Azure Flexible Server for MySQL and PostgreSQL

Terraform module to create and manage the Azure Flexible Server for database with one of supported engines:

MySQL
PostgreSQL

This module is meant to be used with an already created Resource Group.

$600

BUY

179

License

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com

Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_azure_database_flexible_server" {
  source  = "solutions.corewide.com/azure/tf-azure-database-flexible-server/azurerm"
  version = "~> 3.2.0"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init

Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 3.2 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "3.2.0"

v3.2.0 released 1 week, 3 days ago

New version approx. every 5 weeks

Upgrade Notes

Changelog

From `v1.x` to `v2.x`

Module from v2.0 has changed Azure provider version which isn't compatible with an old version. After the module version is upgraded, re-init module to upgrade Azure provider version.
Upgrade Azure provider version on project level to ~> 4.0:

 hclterraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

Upgrade project dependencies:

 bashterraform init --upgrade

From `v2.x` to `v3.x`

Module from v3.0 has changed private DNS zone managing. After the module version is upgraded, private_dns_zone_id value should be set as private_dns_zone.id parameter if used. New required vnet_id variable added, check variables inputs for references.

Create MySQL Flexible Server with required parameters only:

 hclresource "azurerm_resource_group" "foo" {
  name     = "foo"
  location = "eastus"
}

module "mysql_flexible_server" {
  source  = "solutions.corewide.com/azure/tf-azure-database-flexible-server/azurerm"
  version = "~> 3.2"

  name            = "bar"
  resource_group  = azurerm_resource_group.foo
  database_engine = "mysql"
}

Create PostgreSQL Flexible Server with app database, custom parameters and pointed to custom subnet:

 hclresource "azurerm_resource_group" "foo" {
  name     = "foo"
  location = "eastus"
}

resource "azurerm_virtual_network" "bar" {
  name                = "bar-vn"
  location            = azurerm_resource_group.foo.location
  resource_group_name = azurerm_resource_group.foo.name
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "baz" {
  name                 = "baz-sn"
  resource_group_name  = azurerm_resource_group.foo.name
  virtual_network_name = azurerm_virtual_network.bar.name
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]

  delegation {
    name = "fs"

    service_delegation {
      name    = "Microsoft.DBforPostgreSQL/flexibleServers"
      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
    }
  }
}

resource "azurerm_private_dns_zone" "biz" {
  name                = "biz.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.foo.name
}

resource "azurerm_private_dns_zone_virtual_network_link" "foo" {
  name                  = "foo-postgresql"
  private_dns_zone_name = azurerm_private_dns_zone.biz.name
  virtual_network_id    = azurerm_virtual_network.bar.id
  resource_group_name   = azurerm_resource_group.foo.name
  depends_on            = [azurerm_subnet.baz]
}

module "postgresql_flexible_server" {
  source  = "solutions.corewide.com/azure/tf-azure-database-flexible-server/azurerm"
  version = "~> 3.2"

  name                = "bar"
  resource_group      = azurerm_resource_group.foo
  database_engine     = "postgresql"
  replica_count       = 2
  storage_size        = 128
  delegated_subnet_id = azurerm_subnet.baz.id

  private_dns_zone = {
    id                  = "/subscriptions/123-qwerty-456-uiop/resourceGroups/rg-data/providers/Microsoft.Network/privateDnsZones/bar.dbz.postgres.database.azure.com"
    name                = "biz.dbz.postgres.database.azure.com"
    resource_group_name = azurerm_resource_group.foo.name
  }

  databases = [
    {
      name      = "app"
      charset   = "utf8"
      collation = "en_US.utf8"
    },
  ]

  configuration = {
    "backslash_quote"  = "on"
    "azure.extensions" = "CUBE,CITEXT,BTREE_GIST"
  }

  firewall_rules = [
    {
      target = "all"
      name   = "developer"
      cidr   = "xxx.xxx.xxx.xxx/32"
    },
    {
      target           = "replica"
      name             = "backend"
      start_ip_address = "xxx.xxx.xxx.xxx"
      end_ip_address   = "yyy.yyy.yyy.yyy"
    },
  ]
}

