terraform-aws-arc-postgresql-mgmt ¶

Module: sourcefuse/arc-postgresql-mgmt/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-postgresql-mgmt/aws

Category: Database / Management

Source: https://github.com/sourcefuse/terraform-aws-arc-postgresql-mgmt

Tip

🤖 New: Use this module with AI assistants via the ARC IaC MCP Server — search, scaffold, and security-scan ARC modules from natural language. Quick setup ↓

Overview¶

Manages PostgreSQL databases, roles, schemas, and grants on an existing RDS or Aurora PostgreSQL instance using the PostgreSQL Terraform provider.

What It Does¶

Database creation on existing PostgreSQL server
Role and user management with password rotation
Schema creation and ownership
Fine-grained privilege grants
Secrets Manager integration for credentials

Usage¶

required_providers { postgresql = { version = "~> 1.21" source = "cyrilgdn/postgresql" } aws = { version = "~> 5.0" source = "hashicorp/aws" } }

Quickstart¶

module "pg_mgmt" {
  source  = "sourcefuse/arc-postgresql-mgmt/aws"
  version = "1.0.0"

  db_host     = module.db.cluster_endpoint
  db_port     = 5432
  db_name     = "postgres"
  db_username = "admin"
  db_password = data.aws_secretsmanager_secret_version.db.secret_string

  databases = [{ name = "myapp_db" }]
  roles     = [{ name = "myapp_user", login = true }]
}

Required Inputs¶

Name	Type	Description
`db_host`	`string`	PostgreSQL host endpoint
`db_port`	`number`	PostgreSQL port
`db_username`	`string`	Admin username
`db_password`	`string`	Admin password
## Key Outputs

Name	Description
`database_names`	List of created database names
`role_names`	List of created role names
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements¶

Name	Version
terraform	~> 1.3, < 2.0.0
aws	~> 5.0, < 6.0
postgresql	~> 1.21

Providers¶

Name	Version
aws	5.28.0
postgresql	1.21.0

Modules¶

No modules.

Resources¶

Name	Type
aws_ssm_parameter.this	resource
postgresql_database.pg_db	resource
postgresql_default_privileges.pg_default_privileges	resource
postgresql_role.pg_role	resource
postgresql_schema.pg_schema	resource

Inputs¶

Name	Description	Type	Default	Required
pg_roles	A map of objects where each key-value pair represents a PostgreSQL role	map(object({ postgres_role_name = string login = string password = string }))	n/a	yes
pg_ssm_parameters	postgresql SSM parameters	map(object({ name = string type = string password = string }))	n/a	yes
postgresql_database	A map where each key-value pair represents a PostgreSQL database configuration	map(object({ db_name = string db_owner = string template = optional(string, null) lc_collate = optional(string, null) connection_limit = optional(string, null) allow_connections = optional(string, null) }))	n/a	yes
postgresql_default_privileges	configuration block for postgresql default privileges	map(object({ role = string database = string schema = string owner = string object_type = string privileges = list(string) }))	n/a	yes
postgresql_schema	configuration block for postgresql schema	map(object({ schema_name = string schema_owner = optional(string, null) database = optional(string, null) if_not_exists = optional(string, null) drop_cascade = optional(string, null) policy = optional(list(object({ usage = optional(string, null) role = optional(string, null) })), []) }))	n/a	yes

Outputs¶

Name	Description
arn	ARN of the parameter

Development¶

Prerequisites¶

Configurations¶

Configure pre-commit hooks

1	`pre-commit install`

Git commits¶

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

git commit -m "your commit message #major"

By specifying this , it will bump the version and if you dont specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests¶

Tests are available in test directory
Configure the dependencies

cd test
go mod init github.com/sourcefuse/terraform-aws-ref-arch-db
go get github.com/gruntwork-io/terratest/modules/terraform

Now execute the test

cd test/
go test

AI Assistant Integration (ARC IaC MCP)¶

The ARC IaC MCP Server is a hosted Model Context Protocol service that lets AI assistants browse, search, scaffold, compare, and security-scan any of the SourceFuse ARC Terraform modules — directly from natural language.

What you can do with it:

Discover — search and filter modules by keyword or AWS resource type.
Understand — get inputs, outputs, and resources for any module without leaving your editor.
Scaffold — generate production-ready, multi-file Terraform with cross-module wiring already done.
Secure — scan generated or existing HCL for misconfigurations before it hits a PR.
Compare — diff modules side-by-side to make informed architectural decisions.

Setup (one minute)¶

The MCP endpoint is https://arc-iac-mcp.sourcef.us/mcp. Pick your client:

Claude Code CLI:

claude mcp add arc-iac --transport http https://arc-iac-mcp.sourcef.us/mcp

Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "arc-iac": {
      "url": "https://arc-iac-mcp.sourcef.us/mcp"
    }
  }
}

Cursor / Windsurf / Kiro — add the same block to .cursor/mcp.json (or the equivalent for your client).

Example prompts to try¶

"List all ARC modules sorted by downloads"
"What inputs does arc-ecs require?"
"Scaffold a production-ready arc-db Aurora setup with Secrets Manager"
"Compare arc-eks and arc-ecs for running 10 microservices"
"Scan this Terraform before I raise a PR: <paste HCL>"

See the ARC IaC MCP repo for the full tool reference, troubleshooting tips, and local-development instructions.

Contributing¶

See CONTRIBUTING.md for commit conventions and development setup.

Authors¶

This project is authored by:

SourceFuse ARC Team

terraform-aws-arc-postgresql-mgmt¶