RDSの作成
量が多いので全体は折りたたみ表示
定義(全体)
定義
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: String
AllowMajorVersionUpgrade: Boolean
AssociatedRoles:
- DBInstanceRole
AutoMinorVersionUpgrade: Boolean
AvailabilityZone: String
BackupRetentionPeriod: Integer
CACertificateIdentifier: String
CertificateDetails:
CertificateDetails
CertificateRotationRestart: Boolean
CharacterSetName: String
CopyTagsToSnapshot: Boolean
CustomIAMInstanceProfile: String
DBClusterIdentifier: String
DBClusterSnapshotIdentifier: String
DBInstanceClass: String
DBInstanceIdentifier: String
DBName: String
DBParameterGroupName: String
DBSecurityGroups:
- String
DBSnapshotIdentifier: String
DBSubnetGroupName: String
DeleteAutomatedBackups: Boolean
DeletionProtection: Boolean
Domain: String
DomainIAMRoleName: String
EnableCloudwatchLogsExports:
- String
EnableIAMDatabaseAuthentication: Boolean
EnablePerformanceInsights: Boolean
Endpoint:
Endpoint
Engine: String
EngineVersion: String
Iops: Integer
KmsKeyId: String
LicenseModel: String
ManageMasterUserPassword: Boolean
MasterUsername: String
MasterUserPassword: String
MasterUserSecret:
MasterUserSecret
MaxAllocatedStorage: Integer
MonitoringInterval: Integer
MonitoringRoleArn: String
MultiAZ: Boolean
NcharCharacterSetName: String
NetworkType: String
OptionGroupName: String
PerformanceInsightsKMSKeyId: String
PerformanceInsightsRetentionPeriod: Integer
Port: String
PreferredBackupWindow: String
PreferredMaintenanceWindow: String
ProcessorFeatures:
- ProcessorFeature
PromotionTier: Integer
PubliclyAccessible: Boolean
ReplicaMode: String
RestoreTime: String
SourceDBClusterIdentifier: String
SourceDBInstanceAutomatedBackupsArn: String
SourceDBInstanceIdentifier: String
SourceDbiResourceId: String
SourceRegion: String
StorageEncrypted: Boolean
StorageThroughput: Integer
StorageType: String
Tags:
- Tag
Timezone: String
UseDefaultProcessorFeatures: Boolean
UseLatestRestorableTime: Boolean
VPCSecurityGroups:
- String
必要な設定を抜粋するとこのようになります。
定義
Type: AWS::RDS::DBInstance
Properties:
Engine: String
EngineVersion: String
MasterUsername: String
MasterUserPassword: String
DBInstanceClass: String
AllocatedStorage: String
DBSubnetGroupName: String
PubliclyAccessible: Boolean
VPCSecurityGroups:
- String
DBName: String
MasterUsernameとMasterUserPasswordはパラメーターで使用するようにしましょう。パスワード項目はNoEcho: trueを指定すると、パスワード表示になります。
Parametersセクション
DBAdminUser:
Description: DB Admin User
Type: String
DBAdminPassword:
Description: DB Admin Password
Type: String
MinLength: 8
NoEcho: true
DBInstanceリソースの定義はこのようになります。
RdsDBInstance:
Type: AWS::RDS::DBInstance
Properties:
Engine: MySQL
EngineVersion: 8.0.33
MasterUsername: !Ref DBAdminUser
MasterUserPassword: !Ref DBAdminPassword
DBInstanceClass: db.t3.micro
AllocatedStorage: "20"
DBSubnetGroupName: !Ref RdsDBSubnetGroup
PubliclyAccessible: false
VPCSecurityGroups:
- !Ref RdsSecurityGroup
DBName: wordpress
課題
RDSインスタンスを作成してください。Outputsセクションで、RDSのドメイン名を出力してください。
回答
AWSTemplateFormatVersion: "2010-09-09"
Description: Scalable website
Parameters:
UserName:
Type: String
Description: User Name
Default: user1
InstanceType:
Type: String
Description: Instance Type
AllowedValues:
- t2.micro
- t2.medium
Default: t2.micro
DBAdminUser:
Description: DB Admin User
Type: String
DBAdminPassword:
Description: DB Admin Password
Type: String
MinLength: 8
NoEcho: true
Mappings:
RegionMap:
us-east-1:
zone1: us-east-1a
zone2: us-east-1b
ap-northeast-1:
zone1: ap-northeast-1a
zone2: ap-northeast-1c
Resources:
###############
# VPC #
###############
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Join ['-', [handson, !Ref UserName]]
