Database Maintenance Invoker
The database_maintenance_invoker module is responsible for invoking the functions defined in the database_maintenance_lambda module.
These functions are used to manage and maintain the database, and they should always be used in context.
Overview
The invoker module provides a way to call the various database maintenance functions implemented in the lambda module. This includes tasks such as creating users, granting privileges, creating extensions, and granting read-only access to schemas.
Example
Here is an example of how the module can be used in terraform
module "create_database" {
source = "s3::https://apro-terraform-modules.s3.eu-west-1.amazonaws.com/main/database_maintenance_invoker.zip"
database_maintenance_function_name = "postgres-database-maintenance"
database_name = "demo-service"
database_user = "demo-service"
password_parameter_prefix = "/ecs/demo-service"
secret_storage_type = "parameter_store" # Optional: defaults to "parameter_store", can be "secrets_manager"
create_read_only_users = true
read_only_database_users = ["demo-service-ro", "demo-service-ro2"]
create_extensions = true
extensions = ["postgis"]
}
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_database | Whether to create a database or not | bool |
true |
no |
| create_database_user | Whether to create a user for the database or not | bool |
true |
no |
| create_extensions | Whether to create extensions for the database or not | bool |
false |
no |
| create_read_only_users | Whether to create read-only users for the database or not | bool |
false |
no |
| database_locale | The locale of the database to create | string |
null |
no |
| database_maintainer_function_name | The name of the function to invoke to create the database | string |
n/a | yes |
| database_name | The name of the database to create | string |
null |
no |
| database_user | The user to create for the database | string |
null |
no |
| database_user_is_owner | Whether the user should be the owner of the database or not | bool |
false |
no |
| extensions | The list of extensions to create for the database | list(string) |
[] |
no |
| password_parameter_prefix | The prefix for the parameter store parameter containing the password for the database user | string |
null |
no |
| read_only_database_users | The list of read-only users to create for the database | list(string) |
[] |
no |
| schema_access_for_read_only_user | Whether to grant access to the schema for the read-only users or not | list(object({ |
[] |
no |
| secret_storage_type | The type of secret storage to use for database passwords. Options: 'parameter_store' (default) or 'secrets_manager' | string |
"parameter_store" |
no |
Outputs
| Name | Description |
|---|---|
| create_database_result | The result of the create database lambda invocation |
| create_database_user_result | The result of the create database user lambda invocation |
| create_extensions_result | The result of the create extensions lambda invocation |
| create_read_only_users_results | The results of the create read-only users lambda invocations |
| create_schema_access_results | The results of the create schema access lambda invocations |
| database_name | The name of the database that was created or used |
| database_user_name | The name of the database user that was created |
| database_user_password_parameter_name | The SSM Parameter Store or Secrets Manager parameter name containing the database user password |
| read_only_user_names | List of read-only database user names that were created |
| read_only_users_password_parameter_names | Map of read-only usernames to their SSM Parameter Store or Secrets Manager parameter names |