【CloudFormation】RDSを作成する/外部設定ファイルからパラメーターを読み込む【8:43】
・この講座はCloudFormationの応用操作を扱ったものです。SAA試験の取得を優先されている方などはスキップしていただいて構いません。
■Stack.yml
*AWSアップデートに合わせて以下箇所を動画と変更しております。ご了承ください。
EngineVersion: 8.0
DBInstanceClass: db.t3.micro
AWSTemplateFormatVersion: "2010-09-09"
Description: CloudTechDemo
Parameters:
DatabasePassword:
Type: String
Description: Database password
NoEcho: "true"
ApplicationSubnets:
Type: List<AWS::EC2::Subnet::Id>
Description: Target subnets
VpcId:
Type: AWS::EC2::VPC::Id
Description: Target VPC
DBinboundCidrIPs:
Type: String
Description: SecurityGroupInboundIP
Resources:
ApplicationDatabase:
Type: AWS::RDS::DBInstance
Properties:
Engine: MySQL
EngineVersion: 8.0
DBInstanceClass: db.t3.micro
AllocatedStorage: 10
StorageType: gp2
MasterUsername: CloudTech
MasterUserPassword:
Ref: DatabasePassword
DBName: CloudTech
VPCSecurityGroups:
- !Ref ApplicationDatabaseSecurityGroup
DBSubnetGroupName: !Ref ApplicationDatabaseSubnetGroup
MultiAZ: "false"
AvailabilityZone: !Sub ${AWS::Region}a
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-db
ApplicationDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Application Database Subnet Group
SubnetIds: !Ref ApplicationSubnets
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-db-subnet-group
ApplicationDatabaseSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub ${AWS::StackName} Application Database Security Group
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
CidrIp: !Ref DBinboundCidrIPs
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-db-sg■dev.cfg(各自の環境に合わせて置き換えてください)
DatabasePassword=Thisispassword123!#$%
ApplicationSubnets=subnet-0791ad96ce7a109ea,subnet-09185025781affa32
VpcId=vpc-09f13cc71120d5cca
DBinboundCidrIPs=172.31.16.0/20■実行コマンド
aws cloudformation deploy –template-file stack.yaml –stack-name RDSmySQLcreate –parameter-overrides $(cat dev.cfg)
■参考
組み込み関数 Fn::Subの説明(公式ドキュメント)
AWS::RDS::DBInstance リソースの説明(公式ドキュメント)