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.0.0/24
AvailabilityZone: !FindInMap [RegionMap, !Ref "AWS::Region", zone1]
Tags:
- Key: Name
Value: パブリックサブネット-1a
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !FindInMap [RegionMap, !Ref "AWS::Region", zone2]
Tags:
- Key: Name
Value: パブリックサブネット-1c
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !FindInMap [RegionMap, !Ref "AWS::Region", zone1]
Tags:
- Key: Name
Value: プライベートサブネット-1a
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: !FindInMap [RegionMap, !Ref "AWS::Region", zone2]
Tags:
- Key: Name
Value: プライベートサブネット-1c
InternetGateway:
Type: AWS::EC2::InternetGateway
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteTablePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
RoutePublic1:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTablePublic
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
AssociateRouteTablePublic1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTablePublic
SubnetId: !Ref PublicSubnet1
AssociateRouteTablePublic2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTablePublic
SubnetId: !Ref PublicSubnet2
RouteTablePrivate1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
AssociateRouteTablePrivate1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTablePrivate1
SubnetId: !Ref PrivateSubnet1
RouteTablePrivate2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
AssociateRouteTablePrivate2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTablePrivate2
SubnetId: !Ref PrivateSubnet2
###############
# EC2 #
###############
Ec2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: EC2 securitygroup
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-04beabd6a4fb6ab6f"
InstanceType: !Ref InstanceType
EbsOptimized: false
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
Encrypted: false
DeleteOnTermination: true
Iops: 3000
VolumeSize: 16
VolumeType: gp3
NetworkInterfaces:
- SubnetId: !Ref PublicSubnet1
AssociatePublicIpAddress: true
DeviceIndex: "0"
GroupSet:
- !Ref Ec2SecurityGroup
PrivateDnsNameOptions:
HostnameType: ip-name
EnableResourceNameDnsARecord: false
EnableResourceNameDnsAAAARecord: false
Tags:
- Key: Name
Value: !Sub webserver#1-${UserName}
UserData:
Fn::Base64: |
#!/bin/bash
dnf update -y
dnf install -y httpd wget php-fpm php-mysqli php-json php php-devel mariadb105
wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/
tar zxvf /tmp/latest-ja.tar.gz -C /tmp
cp -r /tmp/wordpress/* /var/www/html/
chown apache:apache -R /var/www/html
systemctl enable httpd.service
systemctl start httpd.service
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
systemctl restart amazon-ssm-agent
###############
# RDS #
###############
RdsSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: RDS for MySQL
VpcId: !Ref VPC
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref Ec2SecurityGroup
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
RdsDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: RDS for MySQL
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
RdsDBInstance:
Type: AWS::RDS::DBInstance
Properties:
Engine: MySQL
EngineVersion: 8.0.33
MasterUsername: !Ref DBAdminUser
MasterUserPassword: !Ref DBAdminPassword
DBInstanceClass: db.t3.micro
AllocatedStorage: "20"
DBSubnetGroupName: !Ref RdsDBSubnetGroup
PubliclyAccessible: false
VPCSecurityGroups:
- !Ref RdsSecurityGroup
DBName: wordpress
Outputs:
InstanceID:
Description: The Instance ID
Value: !Ref EC2Instance
PublicIp:
Description: EC2 Public IP
Value: !GetAtt EC2Instance.PublicIp
RdsDomainName:
Value: !GetAtt [RdsDBInstance, Endpoint.Address]
WordPressの初期設定の際にはOutputsセクションの出力値を参考にします。
テンプレートファイル