ansible / ansible.builtin / v2.8.11 / module / rds_instance Manage RDS instances | "added in version" 2.7 of ansible.builtin" Authors: Sloane Hertel (@s-hertel) preview | supported by communityansible.builtin.rds_instance (v2.8.11) — module
pip
Install with pip install ansible==2.8.11
Create, modify, and delete RDS instances.
# Note: These examples do not set authentication details, see the AWS Guide for details. - name: create minimal aurora instance in default VPC and default subnet group rds_instance: engine: aurora db_instance_identifier: ansible-test-aurora-db-instance instance_type: db.t2.small password: "{{ password }}" username: "{{ username }}" cluster_id: ansible-test-cluster # This cluster must exist - see rds_cluster to manage it
- name: Create a DB instance using the default AWS KMS encryption key rds_instance: id: test-encrypted-db state: present engine: mariadb storage_encrypted: True db_instance_class: db.t2.medium username: "{{ username }}" password: "{{ password }}" allocated_storage: "{{ allocated_storage }}"
- name: remove the DB instance without a final snapshot rds_instance: id: "{{ instance_id }}" state: absent skip_final_snapshot: True
- name: remove the DB instance with a final snapshot rds_instance: id: "{{ instance_id }}" state: absent final_snapshot_identifier: "{{ snapshot_id }}"
iops: description: - The Provisioned IOPS (I/O operations per second) value. Is only set when using I(storage_type) is set to io1. type: int port: description: - The port number on which the instances accept connections. tags: description: - A dictionary of key value pairs to assign the DB cluster. wait: default: true description: - Whether to wait for the cluster to be available, stopped, or deleted. At a later time a wait_timeout option may be added. Following each API call to create/modify/delete the instance a waiter is used with a 60 second delay 30 times until the instance reaches the expected state (available/stopped/deleted). The total task time may also be influenced by AWSRetry which helps stabilize if the instance is in an invalid state to operate on to begin with (such as if you try to stop it when it is in the process of rebooting). If setting this to False task retries and delays may make your playbook execution better handle timeouts for major modifications. type: bool state: choices: - present - absent - terminated - running - started - stopped - rebooted - restarted default: present description: - Whether the snapshot should exist or not. I(rebooted) is not idempotent and will leave the DB instance in a running state and start it prior to rebooting if it was stopped. I(present) will leave the DB instance in the current running/stopped state, (running if creating the DB instance). - I(state=running) and I(state=started) are synonyms, as are I(state=rebooted) and I(state=restarted). Note - rebooting the instance is not idempotent. domain: description: - The Active Directory Domain to restore the instance in. engine: description: - The name of the database engine to be used for this DB instance. This is required to create an instance. Valid choices are aurora | aurora-mysql | aurora-postgresql | mariadb | mysql | oracle-ee | oracle-se | oracle-se1 | oracle-se2 | postgres | sqlserver-ee | sqlserver-ex | sqlserver-se | sqlserver-web region: aliases: - aws_region - ec2_region description: - The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region) type: str db_name: description: - The name for your database. If a name is not provided Amazon RDS will not create a database. ec2_url: aliases: - aws_endpoint_url - endpoint_url description: - Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used. type: str profile: aliases: - aws_profile description: - Uses a boto profile. Only works with boto >= 2.24.0. - Using I(profile) will override I(aws_access_key), I(aws_secret_key) and I(security_token) and support for passing them at the same time as I(profile) has been deprecated. - I(aws_access_key), I(aws_secret_key) and I(security_token) will be made mutually exclusive with I(profile) after 2022-06-01. type: str multi_az: description: - Specifies if the DB instance is a Multi-AZ deployment. Mutually exclusive with I(availability_zone). type: bool timezone: description: - The time zone of the DB instance. s3_prefix: description: - The prefix for all of the file names that contain the data used to create the Amazon DB instance. If you do not specify a SourceS3Prefix value, then the Amazon DB instance is created by using all of the files in the Amazon S3 bucket. aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). - Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto) for more boto configuration. type: dict kms_key_id: description: - The ARN of the AWS KMS key identifier for an encrypted DB instance. If you are creating a DB instance with the same AWS account that owns the KMS encryption key used to encrypt the new DB instance, then you can use the KMS key alias instead of the ARN for the KM encryption key. - If I(storage_encrypted) is true and and this option is not provided, the default encryption key is used. purge_tags: default: true description: Set to False to retain any tags that aren't specified in task and are associated with the instance. type: bool read_replica: description: - Set to False to promote a read replica cluster or true to create one. When creating a read replica C(creation_source) should be set to 'instance' or not provided. C(source_db_instance_identifier) must be provided with this option. type: bool