RDS for production on AWS: the setup checklist you actually need
Complete Terraform production module
resource "aws_db_parameter_group" "postgres" {
name = "${var.identifier}-pg15"; family = "postgres15"
parameter { name = "log_min_duration_statement"; value = "1000" }
parameter { name = "shared_preload_libraries"; value = "pg_stat_statements" }
}
resource "aws_db_instance" "main" {
identifier = "${var.identifier}-${var.environment}"
engine = "postgres"; engine_version = "15.4"
instance_class = var.instance_class; db_name = var.db_name
username = var.username; password = var.password
allocated_storage = 20; max_allocated_storage = 100 # Free autoscaling
storage_type = "gp3"; storage_encrypted = true
db_subnet_group_name = aws_db_subnet_group.main.name
vpc_security_group_ids = [aws_security_group.rds.id]
parameter_group_name = aws_db_parameter_group.postgres.name
multi_az = var.environment == "prod"
publicly_accessible = false
backup_retention_period = 7
backup_window = "03:00-04:00"
maintenance_window = "sun:04:00-sun:05:00"
deletion_protection = var.environment == "prod"
skip_final_snapshot = var.environment != "prod"
performance_insights_enabled = true
performance_insights_retention_period = 7
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
}
Production checklist
Security: ✓ Storage encrypted ✓ Not public ✓ SG from app only ✓ Password in Secrets Manager
Reliability: ✓ Multi-AZ ✓ Automated backups 7d ✓ Final snapshot ✓ Deletion protection
✓ max_allocated_storage (prevents storage-full outages — FREE)
Observability: ✓ Performance Insights ✓ CloudWatch logs ✓ Slow query logging
Operations: ✓ Custom parameter group ✓ Maintenance window off-peak
Common production mistakes
- Default parameter group: Not tuned for production — always create a custom one
- Single AZ in prod: Multi-AZ failover < 2 min; manual recovery can be 30+ min
-
Not setting
max_allocated_storage: Storage autoscaling is free — no reason to skip
Step2Dev provisions this configuration for every project database.
Top comments (0)