My Note

自己理解のためのブログ

TerraformでAWSの環境構築 ( RDS )

やったこと

Terraformを利用してAWS環境を構築する。 terraformを使って、dev/stgはシングル構成で、prodはマルチAZ構成のauroraクラスタを構築する。 Envはworkspaceをして使い分ける。

■ 改修版 ( ssmパラメータの利用 )はこちらです。

yhidetoshi.hatenablog.com

実行環境

$ terraform --version

Terraform v0.11.11
+ provider.aws v1.60.0

■ .zshrc

・・・
# home/bin
export PATH=$HOME/bin:$PATH
・・・
$ which terraform
/Users/hidetoshi/bin/terraform

Env ( workspace ) について

workspaceで実行環境を分離することができる。Env毎に tfsate ファイルが作成される

$ terraform workspace help

Usage: terraform workspace

  New, list, select and delete Terraform workspaces.

今回は以下のように3つのEnvを作成した

  • $ terraform workspace list
  default
  dev
  prod
* stg
  • 実行したTerraformのディレクトリ構成
    • tfvars.tfAWSのクレデンシャルを設定した
    • modules 配下に resource を定義
    • ディレクトリ直下に module を定義
    • terraform.tfstate.d 配下にEnvごとのtfstateファイルが作成される

ディレクトリ構造

├── modules
│   ├── rds
│   │   └── aurora-mysql
│   │       └── main.tf
├── rds.tf

module側

variable "availability_zone_prod" {
  default = ["ap-northeast-1c", "ap-northeast-1d"]
}

variable "availability_zone_stg" {
  default = ["ap-northeast-1c"]
}

variable "availability_zone_dev" {
  default = ["ap-northeast-1c"]
}

locals {
  master_password_prod = "password_prod"
  master_password_stg  = "password_stg"
  master_password_dev  = "password_dev"

  instance_class_prod = "db.r4.large"
  instance_class_stg  = "db.t2.medium"
  instance_class_dev  = "db.t2.medium"
  availability_zone   = "${split(",",(terraform.workspace == "prod" && terraform.workspace != "stg" && terraform.workspace != "dev") ? join(",", var.availability_zone_prod): join(",",var.availability_zone_dev))}"
}

module "create-aurora-mysql" {
  source                                = "./modules/rds/aurora-mysql"
  description                           = "for app"
  cluster_identifier                    = "app-db-${terraform.workspace}-cluster"
  identifier                            = "app-db-${terraform.workspace}"
  database_name                         = "app"
  master_username                       = "root"
  engine                                = "aurora-mysql"
  engine_version                        = "5.7.12"
  vpc_security_group_ids                = ["sg-xxxxx"]
  db_subnet_group_name                  = "app_db"
  db_subnet_ids                         = ["subnet-xxxxx", "subnet-xxxxx"]
  db_parameter_group_name               = "app-aurora57"
  db_parameter_group_family             = "aurora-mysql5.7"
  cluster_parameter_group_name          = "app-cluster-aurora57"
  cluster_parameter_group_family        = "aurora-mysql5.7"
  preferred_maintenance_window_instance = "sun:19:00-sun:19:30"
  preferred_backup_window_cluster       = "20:06-20:36"
  preferred_maintenance_window_cluster  = "sun:19:00-sun:19:30"
  final_snapshot_identifier             = true
  backup_retention_period               = 7
  auto_minor_version_upgrade            = true
  publicly_accessible                   = false
  master_password                       = "${terraform.workspace == "prod" ? local.master_password_prod : terraform.workspace == "stg" ? local.master_password_stg :local.master_password_dev }"
  instance_class                        = "${terraform.workspace == "prod" ? local.instance_class_prod : terraform.workspace == "stg" ? local.instance_class_stg :local.instance_class_dev }"
  availability_zone                     = "${split(",",(terraform.workspace != "prod" && terraform.workspace == "stg" && terraform.workspace != "dev") ? join(",", var.availability_zone_stg): join(",",local.availability_zone))}"
  storage_encrypted                     = "${terraform.workspace == "prod" ? true : false}"
}

resource側

variable "instance_class" {}
variable "description" {}
variable "identifier" {}
variable "cluster_identifier" {}
variable "database_name" {}
variable "master_username" {}
variable "master_password" {}

variable "availability_zone" {
  default = []
}

variable "vpc_security_group_ids" {
  default = []
}

variable "engine" {}
variable "engine_version" {}
variable "db_subnet_group_name" {}

variable "db_subnet_ids" {
  default = []
}

variable "db_parameter_group_name" {}
variable "db_parameter_group_family" {}
variable "cluster_parameter_group_name" {}
variable "cluster_parameter_group_family" {}
variable "preferred_backup_window_cluster" {}
variable "preferred_maintenance_window_cluster" {}
variable "preferred_maintenance_window_instance" {}
variable "final_snapshot_identifier" {}
variable "backup_retention_period" {}
variable "auto_minor_version_upgrade" {}
variable "publicly_accessible" {}

variable "storage_encrypted" {}


resource "aws_rds_cluster" "aurora_cluster" {
  cluster_identifier              = "${var.cluster_identifier}"
  availability_zones              = "${var.availability_zone}"
  database_name                   = "${var.database_name}"
  engine                          = "${var.engine}"
  master_username                 = "${var.master_username}"
  master_password                 = "${var.master_password}"
  db_cluster_parameter_group_name = "${var.cluster_parameter_group_name}"
  db_subnet_group_name            = "${aws_db_subnet_group.default.name}"
  vpc_security_group_ids          = ["${var.vpc_security_group_ids}"]
  preferred_backup_window         = "${var.preferred_backup_window_cluster}"
  preferred_maintenance_window    = "${var.preferred_maintenance_window_cluster}"
  final_snapshot_identifier       = "${var.final_snapshot_identifier}"
  backup_retention_period         = "${var.backup_retention_period}"
  storage_encrypted            = "${var.storage_encrypted}"
}

resource "aws_rds_cluster_instance" "cluster_instances" {
  count                        = "${length(var.availability_zone)}"
  identifier                   = "${var.identifier}-${count.index+1}"
  cluster_identifier           = "${aws_rds_cluster.aurora_cluster.id}"
  instance_class               = "${var.instance_class}"
  engine                       = "${var.engine}"
  db_subnet_group_name         = "${aws_db_subnet_group.default.name}"
  db_parameter_group_name      = "${var.db_parameter_group_name}"
  auto_minor_version_upgrade   = "${var.auto_minor_version_upgrade}"
  publicly_accessible          = "${var.publicly_accessible}"
  preferred_maintenance_window = "${var.preferred_maintenance_window_instance}"
}

resource "aws_db_subnet_group" "default" {
  name        = "${var.db_subnet_group_name}"
  subnet_ids  = "${var.db_subnet_ids}"
  description = "${var.description}"
}

resource "aws_db_parameter_group" "default" {
  name        = "${var.db_parameter_group_name}"
  family      = "${var.db_parameter_group_family}"
  description = "${var.description}"
}

resource "aws_rds_cluster_parameter_group" "default" {
  name        = "${var.cluster_parameter_group_name}"
  family      = "${var.cluster_parameter_group_family}"
  description = "${var.description}"
}

まとめ

terraformを使って、dev/stgはシングル構成で、prodはマルチAZ構成のauroraクラスタを構築した。 password等はssmパラメータストアを利用して取得するようにしたい。