EVENT
RDSを作成していく
SOLUTION
前回の続き
使用したリソース
-
aws_db_instance
データベースインスタンスを作成する。RDS本体的なやつ -
aws_db_subnet_group
RDSインスタンスをサブネットに配置するために必要なやつ。
基本的にRDSはプライベートサブネットに配置するべき認識
フォルダ構成
- /main.tf
# DB Subnet Group (RDSは複数のAZにまたがるプライベートサブネットに配置)
resource "aws_db_subnet_group" "main" {
name = "${var.project_name}-${var.environment}-db-subnet-group"
subnet_ids = var.private_subnet_ids
tags = {
name = "${var.project_name}-${var.environment}-db-subnet-group"
environment = var.environment
}
}
resource "aws_db_instance" "main" {
identifier = "${var.project_name}-${var.environment}-db"
engine = var.db_engine
engine_version = var.db_engine_version
instance_class = var.db_instance_class
allocated_storage = var.db_allocated_storage
storage_type = "gp2"
db_name = var.db_name
username = var.db_username
password = var.db_password
port = var.db_port
vpc_security_group_ids = [var.security_group_id]
db_subnet_group_name = aws_db_subnet_group.main.name
skip_final_snapshot = true # 本番環境ではfalseにすべき
multi_az = var.multi_az
publicly_accessible = false # プライベートサブネットに配置するためfalse
tags = {
Name = "${var.project_name}-${var.environment}-db"
Environment = var.environment
}
}
- /outputs.tf
output "db_instance_endpoint" {
description = "The connection endpoint for the RDS instance."
value = aws_db_instance.main.address
}
output "db_instance_port" {
description = "The port of the RDS instance."
value = aws_db_instance.main.port
}
- /variables.tf
variable "project_name" {
description = "Project name tag."
type = string
}
variable "environment" {
description = "Deployment environment (e.g., dev, prd)."
type = string
}
variable "private_subnet_ids" {
description = "List of private subnet IDs for the DB subnet group."
type = list(string)
}
variable "security_group_id" {
description = "The ID of the security group to attach to the RDS instance."
type = string
}
variable "db_engine" {
description = "The database engine to use (e.g., mysql, postgres)."
type = string
}
variable "db_engine_version" {
description = "The version of the database engine."
type = string
}
variable "db_instance_class" {
description = "The instance type for the RDS instance."
type = string
}
variable "db_allocated_storage" {
description = "The allocated storage in GB for the DB instance."
type = number
}
variable "db_name" {
description = "The database name."
type = string
}
variable "db_username" {
description = "The master username for the database."
type = string
}
variable "db_password" {
description = "The master password for the database."
type = string
sensitive = true # パスワードは機密情報として扱う
}
variable "db_port" {
description = "The port for the database (e.g., 3306 for MySQL, 5432 for PostgreSQL)."
type = number
}
variable "multi_az" {
description = "Specifies if the DB instance is Multi-AZ."
type = bool
default = false # 開発環境ではfalse, 本番環境ではtrueを推奨
}
- ~/dev/main.tf
module "rds" {
source = "../../modules/rds"
project_name = var.project_name
environment = "dev"
private_subnet_ids = module.vpc.private_subnet_ids
security_group_id = module.security_group.rds_security_group_id
db_engine = "mysql" # または "postgres"
db_engine_version = "8.0" # または "15.4" (PostgreSQLの場合)
db_instance_class = "db.t3.micro"
db_allocated_storage = 5
db_name = "${var.project_name}_dev_db"
db_username = "admin"
db_password = "DEV_PASSWORD" # 本番環境ではTerraform Vaultなどを使うべき
db_port = 3306
multi_az = false # 開発環境では通常false
}
- ~/dev/outputs.tf
output "rds_endpoint" {
value = module.rds.db_instance_endpoint
}
- ~/dev/variables.tf
# RDSのパスワードは環境変数などで渡すか、Terraform Vaultなど使用
variable "rds_password" {
description = "Password for the RDS database."
type = string
sensitive = true
}
- 動作確認
コンソール確認は省いて、EC2-RDSへの接続確認をしました。