LoginSignup
11

More than 5 years have passed since last update.

TerraformでRDSを構築する作業のメモ

Last updated at Posted at 2016-10-22

terraformのインストール

$ brew install terraform
==> Downloading https://homebrew.bintray.com/bottles/terraform-0.6.8.el_capitan.
######################################################################## 100.0%
==> Pouring terraform-0.6.8.el_capitan.bottle.tar.gz
🍺  /usr/local/Cellar/terraform/0.6.8: 29 files, 455M

作業用ディレクトリを作成

$ mkdir aws_terraform
$ cd aws_terraform/
$ pwd
/Users/labeneko/Projects/aws_terraform

AWSにアクセスするための設定ファイルを作成

  • 適当なIAMユーザを作成し、 とりあえず AdministratorAccess ポリシーをアタッチしておきます(本当は必要な権限のみ割り振るのが良い)
variable.tf
provider "aws" {
  region     = "ap-northeast-1"
  access_key = "******"
  secret_key = "******"
}

VPC の作成

  • 自分専用のプライベート空間
vpc.tf
resource "aws_vpc" "tf_vpc" {
    cidr_block           = "10.0.0.0/16"
    instance_tenancy     = "default"
    enable_dns_support   = true
    enable_dns_hostnames = true
    tags {
        Name = "tf_vpc"
    }
}
  • 実行されたらどうなるかを確認するために、 terraform plan を実行します
$ terraform plan
Refreshing Terraform state prior to plan...


The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_vpc.tf_vpc
    cidr_block:                "" => "10.0.0.0/16"
    default_network_acl_id:    "" => "<computed>"
    default_security_group_id: "" => "<computed>"
    dhcp_options_id:           "" => "<computed>"
    enable_dns_hostnames:      "" => "1"
    enable_dns_support:        "" => "1"
    instance_tenancy:          "" => "default"
    main_route_table_id:       "" => "<computed>"
    tags.#:                    "" => "1"
    tags.Name:                 "" => "tf_vpc"


Plan: 1 to add, 0 to change, 0 to destroy.
  • うまくできそうです。 terraform apply で実行します
$ terraform apply
aws_vpc.tf_vpc: Creating...
  cidr_block:                "" => "10.0.0.0/16"
  default_network_acl_id:    "" => "<computed>"
  default_security_group_id: "" => "<computed>"
  dhcp_options_id:           "" => "<computed>"
  enable_dns_hostnames:      "" => "1"
  enable_dns_support:        "" => "1"
  instance_tenancy:          "" => "default"
  main_route_table_id:       "" => "<computed>"
  tags.#:                    "" => "1"
  tags.Name:                 "" => "tf_vpc"
aws_vpc.tf_vpc: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate
  • 無事実行できました

subnetの作成

  • vpc_idには ${aws_vpc.tf_vpc.id} のように書いておくと、いろいろと解決して値を入れてくれるとのこと
subnet.tf
resource "aws_subnet" "private_db1" {
    vpc_id            = "${aws_vpc.tf_vpc.id}"
    cidr_block        = "10.0.1.0/24"
    availability_zone = "ap-northeast-1a"
    tags {
        Name = "tf_private_db1"
    }
}

resource "aws_subnet" "private_db2" {
    vpc_id            = "${aws_vpc.tf_vpc.id}"
    cidr_block        = "10.0.2.0/24"
    availability_zone = "ap-northeast-1c"
    tags {
        Name = "tf_private_db2"
    }
}
  • そして terraform apply で実行します

セキュリティグループの作成

  • インバウンドトラフィックとアウトバウンドトラフィックを管理します
security_group.tf
resource "aws_security_group" "db" {
    name        = "db_server"
    description = "It is a security group on db of tf_vpc."
    vpc_id      = "${aws_vpc.tf_vpc.id}"
    tags {
        Name = "tf_db"
    }
}

resource "aws_security_group_rule" "db" {
    type                     = "ingress"
    from_port                = 3306
    to_port                  = 3306
    protocol                 = "tcp"
    cidr_blocks              = ["0.0.0.0/0"]
    security_group_id        = "${aws_security_group.db.id}"
}
  • 実行します

DBサブネットグループの設定

  • RDS から VPC を利用するために設定するとのこと
db_subnet_group.tf
resource "aws_db_subnet_group" "main" {
    name        = "tf_dbsubnet"
    description = "It is a DB subnet group on tf_vpc."
    subnet_ids  = ["${aws_subnet.private_db1.id}", "${aws_subnet.private_db2.id}"]
    tags {
        Name = "tf_dbsubnet"
    }
}
  • 実行します

DBのデフォルトパラメータを指定

  • タイムゾーンとか
db_parameter_group.tf
resource "aws_db_parameter_group" "default" {
    name = "rds-pg"
    family = "mysql5.7"
    description = "Managed by Terraform"

    parameter {
      name = "time_zone"
      value = "Asia/Tokyo"
    }
}

DBインスタンスの作成

resource "aws_db_instance" "db" {
    identifier              = "dbinstance"
    allocated_storage       = 5
    engine                  = "mysql"
    engine_version          = "5.7.11"
    instance_class          = "db.t2.micro"
    storage_type            = "gp2"
    username                = "***"
    password                = "***"
    publicly_accessible     = true
    backup_retention_period = 1
    vpc_security_group_ids  = ["${aws_security_group.db.id}"]
    db_subnet_group_name    = "${aws_db_subnet_group.main.name}"
}
  • 実行します

修正予定

  • useridとpasswordを直に書きすぎなので設定ファイルに移動

参考

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
11