restore_time: description: - If using I(creation_source=instance) this indicates the UTC date and time to restore from the source instance. For example, "2009-09-07T23:45:00Z". May alternatively set c(use_latest_restore_time) to True. storage_type: choices: - standard - gp2 - io1 description: - The storage type to be associated with the DB instance. I(storage_type) does not apply to Aurora DB instances. aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - Only used for boto3 based modules. - 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied from the controller if not run locally.' type: path license_model: choices: - license-included - bring-your-own-license - general-public-license description: - The license model for the DB instance. source_engine: choices: - mysql description: - The identifier for the database engine that was backed up to create the files stored in the Amazon S3 bucket. source_region: description: - The region of the DB instance from which the replica is created. aws_access_key: aliases: - ec2_access_key - access_key description: - AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_access_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str aws_secret_key: aliases: - ec2_secret_key - secret_key description: - AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_secret_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str engine_version: description: - The version number of the database engine to use. For Aurora MySQL that could be 5.6.10a , 5.7.12. Aurora PostgreSQL example, 9.6.3 force_failover: description: - Set to true to conduct the reboot through a MultiAZ failover. type: bool promotion_tier: description: - An integer that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. s3_bucket_name: description: - The name of the Amazon S3 bucket that contains the data used to create the Amazon DB instance. security_token: aliases: - aws_security_token - access_token description: - AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(security_token) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str validate_certs: default: true description: - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. type: bool creation_source: choices: - snapshot - s3 - instance description: Which source to use if restoring from a template (an existing instance, S3 bucket, or snapshot). master_username: aliases: - username description: - The name of the master user for the DB cluster. Must be 1-16 letters or numbers and begin with a letter. allocated_storage: description: - The amount of storage (in gibibytes) to allocate for the DB instance. apply_immediately: default: false description: - A value that specifies whether modifying a cluster with I(new_db_instance_identifier) and I(master_user_password) should be applied as soon as possible, regardless of the I(preferred_maintenance_window) setting. If false, changes are applied during the next maintenance window. type: bool availability_zone: aliases: - az - zone description: - A list of EC2 Availability Zones that instances in the DB cluster can be created in. May be used when creating a cluster or when restoring from S3 or a snapshot. Mutually exclusive with I(multi_az). db_instance_class: aliases: - class - instance_type description: - The compute and memory capacity of the DB instance, for example db.t2.micro. option_group_name: description: - The option group to associate with the DB instance. storage_encrypted: description: - Whether the DB instance is encrypted. type: bool character_set_name: description: - The character set to associate with the DB cluster. db_security_groups: description: - (EC2-Classic platform) A list of DB security groups to associate with this DB instance. type: list processor_features: description: - A dictionary of Name, Value pairs to indicate the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Names are threadsPerCore and coreCount. Set this option to an empty dictionary to use the default processor features. suboptions: coreCount: description: The number of CPU cores threadsPerCore: description: The number of threads per core tde_credential_arn: aliases: - transparent_data_encryption_arn description: - The ARN from the key store with which to associate the instance for Transparent Data Encryption. This is supported by Oracle or SQL Server DB instances and may be used in conjunction with C(storage_encrypted) though it might slightly affect the performance of your database. monitoring_interval: description: - The interval, in seconds, when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting metrics, specify 0. Amazon RDS defaults this to 0 if omitted when initially creating a DB instance. monitoring_role_arn: description: - The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. publicly_accessible: description: - Specifies the accessibility options for the DB instance. A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address. A value of false specifies an internal instance with a DNS name that resolves to a private IP address. type: bool skip_final_snapshot: default: false description: - Whether a final DB cluster snapshot is created before the DB cluster is deleted. If this is false I(final_db_snapshot_identifier) must be provided. type: bool snapshot_identifier: description: - The ARN of the DB snapshot to restore from when using I(creation_source=snapshot). db_subnet_group_name: aliases: - subnet_group description: - The DB subnet group name to use for the DB instance. domain_iam_role_name: description: - The name of the IAM role to be used when making API calls to the Directory Service. master_user_password: aliases: - password description: - An 8-41 character password for the master database user. The password can contain any printable ASCII character except "/", """, or "@". To modify the password use I(force_password_update). Use I(apply immediately) to change the password immediately, otherwise it is updated during the next maintenance window. copy_tags_to_snapshot: description: - Whether or not to copy all tags from the DB instance to snapshots of the instance. When initially creating a DB instance the RDS API defaults this to false if unspecified. type: bool db_cluster_identifier: aliases: - cluster_id description: - The DB cluster (lowercase) identifier to add the aurora DB instance to. