Deploy PostgreSQL® services to multiple clouds and regions

Deploy PostgreSQL® services to multiple clouds and regions using Terraform. A part of the Aiven Terraform Cookbook.

There are many reasons why businesses need to distribute their databases geographically. One of the primary reason is data residency/regulation which mandates user data to stay within certain regions.
This example shows how to set up three highly-available PostgreSQL® databases in three regions and across different cloud providers for data regulation and compliance. In addition, these databases must be configured in a way that they are protected against database deletion.
Aiven Terraform Provider can help create multiple services programmatically.

The following image shows that the Aiven Terraform Provider calls the Aiven API under the hood to create three PostgreSQL services on AWS (Europe), DigitalOcean (US), and Google Cloud Platform(Asia):

Describe the setup

Be sure to check out the getting started guide to learn about the common files required to execute the following recipe. For example, you'll need to declare the variables for project_name and api_token.

Common files

Navigate to a new folder and add the following files.

Add the following to a new file:

terraform { required_providers { aiven = { source = "aiven/aiven" version = ">=4.0.0, < 5.0.0" } } } provider "aiven" { api_token = var.aiven_api_token }

You can also set the environment variable TF_VAR_aiven_api_token for the api_token property. With this, you don't need to pass the -var-file flag when executing Terraform commands.

To avoid including sensitive information in source control, the variables are defined here in the file. You can then use a *.tfvars file with the actual values so that Terraform receives the values during runtime, and exclude it.

The file defines the API token, the project name to use, and the prefix for the service name:

variable "aiven_api_token" { description = "Aiven console API token" type = string } variable "project_name" { description = "Aiven console project name" type = string }

The var-values.tfvars file holds the actual values and is passed to Terraform using the -var-file= flag.

var-values.tfvars file:


Here is the sample Terraform file to deploy all three services. Keep in mind that some parameters and configurations will vary for your case. A reference to some of the advanced PostgreSQL configurations is added at the end of this document. file:

# European Postgres Service resource "aiven_pg" "aws-eu-pg" { project = var.project_name cloud_name = "aws-eu-west-2" # London plan = "business-8" # Primary + read-only replica service_name = "postgres-eu-aws" termination_protection = true } # US Postgres Service resource "aiven_pg" "do-us-pg" { project = var.project_name cloud_name = "do-nyc" # New York plan = "business-8" # Primary + read-only replica service_name = "postgres-us-do" termination_protection = true } # Asia Postgres Service resource "aiven_pg" "gcp-as-pg" { project = var.project_name cloud_name = "google-asia-southeast1" # Singapore plan = "business-8" # Primary + read-only replica service_name = "postgres-as-gcp" termination_protection = true }

Execute the files

The init command performs several different initialization steps in order to prepare the current working directory for use with Terraform. In our case, this command automatically finds, downloads, and installs the necessary Aiven Terraform provider plugins.

terraform init

The plan command creates an execution plan and shows you the resources that will be created (or modified) for you. This command does not actually create any resource; this is more like a preview.

terraform plan -var-file=var-values.tfvars

If you're satisfied with the output of terraform plan, go ahead and run the terraform apply command which actually does the task or creating (or modifying) your infrastructure resources.

terraform apply -var-file=var-values.tfvars

This file creates three Aiven for PostgreSQL services across three cloud providers and in three different regions. The termination_protection = true property ensures that these databases are protected against accidental or unauthorized deletion.

With termination protection enabled, a terraform destroy command will result in a 403 response and an error message "Service is protected against termination and shutdown. Remove termination protection first.".

To destroy resources with termination protection, you need to update the script with termination_protection = false and then execute a terraform apply followed by a terraform destroy.

More resources

You might find these related resources useful too: