.name
publicly_accessible:
desc: "Make the DB instance publicly accessible."
required: false
group: Network
default: false
vpc_security_group_ids:
group: VPC Security Groups
required: false
links_to: resource.aws_security_group.id
tags:
group: Tags
required: false
groups:
DB Instance Details:
order: 1
desc: "Basic settings for the DB instance."
Storage:
order: 2
desc: "Storage configuration."
Security:
order: 3
desc: "Security settings."
Credentials:
order: 4
desc: "Master credentials."
High Availability:
order: 5
desc: "High availability options."
Backup:
order: 6
desc: "Backup configuration."
Network:
order: 7
desc: "Network settings."
VPC Security Groups:
order: 8
desc: "Security groups for the DB instance."
Tags:
order: 9
desc: "Tags to assign to the DB instance."
---
resource "aws_db_instance" "__name" {
identifier = {{ name }}
engine = {{ engine }}
engine_version = {{ engine_version }}
instance_class = {{ instance_class }}
allocated_storage = {{ allocated_storage }}
max_allocated_storage = {{ max_allocated_storage }}
storage_type = {{ storage_type }}
storage_encrypted = {{ storage_encrypted }}
kms_key_id = {{ kms_key_id | required: false }}
username = {{ username }}
password = {{ password }}
multi_az = {{ multi_az }}
backup_retention_period = {{ backup_retention_period }}
db_subnet_group_name = {{ db_subnet_group_name }}
publicly_accessible = {{ publicly_accessible }}
vpc_security_group_ids = [
{{# vpc_security_group_ids }}
{{ vpc_security_group_ids }},
{{/ vpc_security_group_ids }}
]
tags = {
Name = {{ name }}
{{# tags }}
{{ tags.key | required: false }} = {{ tags.value | required: false }}
{{/ tags }}
}
}
// Enforces encryption at rest for data security.
// Multi-AZ deployment is enabled by default for high availability.
// Public access is disabled by default to enhance security.
// Encourages the use of tags for resource identification and management.
//
What am I looking at?