第 5 章:RDS 資料庫設定
Reference Link
RDS Instance
RDS Instance
resource "aws_db_instance" "default" {
allocated_storage = 10
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t3.micro"
username = "foo"
password = "foobarbaz"
parameter_group_name = "default.mysql5.7"
skip_final_snapshot = true
}
RDS Custom for Oracle Usage with Replica
data "aws_rds_orderable_db_instance" "custom-oracle" {
engine = "custom-oracle-ee" # CEV engine to be used
engine_version = "19.c.ee.002" # CEV engine version to be used
license_model = "bring-your-own-license"
storage_type = "gp3"
preferred_instance_classes = ["db.r5.xlarge", "db.r5.2xlarge", "db.r5.4xlarge"]
}
#The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.
data "aws_kms_key" "by_id" {
key_id = "example-ef278353ceba4a5a97de6784565b9f78" # KMS key associated with the CEV
}
resource "aws_db_instance" "default" {
allocated_storage = 50
auto_minor_version_upgrade = false # Custom for Oracle does not support minor version upgrades
custom_iam_instance_profile = "AWSRDSCustomInstanceProfile" # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
backup_retention_period = 7
db_subnet_group_name = local.db_subnet_group_name
engine = data.aws_rds_orderable_db_instance.custom-oracle.engine
engine_version = data.aws_rds_orderable_db_instance.custom-oracle.engine_version
identifier = "ee-instance-demo"
instance_class = data.aws_rds_orderable_db_instance.custom-oracle.instance_class
kms_key_id = data.aws_kms_key.by_id.arn
license_model = data.aws_rds_orderable_db_instance.custom-oracle.license_model
multi_az = false # Custom for Oracle does not support multi-az
password = "avoid-plaintext-passwords"
username = "test"
storage_encrypted = true
timeouts {
create = "3h"
delete = "3h"
update = "3h"
}
}
resource "aws_db_instance" "test-replica" {
replicate_source_db = aws_db_instance.default.identifier
replica_mode = "mounted"
auto_minor_version_upgrade = false
custom_iam_instance_profile = "AWSRDSCustomInstanceProfile" # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
backup_retention_period = 7
identifier = "ee-instance-replica"
instance_class = data.aws_rds_orderable_db_instance.custom-oracle.instance_class
kms_key_id = data.aws_kms_key.by_id.arn
multi_az = false # Custom for Oracle does not support multi-az
skip_final_snapshot = true
storage_encrypted = true
timeouts {
create = "3h"
delete = "3h"
update = "3h"
}
}
RDS Custom for SQL Server
# Lookup the available instance classes for the custom engine for the region being operated in
data "aws_rds_orderable_db_instance" "custom-sqlserver" {
engine = "custom-sqlserver-se" # CEV engine to be used
engine_version = "15.00.4249.2.v1" # CEV engine version to be used
storage_type = "gp3"
preferred_instance_classes = ["db.r5.xlarge", "db.r5.2xlarge", "db.r5.4xlarge"]
}
# The RDS instance resource requires an ARN. Look up the ARN of the KMS key.
data "aws_kms_key" "by_id" {
key_id = "example-ef278353ceba4a5a97de6784565b9f78" # KMS key
}
resource "aws_db_instance" "example" {
allocated_storage = 500
auto_minor_version_upgrade = false # Custom for SQL Server does not support minor version upgrades
custom_iam_instance_profile = "AWSRDSCustomSQLServerInstanceProfile" # Instance profile is required for Custom for SQL Server. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-sqlserver.html#custom-setup-sqlserver.iam
backup_retention_period = 7
db_subnet_group_name = local.db_subnet_group_name # Copy the subnet group from the RDS Console
engine = data.aws_rds_orderable_db_instance.custom-sqlserver.engine
engine_version = data.aws_rds_orderable_db_instance.custom-sqlserver.engine_version
identifier = "sql-instance-demo"
instance_class = data.aws_rds_orderable_db_instance.custom-sqlserver.instance_class
kms_key_id = data.aws_kms_key.by_id.arn
multi_az = false # Custom for SQL Server does support multi-az
password = "avoid-plaintext-passwords"
storage_encrypted = true
username = "test"
timeouts {
create = "3h"
delete = "3h"
update = "3h"
}
}
RDS Db2 Usage
# Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.
data "aws_rds_engine_version" "default" {
engine = "db2-se" #Standard Edition
}
# Lookup the available instance classes for the engine in the region being operated in
data "aws_rds_orderable_db_instance" "example" {
engine = data.aws_rds_engine_version.default.engine
engine_version = data.aws_rds_engine_version.default.version
license_model = "bring-your-own-license"
storage_type = "gp3"
preferred_instance_classes = ["db.t3.small", "db.r6i.large", "db.m6i.large"]
}
# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.