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. force_update_password: default: false description: - Set to True to update your cluster password with I(master_user_password). Since comparing passwords to determine if it needs to be updated is not possible this is set to False by default to allow idempotence. type: bool s3_ingestion_role_arn: description: - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that authorizes Amazon RDS to access the Amazon S3 bucket on your behalf. source_engine_version: description: - The version of the database that the backup files were created from. db_instance_identifier: aliases: - instance_id - id description: - The DB instance (lowercase) identifier. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. required: true db_snapshot_identifier: description: - The identifier for the DB snapshot to restore from if using I(creation_source=snapshot). vpc_security_group_ids: description: - A list of EC2 VPC security groups to associate with the DB cluster. type: list backup_retention_period: description: - The number of days for which automated backups are retained (must be greater or equal to 1). May be used when creating a new cluster, when restoring from S3, or when modifying a cluster. db_parameter_group_name: description: - The name of the DB parameter group to associate with this DB instance. When creating the DB instance if this argument is omitted the default DBParameterGroup for the specified engine is used. preferred_backup_window: aliases: - backup_window description: - The daily time range (in UTC) of at least 30 minutes, during which automated backups are created if automated backups are enabled using I(backup_retention_period). The option must be in the format of "hh24:mi-hh24:mi" and not conflict with I(preferred_maintenance_window). tde_credential_password: aliases: - transparent_data_encryption_password description: - The password for the given ARN from the key store in order to access the device. ca_certificate_identifier: description: - The identifier of the CA certificate for the DB instance. auto_minor_version_upgrade: description: - Whether minor version upgrades are applied automatically to the DB instance during the maintenance window. type: bool new_db_instance_identifier: aliases: - new_instance_id - new_id description: - The new DB cluster (lowercase) identifier for the DB cluster when renaming a DB instance. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. Use I(apply_immediately) to rename immediately, otherwise it is updated during the next maintenance window. use_latest_restorable_time: aliases: - restore_from_latest description: - Whether to restore the DB instance to the latest restorable backup time. Only one of I(use_latest_restorable_time) and I(restore_to_time) may be provided. type: bool allow_major_version_upgrade: description: - Whether to allow major version upgrades. type: bool enable_performance_insights: description: - Whether to enable Performance Insights for the DB instance. type: bool debug_botocore_endpoint_logs: default: 'no' description: - Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used. type: bool final_db_snapshot_identifier: aliases: - final_snapshot_identifier description: - The DB instance snapshot identifier of the new DB instance snapshot created when I(skip_final_snapshot) is false. preferred_maintenance_window: aliases: - maintenance_window description: - The weekly time range (in UTC) of at least 30 minutes, during which system maintenance can occur. The option must be in the format "ddd:hh24:mi-ddd:hh24:mi" where ddd is one of Mon, Tue, Wed, Thu, Fri, Sat, Sun. purge_cloudwatch_logs_exports: default: true description: Set to False to retain any enabled cloudwatch logs that aren't specified in the task and are associated with the instance. type: bool source_db_instance_identifier: description: - The identifier or ARN of the source DB instance from which to restore when creating a read replica or spinning up a point-in-time DB instance using I(creation_source=instance). If the source DB is not in the same region this should be an ARN. enable_cloudwatch_logs_exports: aliases: - cloudwatch_log_exports description: - A list of log types that need to be enabled for exporting to CloudWatch Logs. type: list performance_insights_kms_key_id: description: - The AWS KMS key identifier (ARN, name, or alias) for encryption of Performance Insights data. enable_iam_database_authentication: description: - Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. If this option is omitted when creating the cluster, Amazon RDS sets this to False. type: bool performance_insights_retention_period: description: - The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731.
