LoginSignup
0
0
@sincere_networker

AWS Secrets Manager でパスワード管理したAmazon RDS をAWS CLIで作成

Last updated at Posted at 2024-04-21

1.変数設定

コマンド
ENGINE="mysql"
ENGINE_VER=8.0.35
DB_IDENTITY="test-db"
MASTER_NAME="admin"
DB_CLASS="db.t3.micro"
STORAGE_TYPE="gp2"
ALLOW_STORAGE=20
出力
[cloudshell-user@ip-10-132-91-152 ~]$ ENGINE="mysql"
[cloudshell-user@ip-10-132-91-152 ~]$ ENGINE_VER=8.0.35
[cloudshell-user@ip-10-132-91-152 ~]$ DB_IDENTITY="test-db"
[cloudshell-user@ip-10-132-91-152 ~]$ MASTER_NAME="admin"
[cloudshell-user@ip-10-132-91-152 ~]$ DB_CLASS="db.t3.micro"
[cloudshell-user@ip-10-132-91-152 ~]$ STORAGE_TYPE="gp2"
[cloudshell-user@ip-10-132-91-152 ~]$ ALLOW_STORAGE=20

2.データベース作成

コマンド
aws rds create-db-instance \
    --engine ${ENGINE} \
    --engine-version ${ENGINE_VER} \
    --db-instance-identifier ${DB_IDENTITY} \
    --master-username ${MASTER_NAME} \
    --manage-master-user-password \
    --db-instance-class ${DB_CLASS} \
    --storage-type ${STORAGE_TYPE} \
    --allocated-storage ${ALLOW_STORAGE} \
    --no-publicly-accessible \
    --backup-retention-period 0 \
    --no-auto-minor-version-upgrade

オプション説明
--engine:エンジンタイプを指定
--db-instance-identifier:DB インスタンス識別子を指定
--master-username:マスターユーザー名
--manage-master-user-password:AWS Secrets Manager でパスワード管理
--db-instance-clas:DB インスタンスクラス
--storage-type:ストレージタイプ
--allocated-storage:ストレージ割り当て
--no-publicly-accessible:パブリックアクセスなし
--backup-retention-perio:0指定で自動バックアップ無効化
--no-auto-minor-version-upgrad:マイナーバージョン自動アップグレードの無効化

出力
[cloudshell-user@ip-10-132-91-152 ~]$ aws rds create-db-instance \
>     --engine ${ENGINE} \
>     --engine-version ${ENGINE_VER} \
>     --db-instance-identifier ${DB_IDENTITY} \
>     --master-username ${MASTER_NAME} \
>     --manage-master-user-password \
>     --db-instance-class ${DB_CLASS} \
>     --storage-type ${STORAGE_TYPE} \
>     --allocated-storage ${ALLOW_STORAGE} \
>     --no-publicly-accessible \
>     --backup-retention-period 0 \
>     --no-auto-minor-version-upgrade
{
    "DBInstance": {
        "DBInstanceIdentifier": "test-db",
        "DBInstanceClass": "db.t3.micro",
        "Engine": "mysql",
        "DBInstanceStatus": "creating",
        "MasterUsername": "admin",
        "AllocatedStorage": 20,
        "PreferredBackupWindow": "14:40-15:10",
        "BackupRetentionPeriod": 0,
        "DBSecurityGroups": [],
        "VpcSecurityGroups": [
            {
                "VpcSecurityGroupId": "sg-0109570e93f4a220f",
                "Status": "active"
            }
        ],
        "DBParameterGroups": [
            {
                "DBParameterGroupName": "default.mysql8.0",
                "ParameterApplyStatus": "in-sync"
            }
        ],
        "DBSubnetGroup": {
            "DBSubnetGroupName": "default",
            "DBSubnetGroupDescription": "default",
            "VpcId": "vpc-090c14ab4d18c8e0b",
            "SubnetGroupStatus": "Complete",
            "Subnets": [
                {
                    "SubnetIdentifier": "subnet-06dac05f30d70fadf",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1d"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                },
                {
                    "SubnetIdentifier": "subnet-0e58505daeffcca69",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1a"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                },
                {
                    "SubnetIdentifier": "subnet-024f020ed79b42984",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1c"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                }
            ]
        },
        "PreferredMaintenanceWindow": "fri:13:14-fri:13:44",
        "PendingModifiedValues": {},
        "MultiAZ": false,
        "EngineVersion": "8.0.35",
        "AutoMinorVersionUpgrade": false,
        "ReadReplicaDBInstanceIdentifiers": [],
        "LicenseModel": "general-public-license",
        "OptionGroupMemberships": [
            {
                "OptionGroupName": "default:mysql-8-0",
                "Status": "in-sync"
            }
        ],
        "PubliclyAccessible": false,
        "StorageType": "gp2",
        "DbInstancePort": 0,
        "StorageEncrypted": false,
        "DbiResourceId": "db-QRCMH2M5HUUGOVFCA3TOBDX2NI",
        "CACertificateIdentifier": "rds-ca-rsa2048-g1",
        "DomainMemberships": [],
        "CopyTagsToSnapshot": false,
        "MonitoringInterval": 0,
        "DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:test-db",
        "IAMDatabaseAuthenticationEnabled": false,
        "PerformanceInsightsEnabled": false,
        "DeletionProtection": false,
        "AssociatedRoles": [],
        "TagList": [],
        "CustomerOwnedIpEnabled": false,
        "BackupTarget": "region",
        "NetworkType": "IPV4",
        "StorageThroughput": 0,
        "MasterUserSecret": {
            "SecretArn": "arn:aws:secretsmanager:ap-northeast-1:999999999999:secret:rds!db-9445caea-f4de-4a3a-bb5e-ed4c8c00fe42-NN3AH9",
            "SecretStatus": "creating",
            "KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/0c7da2b3-028f-4adc-87d9-58b87893b7b8"
        },
        "CertificateDetails": {
            "CAIdentifier": "rds-ca-rsa2048-g1"
        },
        "DedicatedLogVolume": false
    }
}

