TerraformでAWSの環境構築 ( RDS )
やったこと
Terraformを利用してAWS環境を構築する。
terraformを使って、dev/stgはシングル構成で、prodはマルチAZ構成のauroraクラスタを構築する。
Envはworkspace
をして使い分ける。
■ 改修版 ( ssmパラメータの利用 )はこちらです。
実行環境
■ $ terraform --version
Terraform v0.11.11 + provider.aws v1.60.0
- MacOS(10.14.3)
■ .zshrc
・・・ # home/bin export PATH=$HOME/bin:$PATH ・・・
$ which terraform /Users/hidetoshi/bin/terraform
Env ( workspace ) について
workspaceで実行環境を分離することができる。Env毎に tfsate
ファイルが作成される
$ terraform workspace help
Usage: terraform workspace New, list, select and delete Terraform workspaces.
今回は以下のように3つのEnvを作成した
$ terraform workspace list
default dev prod * stg
- 実行したTerraformのディレクトリ構成
■ ディレクトリ構造
├── modules │ ├── rds │ │ └── aurora-mysql │ │ └── main.tf ├── rds.tf
module側
variable "availability_zone_prod" { default = ["ap-northeast-1c", "ap-northeast-1d"] } variable "availability_zone_stg" { default = ["ap-northeast-1c"] } variable "availability_zone_dev" { default = ["ap-northeast-1c"] } locals { master_password_prod = "password_prod" master_password_stg = "password_stg" master_password_dev = "password_dev" instance_class_prod = "db.r4.large" instance_class_stg = "db.t2.medium" instance_class_dev = "db.t2.medium" availability_zone = "${split(",",(terraform.workspace == "prod" && terraform.workspace != "stg" && terraform.workspace != "dev") ? join(",", var.availability_zone_prod): join(",",var.availability_zone_dev))}" } module "create-aurora-mysql" { source = "./modules/rds/aurora-mysql" description = "for app" cluster_identifier = "app-db-${terraform.workspace}-cluster" identifier = "app-db-${terraform.workspace}" database_name = "app" master_username = "root" engine = "aurora-mysql" engine_version = "5.7.12" vpc_security_group_ids = ["sg-xxxxx"] db_subnet_group_name = "app_db" db_subnet_ids = ["subnet-xxxxx", "subnet-xxxxx"] db_parameter_group_name = "app-aurora57" db_parameter_group_family = "aurora-mysql5.7" cluster_parameter_group_name = "app-cluster-aurora57" cluster_parameter_group_family = "aurora-mysql5.7" preferred_maintenance_window_instance = "sun:19:00-sun:19:30" preferred_backup_window_cluster = "20:06-20:36" preferred_maintenance_window_cluster = "sun:19:00-sun:19:30" final_snapshot_identifier = true backup_retention_period = 7 auto_minor_version_upgrade = true publicly_accessible = false master_password = "${terraform.workspace == "prod" ? local.master_password_prod : terraform.workspace == "stg" ? local.master_password_stg :local.master_password_dev }" instance_class = "${terraform.workspace == "prod" ? local.instance_class_prod : terraform.workspace == "stg" ? local.instance_class_stg :local.instance_class_dev }" availability_zone = "${split(",",(terraform.workspace != "prod" && terraform.workspace == "stg" && terraform.workspace != "dev") ? join(",", var.availability_zone_stg): join(",",local.availability_zone))}" storage_encrypted = "${terraform.workspace == "prod" ? true : false}" }
resource側
variable "instance_class" {} variable "description" {} variable "identifier" {} variable "cluster_identifier" {} variable "database_name" {} variable "master_username" {} variable "master_password" {} variable "availability_zone" { default = [] } variable "vpc_security_group_ids" { default = [] } variable "engine" {} variable "engine_version" {} variable "db_subnet_group_name" {} variable "db_subnet_ids" { default = [] } variable "db_parameter_group_name" {} variable "db_parameter_group_family" {} variable "cluster_parameter_group_name" {} variable "cluster_parameter_group_family" {} variable "preferred_backup_window_cluster" {} variable "preferred_maintenance_window_cluster" {} variable "preferred_maintenance_window_instance" {} variable "final_snapshot_identifier" {} variable "backup_retention_period" {} variable "auto_minor_version_upgrade" {} variable "publicly_accessible" {} variable "storage_encrypted" {} resource "aws_rds_cluster" "aurora_cluster" { cluster_identifier = "${var.cluster_identifier}" availability_zones = "${var.availability_zone}" database_name = "${var.database_name}" engine = "${var.engine}" master_username = "${var.master_username}" master_password = "${var.master_password}" db_cluster_parameter_group_name = "${var.cluster_parameter_group_name}" db_subnet_group_name = "${aws_db_subnet_group.default.name}" vpc_security_group_ids = ["${var.vpc_security_group_ids}"] preferred_backup_window = "${var.preferred_backup_window_cluster}" preferred_maintenance_window = "${var.preferred_maintenance_window_cluster}" final_snapshot_identifier = "${var.final_snapshot_identifier}" backup_retention_period = "${var.backup_retention_period}" storage_encrypted = "${var.storage_encrypted}" } resource "aws_rds_cluster_instance" "cluster_instances" { count = "${length(var.availability_zone)}" identifier = "${var.identifier}-${count.index+1}" cluster_identifier = "${aws_rds_cluster.aurora_cluster.id}" instance_class = "${var.instance_class}" engine = "${var.engine}" db_subnet_group_name = "${aws_db_subnet_group.default.name}" db_parameter_group_name = "${var.db_parameter_group_name}" auto_minor_version_upgrade = "${var.auto_minor_version_upgrade}" publicly_accessible = "${var.publicly_accessible}" preferred_maintenance_window = "${var.preferred_maintenance_window_instance}" } resource "aws_db_subnet_group" "default" { name = "${var.db_subnet_group_name}" subnet_ids = "${var.db_subnet_ids}" description = "${var.description}" } resource "aws_db_parameter_group" "default" { name = "${var.db_parameter_group_name}" family = "${var.db_parameter_group_family}" description = "${var.description}" } resource "aws_rds_cluster_parameter_group" "default" { name = "${var.cluster_parameter_group_name}" family = "${var.cluster_parameter_group_family}" description = "${var.description}" }
まとめ
terraformを使って、dev/stgはシングル構成で、prodはマルチAZ構成のauroraクラスタを構築した。 password等はssmパラメータストアを利用して取得するようにしたい。