resource "aws_db_parameter_group" "example" {
name = "db-db2-params"
family = data.aws_rds_engine_version.default.parameter_group_family
parameter {
apply_method = "immediate"
name = "rds.ibm_customer_id"
value = 0000000000
}
parameter {
apply_method = "immediate"
name = "rds.ibm_site_id"
value = 0000000000
}
}
# Create the RDS Db2 instance, use the data sources defined to set attributes
resource "aws_db_instance" "example" {
allocated_storage = 100
backup_retention_period = 7
db_name = "test"
engine = data.aws_rds_orderable_db_instance.example.engine
engine_version = data.aws_rds_orderable_db_instance.example.engine_version
identifier = "db2-instance-demo"
instance_class = data.aws_rds_orderable_db_instance.example.instance_class
parameter_group_name = aws_db_parameter_group.example.name
password = "avoid-plaintext-passwords"
username = "test"
}
Aurora DB
Aurora MySQL 2.x (MySQL 5.7)
resource "aws_rds_cluster" "default" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-mysql"
engine_version = "5.7.mysql_aurora.2.03.2"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
Aurora MySQL 1.x (MySQL 5.6)
resource "aws_rds_cluster" "default" {
cluster_identifier = "aurora-cluster-demo"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
Aurora with PostgreSQL engine
resource "aws_rds_cluster" "postgresql" {
cluster_identifier = "aurora-cluster-demo"
engine = "aurora-postgresql"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
database_name = "mydb"
master_username = "foo"
master_password = "bar"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
}
RDS Multi-AZ Cluster
resource "aws_rds_cluster" "example" {
cluster_identifier = "example"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
engine = "mysql"
db_cluster_instance_class = "db.r6gd.xlarge"
storage_type = "io1"
allocated_storage = 100
iops = 1000
master_username = "test"
master_password = "mustbeeightcharaters"
}
RDS Serverless v2 Cluster
resource "aws_rds_cluster" "example" {
cluster_identifier = "example"
engine = "aurora-postgresql"
engine_mode = "provisioned"
engine_version = "13.6"
database_name = "test"
master_username = "test"
master_password = "must_be_eight_characters"
serverlessv2_scaling_configuration {
max_capacity = 1.0
min_capacity = 0.5
}
}
resource "aws_rds_cluster_instance" "example" {
cluster_identifier = aws_rds_cluster.example.id
instance_class = "db.serverless"
engine = aws_rds_cluster.example.engine
engine_version = aws_rds_cluster.example.engine_version
}
自動擴展 Storage
Storage Autoscaling
resource "aws_db_instance" "example" {
# ... other configuration ...
allocated_storage = 50
max_allocated_storage = 100
}
DB Instnace role
關聯 DB Instance role
resource "aws_db_instance_role_association" "example" {
db_instance_identifier = aws_db_instance.example.identifier
feature_name = "S3_INTEGRATION"
role_arn = aws_iam_role.example.arn
}
DB Parameter group
DB Parameter group
resource "aws_db_parameter_group" "default" {
name = "rds-pg"
family = "mysql5.6"
parameter {
name = "character_set_server"
value = "utf8"
}
parameter {
name = "character_set_client"
value = "utf8"
}
}
- Aurora MySQL Parameters
- Aurora PostgreSQL Parameters
- MariaDB Parameters
- Oracle Parameters
- PostgreSQL Parameters
DB Proxy
DB Proxy
resource "aws_db_proxy" "example" {
name = "example"
debug_logging = false
engine_family = "MYSQL"
idle_client_timeout = 1800
require_tls = true
role_arn = aws_iam_role.example.arn
vpc_security_group_ids = [aws_security_group.example.id]
vpc_subnet_ids = [aws_subnet.example.id]
auth {
auth_scheme = "SECRETS"
description = "example"
iam_auth = "DISABLED"
secret_arn = aws_secretsmanager_secret.example.arn
}
tags = {
Name = "example"
Key = "value"
}
}
resource "aws_db_proxy" "example" {
name = "example"
debug_logging = false
engine_family = "MYSQL"
idle_client_timeout = 1800
require_tls = true
role_arn = aws_iam_role.example.arn
vpc_security_group_ids = [aws_security_group.example.id]
vpc_subnet_ids = [aws_subnet.example.id]
auth {
auth_scheme = "SECRETS"
description = "example"
iam_auth = "DISABLED"
secret_arn = aws_secretsmanager_secret.example.arn
}
tags = {
Name = "example"
Key = "value"
}
}
DB Proxy target
resource "aws_db_proxy_default_target_group" "example" {
db_proxy_name = aws_db_proxy.example.name
connection_pool_config {
connection_borrow_timeout = 120
init_query = "SET x=1, y=2"
max_connections_percent = 100
max_idle_connections_percent = 50
session_pinning_filters = ["EXCLUDE_VARIABLE_SETS"]
}
}
關聯 DB Proxy target
resource "aws_db_proxy_target" "example" {
db_instance_identifier = aws_db_instance.example.identifier
db_proxy_name = aws_db_proxy.example.name
target_group_name = aws_db_proxy_default_target_group.example.name
}
aws_db_proxy_endpoint
resource "aws_db_proxy_endpoint" "example" {
db_proxy_name = aws_db_proxy.test.name
db_proxy_endpoint_name = "example"
vpc_subnet_ids = aws_subnet.test[*].id
target_role = "READ_ONLY"
}