3.パスワード確認

変数設定 (シークレッドID)

コマンド
SECRETS_ID=$( \
  aws rds describe-db-instances \
    --db-instance-identifier ${DB_IDENTITY} \
    --query 'DBInstances[].MasterUserSecret[].SecretArn' \
    --output text
) \
&& echo ${SECRETS_ID}
出力
[cloudshell-user@ip-10-130-34-158 ~]$ SECRETS_ID=$( \
>   aws rds describe-db-instances \
>     --db-instance-identifier ${DB_IDENTITY} \
>     --query 'DBInstances[].MasterUserSecret[].SecretArn' \
>     --output text
> ) \
> && echo ${SECRETS_ID}
arn:aws:secretsmanager:ap-northeast-1:999999999999:secret:rds!db-9445caea-f4de-4a3a-bb5e-ed4c8c00fe42-NN3AH9

パスワード確認

コマンド
aws secretsmanager get-secret-value \
  --secret-id ${SECRETS_ID} \
  --query 'SecretString'
出力
[cloudshell-user@ip-10-130-34-158 ~]$ aws secretsmanager get-secret-value \
>   --secret-id ${SECRETS_ID} \
>   --query 'SecretString'
"{\"username\":\"admin\",\"password\":\"OgL$U[~6Won*nXc!Q>COYR._5Bjh\"}"

4.データベース削除

コマンド
aws rds delete-db-instance \
  --db-instance-identifier ${DB_IDENTITY} \
  --skip-final-snapshot
出力
[cloudshell-user@ip-10-130-34-158 ~]$ aws rds delete-db-instance --db-instance-identifier ${DB_IDENTITY} --skip-final-snapshot
{
    "DBInstance": {
        "DBInstanceIdentifier": "test-db",
        "DBInstanceClass": "db.t3.micro",
        "Engine": "mysql",
        "DBInstanceStatus": "deleting",
        "MasterUsername": "admin",
        "Endpoint": {
            "Address": "test-db.clacqicsiqrt.ap-northeast-1.rds.amazonaws.com",
            "Port": 3306,
            "HostedZoneId": "Z24O6O9L7SGTNB"
        },
        "AllocatedStorage": 20,
        "InstanceCreateTime": "2024-04-21T14:22:48.960000+00:00",
        "PreferredBackupWindow": "14:40-15:10",
        "BackupRetentionPeriod": 0,
        "DBSecurityGroups": [],
        "VpcSecurityGroups": [
            {
                "VpcSecurityGroupId": "sg-0109570e93f4a220f",
                "Status": "active"
            }
        ],
        "DBParameterGroups": [
            {
                "DBParameterGroupName": "default.mysql8.0",
                "ParameterApplyStatus": "in-sync"
            }
        ],
        "AvailabilityZone": "ap-northeast-1c",
        "DBSubnetGroup": {
            "DBSubnetGroupName": "default",
            "DBSubnetGroupDescription": "default",
            "VpcId": "vpc-090c14ab4d18c8e0b",
            "SubnetGroupStatus": "Complete",
            "Subnets": [
                {
                    "SubnetIdentifier": "subnet-06dac05f30d70fadf",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1d"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                },
                {
                    "SubnetIdentifier": "subnet-0e58505daeffcca69",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1a"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                },
                {
                    "SubnetIdentifier": "subnet-024f020ed79b42984",
                    "SubnetAvailabilityZone": {
                        "Name": "ap-northeast-1c"
                    },
                    "SubnetOutpost": {},
                    "SubnetStatus": "Active"
                }
            ]
        },
        "PreferredMaintenanceWindow": "fri:13:14-fri:13:44",
        "PendingModifiedValues": {},
        "MultiAZ": false,
        "EngineVersion": "8.0.35",
        "AutoMinorVersionUpgrade": false,
        "ReadReplicaDBInstanceIdentifiers": [],
        "LicenseModel": "general-public-license",
        "OptionGroupMemberships": [
            {
                "OptionGroupName": "default:mysql-8-0",
                "Status": "in-sync"
            }
        ],
        "PubliclyAccessible": false,
        "StorageType": "gp2",
        "DbInstancePort": 0,
        "StorageEncrypted": false,
        "DbiResourceId": "db-QRCMH2M5HUUGOVFCA3TOBDX2NI",
        "CACertificateIdentifier": "",
        "DomainMemberships": [],
        "CopyTagsToSnapshot": false,
        "MonitoringInterval": 0,
        "DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:test-db",
        "IAMDatabaseAuthenticationEnabled": false,
        "PerformanceInsightsEnabled": false,
        "DeletionProtection": false,
        "AssociatedRoles": [],
        "TagList": [],
        "CustomerOwnedIpEnabled": false,
        "BackupTarget": "region",
        "NetworkType": "IPV4",
        "StorageThroughput": 0,
        "MasterUserSecret": {
            "SecretArn": "arn:aws:secretsmanager:ap-northeast-1:999999999999:secret:rds!db-9445caea-f4de-4a3a-bb5e-ed4c8c00fe42-NN3AH9",
            "SecretStatus": "active",
            "KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/0c7da2b3-028f-4adc-87d9-58b87893b7b8"
        },
        "DedicatedLogVolume": false
    }
}

参照

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0