Amazon RDS 模板代码段 - Amazon CloudFormation
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon RDS 模板代码段

Amazon RDS 数据库实例资源

此示例显示了使用托管主用户密码的 Amazon RDS 数据库实例资源。有关更多信息,请参阅《Amazon RDS 用户指南》中的使用 Amazon Secrets Manager 管理密码和《Aurora 用户指南》中的使用 Amazon Secrets Manager 管理密码。因为没有指定可选 EngineVersion 属性,所以会将默认引擎版本用于此数据库实例。有关默认引擎版本和其他默认设置的详细信息,请参阅 CreateDBInstance。DBSecurityGroups 属性授权对名为 MyDbSecurityByEC2SecurityGroup 和 MyDbSecurityByCIDRIPGroup 的 AWS::RDS::DBSecurityGroup 资源的网络访问。有关详细信息,请参阅 AWS::RDS::DBInstance。数据库实例资源还有一个设置为 Snapshot 的 DeletionPolicy 属性。在设置了 Snapshot DeletionPolicy 的情况下,Amazon CloudFormation 将在堆栈删除期间在删除此数据库实例之前获取此实例的快照。

JSON

"MyDB" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBSecurityGroups" : [ {"Ref" : "MyDbSecurityByEC2SecurityGroup"}, {"Ref" : "MyDbSecurityByCIDRIPGroup"} ], "AllocatedStorage" : "5", "DBInstanceClass" : "db.t2.small", "Engine" : "MySQL", "MasterUsername" : "MyName", "ManageMasterUserPassword" : true, "MasterUserSecret" : { "KmsKeyId" : {"Ref" : "KMSKey"} } }, "DeletionPolicy" : "Snapshot" }

YAML

MyDB: Type: AWS::RDS::DBInstance Properties: DBSecurityGroups: - Ref: MyDbSecurityByEC2SecurityGroup - Ref: MyDbSecurityByCIDRIPGroup AllocatedStorage: '5' DBInstanceClass: db.t2.small Engine: MySQL MasterUsername: MyName ManageMasterUserPassword: true MasterUserSecret: KmsKeyId: !Ref KMSKey DeletionPolicy: Snapshot

Amazon RDS Oracle Database 数据库实例资源

此示例创建了使用托管主用户密码的 Oracle Database 数据库实例资源。有关更多信息,请参阅《Amazon RDS 用户指南》中的使用 Amazon Secrets Manager 管理密码。此示例使用“自带许可”许可模式将“引擎”指定为 oracle-ee 有关 Oracle Database 数据库实例设置的详细信息,请参阅 CreateDBInstance。DBSecurityGroups 属性授权对名为 MyDbSecurityByEC2SecurityGroup 和 MyDbSecurityByCIDRIPGroup 的 AWS::RDS::DBSecurityGroup 资源的网络访问。有关详细信息,请参阅 AWS::RDS::DBInstance。数据库实例资源还有一个设置为 Snapshot 的 DeletionPolicy 属性。在设置了 Snapshot DeletionPolicy 的情况下,Amazon CloudFormation 将在堆栈删除期间在删除此数据库实例之前获取此实例的快照。

JSON

"MyDB" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBSecurityGroups" : [ {"Ref" : "MyDbSecurityByEC2SecurityGroup"}, {"Ref" : "MyDbSecurityByCIDRIPGroup"} ], "AllocatedStorage" : "5", "DBInstanceClass" : "db.t2.small", "Engine" : "oracle-ee", "LicenseModel" : "bring-your-own-license", "MasterUsername" : "master", "ManageMasterUserPassword" : true, "MasterUserSecret" : { "KmsKeyId" : {"Ref" : "KMSKey"} } }, "DeletionPolicy" : "Snapshot" }

YAML

MyDB: Type: AWS::RDS::DBInstance Properties: DBSecurityGroups: - Ref: MyDbSecurityByEC2SecurityGroup - Ref: MyDbSecurityByCIDRIPGroup AllocatedStorage: '5' DBInstanceClass: db.t2.small Engine: oracle-ee LicenseModel: bring-your-own-license MasterUsername: master ManageMasterUserPassword: true MasterUserSecret: KmsKeyId: !Ref KMSKey DeletionPolicy: Snapshot

适用于 CIDR 范围的 Amazon RDS DBSecurityGroup 资源

此示例显示的是对格式为 ddd.ddd.ddd.ddd/dd 的特定 CIDR 范围有访问权限的 Amazon RDS DBSecurityGroup 资源。有关详细信息,请参阅 AWS::RDS::DBSecurityGroupIngress

JSON

"MyDbSecurityByCIDRIPGroup" : { "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "GroupDescription" : "Ingress for CIDRIP", "DBSecurityGroupIngress" : { "CIDRIP" : "192.168.0.0/32" } } }

YAML

MyDbSecurityByCIDRIPGroup: Type: AWS::RDS::DBSecurityGroup Properties: GroupDescription: Ingress for CIDRIP DBSecurityGroupIngress: CIDRIP: "192.168.0.0/32"

带 Amazon EC2 安全组的 Amazon RDS DBSecurityGroup

此示例显示的是具有 MyEc2SecurityGroup 引用的 Amazon EC2 安全组中的入口授权的 AWS::RDS::DBSecurityGroup 资源。

