Terraform Azure PostgreSQL Deployment
This Terraform project deploys a cost-effective Azure PostgreSQL database with minimal resources and security-conscious configuration.
⚙️ Features
- Cheapest SKU: B_Standard_B1ms (1 vCore, 2 GB RAM)
- Minimal Storage: 5 GB
- Security-Optimized:
- Public network access disabled
- Enforced SSL/TLS encryption (TLS1_2)
- Auto-grow disabled to prevent unexpected costs
- Automated Admin Password Generation with the random provider
- Modular and Configurable via
variables.tf
🚀 Deployment
Prerequisites
- Terraform (≥ 1.3.0)
- Azure CLI authenticated (
az login)
Steps
- Initialize Terraform:
terraform init1 - Preview the deployment:
terraform plan1 - Apply the configuration:
terraform apply -auto-approve1 - Retrieve PostgreSQL details:
terraform output1
📚 Notes
- Backup Retention: Minimum is 7 days (Azure limitation).
- Geo-Redundant Backup: Disabled to minimize costs.
- For production:
- Consider enabling auto-grow.
- Use Key Vault for secrets.
- Restrict IPs via firewall rules.
🛠 Configuration
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.5.0 |
| azurerm | 4.22.0 |
| random | 3.7.1 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| azurerm_postgresql_server.example | resource |
| azurerm_resource_group.example | resource |
| random_password.psql_admin_password | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| administrator_login | Administrator username for PostgreSQL | string | "psqladmin" | no |
| auto_grow_enabled | Enable auto-grow for storage | bool | false | no |
| backup_retention_days | Backup retention in days | number | 7 | no |
| geo_redundant_backup_enabled | Enable geo-redundant backups | bool | false | no |
| location | Azure region | string | "West Europe" | no |
| postgresql_server_name | Name of the PostgreSQL server | string | n/a | yes |
| postgresql_version | PostgreSQL version | string | "11" | no |
| public_network_access_enabled | Enable public network access | bool | false | no |
| resource_group_name | Name of the Azure resource group | string | n/a | yes |
| sku_name | The SKU name for the PostgreSQL server | string | "B_Gen5_1" | no |
| ssl_enforcement_enabled | Enforce SSL connection | bool | true | no |
| ssl_minimal_tls_version_enforced | Minimum TLS version | string | "TLS1_2" | no |
| storage_mb | Storage size in MB | number | 5120 | no |
| subscription_id | the Azure subscription id | string | n/a | yes |
Outputs
| Name | Description |
|---|---|
| postgresql_admin_username | The administrator username for PostgreSQL |
| postgresql_fqdn | The fully qualified domain name of the PostgreSQL server |
| postgresql_server_name | The name of the PostgreSQL server |
| postgresql_version | The PostgreSQL version |
| psql_admin_password | The administrator password for PostgreSQL |
| resource_group_name | The name of the resource group in which the PostgreSQL database is created |
Source code & Installation
The source code of this kit module can be found here
Run the following command to install the kit module:
collie kit import azure/buildingblocks/postgresql/buildingblock
1