allocated_storage: description: The allocated storage size in gibibytes. This is always 1 for aurora database engines. returned: always sample: 20 type: int auto_minor_version_upgrade: description: Whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. returned: always sample: true type: bool availability_zone: description: The availability zone for the DB instance. returned: always sample: us-east-1f type: str backup_retention_period: description: The number of days for which automated backups are retained. returned: always sample: 1 type: int ca_certificate_identifier: description: The identifier of the CA certificate for the DB instance. returned: always sample: rds-ca-2015 type: str copy_tags_to_snapshot: description: Whether tags are copied from the DB instance to snapshots of the DB instance. returned: always sample: false type: bool db_instance_arn: description: The Amazon Resource Name (ARN) for the DB instance. returned: always sample: arn:aws:rds:us-east-1:123456789012:db:ansible-test type: str db_instance_class: description: The name of the compute and memory capacity class of the DB instance. returned: always sample: db.m4.large type: str db_instance_identifier: description: The identifier of the DB instance returned: always sample: ansible-test type: str db_instance_port: description: The port that the DB instance listens on. returned: always sample: 0 type: int db_instance_status: description: The current state of this database. returned: always sample: stopped type: str db_parameter_groups: contains: db_parameter_group_name: description: The name of the DP parameter group. returned: always sample: default.mariadb10.0 type: str parameter_apply_status: description: The status of parameter updates. returned: always sample: in-sync type: str description: The list of DB parameter groups applied to this DB instance. returned: always type: complex db_security_groups: description: A list of DB security groups associated with this DB instance. returned: always sample: [] type: list db_subnet_group: contains: db_subnet_group_description: description: The description of the DB subnet group. returned: always sample: default type: str db_subnet_group_name: description: The name of the DB subnet group. returned: always sample: default type: str subnet_group_status: description: The status of the DB subnet group. returned: always sample: Complete type: str subnets: contains: subnet_availability_zone: contains: name: description: The name of the Availability Zone. returned: always sample: us-east-1c type: str description: The availability zone of the subnet. returned: always type: complex subnet_identifier: description: The ID of the subnet. returned: always sample: subnet-12345678 type: str subnet_status: description: The status of the subnet. returned: always sample: Active type: str description: A list of Subnet elements. returned: always type: complex vpc_id: description: The VpcId of the DB subnet group. returned: always sample: vpc-12345678 type: str description: The subnet group associated with the DB instance. returned: always type: complex dbi_resource_id: description: The AWS Region-unique, immutable identifier for the DB instance. returned: always sample: db-UHV3QRNWX4KB6GALCIGRML6QFA type: str domain_memberships: description: The Active Directory Domain membership records associated with the DB instance. returned: always sample: [] type: list endpoint: contains: address: description: The DNS address of the DB instance. returned: always sample: ansible-test.cvlrtwiennww.us-east-1.rds.amazonaws.com type: str hosted_zone_id: description: The ID that Amazon Route 53 assigns when you create a hosted zone. returned: always sample: ZTR2ITUGPA61AM type: str port: description: The port that the database engine is listening on. returned: always sample: 3306 type: int description: The connection endpoint. returned: always type: complex engine: description: The database engine version. returned: always sample: mariadb type: str engine_version: description: The database engine version. returned: always sample: 10.0.35 type: str iam_database_authentication_enabled: description: Whether mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. returned: always sample: false type: bool instance_create_time: description: The date and time the DB instance was created. returned: always sample: '2018-07-04T16:48:35.332000+00:00' type: str kms_key_id: description: The AWS KMS key identifier for the encrypted DB instance when storage_encrypted is true. returned: When storage_encrypted is true sample: arn:aws:kms:us-east-1:123456789012:key/70c45553-ad2e-4a85-9f14-cfeb47555c33 type: str latest_restorable_time: description: The latest time to which a database can be restored with point-in-time restore. returned: always sample: '2018-07-04T16:50:50.642000+00:00' type: str license_model: description: The License model information for this DB instance. returned: always sample: general-public-license type: str master_username: description: The master username for the DB instance. returned: always sample: test type: str monitoring_interval: description: - The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. 0 means collecting Enhanced Monitoring metrics is disabled. returned: always sample: 0 type: int multi_az: description: Whether the DB instance is a Multi-AZ deployment. returned: always sample: false type: bool option_group_memberships: contains: option_group_name: description: The name of the option group that the instance belongs to. returned: always sample: default:mariadb-10-0 type: str status: description: The status of the DB instance's option group membership. returned: always sample: in-sync type: str description: The list of option group memberships for this DB instance. returned: always type: complex pending_modified_values: contains: {} description: The changes to the DB instance that are pending. returned: always type: complex performance_insights_enabled: description: True if Performance Insights is enabled for the DB instance, and otherwise false. returned: always sample: false type: bool preferred_backup_window: description: The daily time range during which automated backups are created if automated backups are enabled. returned: always sample: 07:01-07:31 type: str preferred_maintenance_window: description: The weekly time range (in UTC) during which system maintenance can occur. returned: always sample: sun:09:31-sun:10:01 type: str publicly_accessible: description: - True for an Internet-facing instance with a publicly resolvable DNS name, False to indicate an internal instance with a DNS name that resolves to a private IP address. returned: always sample: true type: bool read_replica_db_instance_identifiers: description: Identifiers of the Read Replicas associated with this DB instance. returned: always sample: [] type: list storage_encrypted: description: Whether the DB instance is encrypted. returned: always sample: false type: bool storage_type: description: The storage type to be associated with the DB instance. returned: always sample: standard type: str tags: contains: {} description: A dictionary of tags associated with the DB instance. returned: always type: complex vpc_security_groups: contains: status: description: The status of the VPC security group. returned: always sample: active type: str vpc_security_group_id: description: The name of the VPC security group. returned: always sample: sg-12345678 type: str description: A list of VPC security group elements that the DB instance belongs to. returned: always type: complex