[AWS][Terraform][RDS]AuroraとS3(Static Website Hosting)の設定を自動化してみた

https://blog.adachin.me/archives/4693
前回のブログはEC2とVPCを自動化してみたので、今回はRDS(Aurora)とS3(Static Website Hosting)を実装してみました。

■aws_rds.tf

https://www.terraform.io/docs/providers/aws/r/rds_cluster_instance.html

resource "aws_db_subnet_group" "adachin-db-subnet" {
  name        = "adachin-db-subnet"
  description = "adachin-db-subnet"
  subnet_ids  = [aws_subnet.adachin-rds-1a.id, aws_subnet.adachin-rds-1c.id, aws_subnet.adachin-rds-1d.id]
}

resource "aws_db_parameter_group" "adachin" {
  name        = "adachin"
  family      = "aurora-mysql5.7"
  description = "adachin"

  parameter {
    name  = "general_log"
    value = "0"
  }

  parameter {
    name  = "log_output"
    value = "table"
  }

  parameter {
    name  = "long_query_time"
    value = "0"
  }

  parameter {
    name  = "slow_query_log"
    value = "0"
  }
}

resource "aws_rds_cluster_parameter_group" "adachin-cluster" {
  name        = "adachin"
  family      = "aurora-mysql5.7"
  description = "adachin"

  parameter {
    name  = "time_zone"
    value = "Asia/Tokyo"
  }

  parameter {
    name  = "character_set_client"
    value = "utf8mb4"
  }

  parameter {
    name  = "character_set_connection"
    value = "utf8mb4"
  }

  parameter {
    name  = "character_set_database"
    value = "utf8mb4"
  }

  parameter {
    name  = "character_set_filesystem"
    value = "binary"
  }

  parameter {
    name  = "character_set_results"
    value = "utf8mb4"
  }

  parameter {
    name  = "character_set_server"
    value = "utf8mb4"
  }
}

resource "aws_rds_cluster_instance" "adachin" {
  count                        = 1
  identifier                   = "adachin${count.index}"
  engine                       = "aurora-mysql"
  engine_version               = "5.7.mysql_aurora.2.08.1"
  cluster_identifier           = aws_rds_cluster.adachin-cluster.id
  instance_class               = var.instance_class
  db_subnet_group_name         = aws_db_subnet_group.adachin-db-subnet.id
  db_parameter_group_name      = aws_db_parameter_group.adachin.id

  tags = {
    Name    = "adachin"
    Env     = "pre"
  }
}

resource "aws_rds_cluster" "adachin-cluster" {
  cluster_identifier              = "adachin-cluster"
  engine                          = "aurora-mysql"
  engine_version                  = "5.7.mysql_aurora.2.08.1"
  database_name                   = var.database_name
  master_username                 = var.master_username
  master_password                 = var.master_password
  backup_retention_period         = 7
  preferred_backup_window         = "19:00-19:30"
  preferred_maintenance_window    = "sun:20:00-sun:20:30"
  port                            = 3306
  vpc_security_group_ids          = [aws_security_group.adachin-rds.id]
  db_subnet_group_name            = aws_db_subnet_group.adachin-db-subnet.id
  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.adachin-cluster.id
  enabled_cloudwatch_logs_exports = ["audit", "error", "slowquery"]

  lifecycle {
    ignore_changes = [
      master_password,
    ]
  }

  tags = {
    Name    = "adachin-cluster"
    Env     = "pre"
  }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

resource "aws_db_subnet_group" "adachin-db-subnet" {

name = "adachin-db-subnet"

description = "adachin-db-subnet"

subnet_ids = [aws_subnet.adachin-rds-1a.id, aws_subnet.adachin-rds-1c.id, aws_subnet.adachin-rds-1d.id]

}

resource "aws_db_parameter_group" "adachin" {

name = "adachin"

family = "aurora-mysql5.7"

description = "adachin"

parameter {

name = "general_log"

value = "0"

}

parameter {

name = "log_output"

value = "table"

}

parameter {

name = "long_query_time"

value = "0"

}

parameter {

name = "slow_query_log"

value = "0"

}

resource "aws_rds_cluster_parameter_group" "adachin-cluster" {

name = "adachin"

family = "aurora-mysql5.7"

description = "adachin"

parameter {

name = "time_zone"

value = "Asia/Tokyo"

}

parameter {

name = "character_set_client"

value = "utf8mb4"

}

parameter {

name = "character_set_connection"

value = "utf8mb4"

}

parameter {

name = "character_set_database"

value = "utf8mb4"

}

parameter {

name = "character_set_filesystem"

value = "binary"

}

parameter {

name = "character_set_results"

value = "utf8mb4"

}

parameter {

name = "character_set_server"

value = "utf8mb4"

}

resource "aws_rds_cluster_instance" "adachin" {

count = 1

identifier = "adachin${count.index}"

engine = "aurora-mysql"

engine_version = "5.7.mysql_aurora.2.08.1"

cluster_identifier = aws_rds_cluster.adachin-cluster.id

instance_class = var.instance_class

db_subnet_group_name = aws_db_subnet_group.adachin-db-subnet.id

db_parameter_group_name = aws_db_parameter_group.adachin.id

tags = {

Name = "adachin"

Env = "pre"

