| allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to false | bool | false | |
| allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(string) | false | |
| allowed_security_groups | A list of Security Group ID's to allow access to | list(string) | false | |
| apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false | bool | false | |
| auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default true | bool | false | |
| autoscaling_enabled | Determines whether autoscaling of the cluster read replicas is enabled | bool | false | |
| autoscaling_max_capacity | Maximum number of read replicas permitted when autoscaling is enabled | number | false | |
| autoscaling_min_capacity | Minimum number of read replicas permitted when autoscaling is enabled | number | false | |
| autoscaling_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number | false | |
| autoscaling_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number | false | |
| autoscaling_target_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections | number | false | |
| autoscaling_target_cpu | CPU threshold which will initiate autoscaling | number | false | |
| backtrack_window | The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | number | false | |
| backup_retention_period | The days to retain backups for. Default 7 | number | false | |
| ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | false | |
| cluster_tags | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | map(string) | false | |
| cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false | |
| copy_tags_to_snapshot | Copy all Cluster tags to snapshots | bool | false | |
| create_cluster | Whether cluster should be created (affects nearly all resources) | bool | false | |
| create_db_subnet_group | Determines whether to create the database subnet group or use existing | bool | false | |
| create_monitoring_role | Determines whether to create the IAM role for RDS enhanced monitoring | bool | false | |
| create_random_password | Determines whether to create random password for RDS primary cluster | bool | false | |
| create_security_group | Determines whether to create security group for RDS cluster | bool | false | |
| database_name | Name for an automatically created database on cluster creation | string | false | |
| db_cluster_db_instance_parameter_group_name | Instance parameter group to associate with all instances of the DB cluster. The db_cluster_db_instance_parameter_group_name is only valid in combination with allow_major_version_upgrade | string | false | |
| db_cluster_parameter_group_name | A cluster parameter group to associate with the cluster | string | false | |
| db_parameter_group_name | The name of the DB parameter group to associate with instances | string | false | |
| db_subnet_group_name | The name of the subnet group name (existing or created) | string | false | |
| deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false | bool | false | |
| enable_global_write_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an aws_rds_global_cluster's primary cluster | bool | false | |
| enable_http_endpoint | Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless | bool | false | |
| enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql | list(string) | false | |
| endpoints | Map of additional cluster endpoints and their attributes to be created | any | false | |
| engine | The name of the database engine to be used for this DB cluster. Defaults to aurora. Valid Values: aurora, aurora-mysql, aurora-postgresql | string | false | |
| engine_mode | The database engine mode. Valid values: global, multimaster, parallelquery, provisioned, serverless. Defaults to: provisioned | string | false | |
| engine_version | The database engine version. Updating this argument results in an outage | string | false | |
| final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy; a 8 random digits are appended to name to ensure it's unique | string | false | |
| global_cluster_identifier | The global cluster identifier specified on aws_rds_global_cluster | string | false | |
| iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool | false | |
| iam_role_description | Description of the monitoring role | string | false | |
| iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool | false | |
| iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | list(string) | false | |
| iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number | false | |
| iam_role_name | Friendly name of the monitoring role | string | false | |
| iam_role_path | Path for the monitoring role | string | false | |
| iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string | false | |
| iam_role_use_name_prefix | Determines whether to use iam_role_name as is or create a unique name beginning with the iam_role_name as the prefix | bool | false | |
| iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) | false | |
| instance_class | Instance type to use at master instance. Note: if autoscaling_enabled is true, this will be the same instance class used on instances created by autoscaling | string | false | |
| instance_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | map(string) | false | |
| instances | Map of cluster instances and any specific/overriding attributes to be created | any | false | |
| instances_use_identifier_prefix | Determines whether cluster instance identifiers are used as prefixes | bool | false | |
| is_primary_cluster | Determines whether cluster is primary cluster with writer instance (set to false for global cluster and replica clusters) | bool | false | |
| kms_key_id | The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true | string | false | |
| master_password | Password for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to false | string | false | |
| master_username | Username for the master DB user | string | false | |
| monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to 0 to disble. Default is 0 | number | false | |
| monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string | false | |
| name | Name used across resources created | string | false | |
| performance_insights_enabled | Specifies whether Performance Insights is enabled or not | bool | false | |
| performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string | false | |
| performance_insights_retention_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | number | false | |
| port | The port on which the DB accepts connections | string | false | |
| predefined_metric_type | The metric type to scale on. Valid values are RDSReaderAverageCPUUtilization and RDSReaderAverageDatabaseConnections | string | false | |
| preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the backup_retention_period parameter. Time in UTC | string | false | |
| preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) | string | false | |
| publicly_accessible | Determines whether instances are publicly accessible. Default false | bool | false | |
| putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false | |
| random_password_length | Length of random password to create. Defaults to 10 | number | false | |
| replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string | false | |
| restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster | map(string) | false | |
| s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false | |
| scaling_configuration | Map of nested attributes with scaling properties. Only valid when engine_mode is set to serverless | map(string) | false | |
| security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string | false | |
| security_group_egress_rules | A map of security group egress rule defintions to add to the security group created | map(any) | false | |
| security_group_tags | Additional tags for the security group | map(string) | false | |
| skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool | false | |
| snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string | false | |
| source_region | The source region for an encrypted replica DB cluster | string | false | |
| storage_encrypted | Specifies whether the DB cluster is encrypted. The default is true | bool | false | |
| subnets | List of subnet IDs used by database subnet group created | list(string) | false | |
| tags | A map of tags to add to all resources | map(string) | false | |
| vpc_id | ID of the VPC where to create security group | string | false | |
| vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) | false | |
| writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | writeConnectionSecretToRef | false | |