要执行此操作,您要定义 EC2 安全组,然后使用内部 Ref 函数参考 DBSecurityGroup 内的 EC2 安全组。

JSON

"DBInstance" : { "Type": "AWS::RDS::DBInstance", "Properties": { "DBName" : { "Ref" : "DBName" }, "Engine" : "MySQL", "MasterUsername" : { "Ref" : "DBUsername" }, "DBInstanceClass" : { "Ref" : "DBClass" }, "DBSecurityGroups" : [ { "Ref" : "DBSecurityGroup" } ], "AllocatedStorage" : { "Ref" : "DBAllocatedStorage" }, "MasterUserPassword": { "Ref" : "DBPassword" } } }, "DBSecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "DBSecurityGroupIngress": { "EC2SecurityGroupName": { "Fn::GetAtt": ["WebServerSecurityGroup", "GroupName"] } }, "GroupDescription" : "Frontend Access" } }, "WebServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP access via port 80 and SSH access", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : 22, "ToPort" : 22, "CidrIp" : "0.0.0.0/0"} ] } }

YAML

该示例提取自下面的完整示例:Drupal_Single_Instance_With_RDS.template

DBInstance: Type: AWS::RDS::DBInstance Properties: DBName: Ref: DBName Engine: MySQL MasterUsername: Ref: DBUsername DBInstanceClass: Ref: DBClass DBSecurityGroups: - Ref: DBSecurityGroup AllocatedStorage: Ref: DBAllocatedStorage MasterUserPassword: Ref: DBPassword DBSecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: DBSecurityGroupIngress: EC2SecurityGroupName: Ref: WebServerSecurityGroup GroupDescription: Frontend Access WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 and SSH access SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0

多 VPC 安全组

此示例显示的是具有 AWS::RDS::DBSecurityGroupIngress 中的多个 Amazon EC2 VPC 安全组的入口授权的 AWS::RDS::DBSecurityGroup 资源。

JSON

{ "Resources" : { "DBinstance" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "AllocatedStorage" : "5", "DBInstanceClass" : "db.t2.small", "DBName" : {"Ref": "MyDBName" }, "DBSecurityGroups" : [ { "Ref" : "DbSecurityByEC2SecurityGroup" } ], "DBSubnetGroupName" : { "Ref" : "MyDBSubnetGroup" }, "Engine" : "MySQL", "MasterUserPassword": { "Ref" : "MyDBPassword" }, "MasterUsername" : { "Ref" : "MyDBUsername" } }, "DeletionPolicy" : "Snapshot" }, "DbSecurityByEC2SecurityGroup" : { "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "GroupDescription" : "Ingress for Amazon EC2 security group", "EC2VpcId" : { "Ref" : "MyVPC" }, "DBSecurityGroupIngress" : [ { "EC2SecurityGroupId" : "sg-b0ff1111", "EC2SecurityGroupOwnerId" : "111122223333" }, { "EC2SecurityGroupId" : "sg-ffd722222", "EC2SecurityGroupOwnerId" : "111122223333" } ] } } } }

YAML

Resources: DBinstance: Type: AWS::RDS::DBInstance Properties: AllocatedStorage: '5' DBInstanceClass: db.t2.small DBName: Ref: MyDBName DBSecurityGroups: - Ref: DbSecurityByEC2SecurityGroup DBSubnetGroupName: Ref: MyDBSubnetGroup Engine: MySQL MasterUserPassword: Ref: MyDBPassword MasterUsername: Ref: MyDBUsername DeletionPolicy: Snapshot DbSecurityByEC2SecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: GroupDescription: Ingress for Amazon EC2 security group EC2VpcId: Ref: MyVPC DBSecurityGroupIngress: - EC2SecurityGroupId: sg-b0ff1111 EC2SecurityGroupOwnerId: '111122223333' - EC2SecurityGroupId: sg-ffd722222 EC2SecurityGroupOwnerId: '111122223333'

VPC 安全组中的 Amazon RDS 数据库实例

该示例显示一个与 Amazon EC2 VPC 安全组关联的 Amazon RDS 数据库实例。

JSON

{ "DBEC2SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription": "Open database for access", "SecurityGroupIngress" : [{ "IpProtocol" : "tcp", "FromPort" : 3306, "ToPort" : 3306, "SourceSecurityGroupName" : { "Ref" : "WebServerSecurityGroup" } }] } }, "DBInstance" : { "Type": "AWS::RDS::DBInstance", "Properties": { "DBName" : { "Ref" : "DBName" }, "Engine" : "MySQL", "MultiAZ" : { "Ref": "MultiAZDatabase" }, "MasterUsername" : { "Ref" : "DBUser" }, "DBInstanceClass" : { "Ref" : "DBClass" }, "AllocatedStorage" : { "Ref" : "DBAllocatedStorage" }, "MasterUserPassword": { "Ref" : "DBPassword" }, "VPCSecurityGroups" : [ { "Fn::GetAtt": [ "DBEC2SecurityGroup", "GroupId" ] } ] } } }

YAML

DBEC2SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Open database for access SecurityGroupIngress: - IpProtocol: tcp FromPort: 3306 ToPort: 3306 SourceSecurityGroupName: Ref: WebServerSecurityGroup DBInstance: Type: AWS::RDS::DBInstance Properties: DBName: Ref: DBName Engine: MySQL MultiAZ: Ref: MultiAZDatabase MasterUsername: Ref: DBUser DBInstanceClass: Ref: DBClass AllocatedStorage: Ref: DBAllocatedStorage MasterUserPassword: Ref: DBPassword VPCSecurityGroups: - !GetAtt DBEC2SecurityGroup.GroupId