}

resource "aws_rds_cluster" "adachin-cluster" {

cluster_identifier = "adachin-cluster"

engine = "aurora-mysql"

engine_version = "5.7.mysql_aurora.2.08.1"

database_name = var.database_name

master_username = var.master_username

master_password = var.master_password

backup_retention_period = 7

preferred_backup_window = "19:00-19:30"

preferred_maintenance_window = "sun:20:00-sun:20:30"

port = 3306

vpc_security_group_ids = [aws_security_group.adachin-rds.id]

db_subnet_group_name = aws_db_subnet_group.adachin-db-subnet.id

db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.adachin-cluster.id

enabled_cloudwatch_logs_exports = ["audit", "error", "slowquery"]

lifecycle {

ignore_changes = [

master_password,

]

}

tags = {

Name = "adachin-cluster"

Env = "pre"

}

今回はAuroraを使用しています。基本クラスターなので、
まずDB用のサブネットを作り、パラメータグループをコード化してからの
クラスター作ってクラスターインスタンスをコード化しています。
username、pass、instance_classは変数化して他のtfファイルで保管してます。
※(master passはlifecycle使って次変更しても変化ないようにしています)⇛Vaultでやりたい

■aws_s3.tf

https://www.terraform.io/docs/providers/aws/r/s3_bucket.html

resource "aws_s3_bucket" "stg-adachin-com" {
  bucket = "stg.adachin.com"
  acl    = "private"
  region = var.aws_region
}

resource "aws_s3_bucket" "stg-adachin-logs" {
  bucket = "stg.adachin.logs"
  acl    = "log-delivery-write"
  region = var.aws_region
  policy = file("files/s3/policy/stg-adachin-logs.json")
}

resource "aws_s3_bucket" "dev-adachin-com" {
  bucket = "dev.adachin.com"
  acl    = "public-read"
  policy = file("files/s3/policy/website_hosting_stg.adachin.com.json")
  region = var.aws_region

    website {
    index_document = "index.html"
    error_document = "error.html"
  }
}

resource "aws_s3_bucket" "stg-adachin-com" {

bucket = "stg.adachin.com"

acl = "private"

region = var.aws_region

}

resource "aws_s3_bucket" "stg-adachin-logs" {

bucket = "stg.adachin.logs"

acl = "log-delivery-write"

region = var.aws_region

policy = file("files/s3/policy/stg-adachin-logs.json")

}

resource "aws_s3_bucket" "dev-adachin-com" {

bucket = "dev.adachin.com"

acl = "public-read"

policy = file("files/s3/policy/website_hosting_stg.adachin.com.json")

region = var.aws_region

website {

index_document = "index.html"

error_document = "error.html"

}

files/s3/policy/stg-adachin-logs.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "logs.ap-northeast-1.amazonaws.com"
      },
      "Action": "s3:GetBucketAcl",
      "Resource": "arn:aws:s3:::stg.adachin.logs"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "logs.ap-northeast-1.amazonaws.com"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::stg.adachin.logs/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": {

"Service": "logs.ap-northeast-1.amazonaws.com"

"Action": "s3:GetBucketAcl",

"Resource": "arn:aws:s3:::stg.adachin.logs"

{

"Effect": "Allow",

"Principal": {

"Service": "logs.ap-northeast-1.amazonaws.com"

"Action": "s3:PutObject",

"Resource": "arn:aws:s3:::stg.adachin.logs/*",

"Condition": {

"StringEquals": {

"s3:x-amz-acl": "bucket-owner-full-control"

}

]

}

files/s3/policy/website_hosting_dev.adachin.com.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AddPerm",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::dev.adachin.com/*"
    }
  ]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "AddPerm",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::dev.adachin.com/*"

}

]

}

Static Website Hostingのため公開バケットにしています。

■まとめ

terraformのドキュメント…読むの慣れてきた。

Pocket

[AWS][Terraform][RDS]AuroraとS3(Static Website Hosting)の設定を自動化してみた

投稿者: adachin 投稿日: 2017/07/052017/07/05

■aws_rds.tf

■aws_s3.tf

■まとめ

adachin

0件のコメント

コメントを残すコメントをキャンセル

AWS GitHub Actions Terraform

[AWS][OIDC]Terraform CI/CD環境をGitHub Actionsで作ってみた

AWS GitHub Actions

[GitHub Actions][paths][OIDC]差分が出たらコンテナイメージをAWS Lambdaにデプロイするように実装してみた

AWS CircleCI

[CircleCI]parametersを利用して複数のjobを関数化してみた

[AWS][Terraform][RDS]AuroraとS3(Static Website Hosting)の設定を自動化してみた

投稿者: adachin 投稿日: 2017/07/052017/07/05

■aws_rds.tf

■aws_s3.tf

■まとめ

adachin

0件のコメント

コメントを残す コメントをキャンセル

関連投稿

AWS GitHub Actions Terraform

[AWS][OIDC]Terraform CI/CD環境をGitHub Actionsで作ってみた

AWS GitHub Actions

[GitHub Actions][paths][OIDC]差分が出たらコンテナイメージをAWS Lambdaにデプロイするように実装してみた

AWS CircleCI

[CircleCI]parametersを利用して複数のjobを関数化してみた

コメントを残すコメントをキャンセル