Variable	Description	Type	Default	Required	Sensitive
`database_engine`	Database engine. Supported values are `PostgreSQL` and `MySQL`	`string`		yes	no
`name`	Flexible Server name	`string`		yes	no
`resource_group`	Object with attributes of Resource Group in which resources should be created. Keys `name` and `location` are required	`any`		yes	no
`administrator_login`	Administrator login for the Flexible Server	`string`	`sqladmin`	no	no
`administrator_password`	Password associated with the `administrator_login` for the Flexible Server. Will be generated if not specified	`string`		no	yes
`backup_retention_days`	Backup retention days for the Flexible Server	`number`	`7`	no	no
`configuration`	Flexible Server configuration parameter name and value declared in the key-value format. Each parameter must be a valid `MySQL` or `PostgreSQL` configuration name, respectively	`map(any)`	`{}`	no	no
`databases`	List of database objects to create	`list(object)`	`[]`	no	no
`databases[*].charset`	Database charset. If not specified, these values are considered as default: `utf8mb4` for `MySQL` and `utf8` for `PostgreSQL`	`string`		no	no
`databases[*].collation`	Database collation. If not specified, these values are considered as default: `utf8mb4_general_ci` for `MySQL` and `en_US.utf8` for `PostgreSQL`	`string`		no	no
`databases[*].name`	Database name	`string`		yes	no
`delegated_subnet_id`	ID of the virtual network subnet to create the Flexible Server in (the private DNS zone is required to declare when setting a delegated subnet). The VNet subnet to place the Flexible Server into should have a service delegation `Microsoft.DBforMySQL/flexibleServers` for `MySQL` and `Microsoft.DBforPostgreSQL/flexibleServers` for `PostgreSQL`. The provided subnet must not have any other kinds of resources deployed in it	`string`		no	no
`engine_version`	Version for current database engine. If not specified, these values are considered as default: `5.7` for `MySQL` and `15` for `PostgreSQL`	`string`		no	no
`firewall_rules`	List of firewall rules to add to the setup	`list(object)`	`[]`	no	no
`firewall_rules[*].cidr`	CIDR block to allow database access for. Each rule must either specify `cidr` or both `start_ip_address` and `end_ip_address`	`string`		no	no
`firewall_rules[*].end_ip_address`	End IP Address associated with the Firewall Rule. Each rule must either specify `cidr` or both `start_ip_address` and `end_ip_address`. Use value `0.0.0.0` for all Azure-internal IP addresses	`string`		no	no
`firewall_rules[*].name`	Firewall name	`string`		yes	no
`firewall_rules[*].start_ip_address`	Start IP Address associated with the Firewall Rule. Each rule must either specify `cidr` or both `start_ip_address` and `end_ip_address`. Use value `0.0.0.0` for all Azure-internal IP addresses	`string`		no	no
`firewall_rules[*].target`	Rule target. Possible values are: `main` for main cluster, `replica` for all replicas and `all` for both main cluster and all its replicas	`string`		yes	no
`maintenance_window`	Maintenance window configuration. Not applicable for servers with `mysql` engine and burstable SKUs	`object`	`{}`	no	no
`maintenance_window.day`	Day of the week (`Mon`, `Tue`, etc.) the maintenance window occurs	`string`	`Mon`	no	no
`maintenance_window.hour`	Hour when the maintenance updates are applied, in UTC 24-hour format. Examples: `2`, `3`, `23`	`number`	`2`	no	no
`postgres_public_network_access_enabled`	Toggle public network availability of PostgreSQL Flexible Server (will be ignored and disabled if delegated subnet and private DNS zone are set)	`bool`	`true`	no	no
`private_dns_zone`	Parameters of an existing private DNS zone in which resources should be created. Leave unchanged to omit networking integration	`object`	`{}`	no	no
`private_dns_zone.id`	ID of an existing private DNS zone	`string`		no	no
`private_dns_zone.name`	Name of an existing private DNS zone	`string`		no	no
`private_dns_zone.resource_group_name`	Name of a resource group in which private DNS zone is created	`string`		no	no
`replica_count`	Number of replica servers to create	`number`	`0`	no	no
`sku_name`	Specifies the Machine Size (SKU Name) for the Flexible Server	`string`	`GP_Standard_D2ds_v4`	no	no
`storage_size`	Server storage size (Gb). If not specified, these values are considered as default: `20` for `MySQL` and `32` for `PostgreSQL`	`number`		no	no
`tags`	Tags to attach to Flexible Server	`map(string)`	`{}`	no	no
`vnet_id`	VNet ID to place virtual link into	`string`		no	no

Output	Description	Type	Sensitive
`databases`	Databases created by the module	`computed`	no
`fqdn`	FQDN of created database server	`computed`	no
`replicas`	Contains attributes of replica servers	`list(computed)`	yes
`server`	Contains attributes of main Flexible Server	`computed`	yes