Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save sakamaki-kazuyoshi/589b1225746d21033f90033002ab1531 to your computer and use it in GitHub Desktop.
Save sakamaki-kazuyoshi/589b1225746d21033f90033002ab1531 to your computer and use it in GitHub Desktop.
Amazon Aurora test environment
AWSTemplateFormatVersion: '2010-09-09'
Description: Amazon Aurora test environment
# ------------------------------------------------------------#
# Input Parameters
# ------------------------------------------------------------#
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "Global Configuration"
Parameters:
- ProjectName
- Label:
default: "EC2 Configuration"
Parameters:
- EC2KeyPair
- EC2ImageId
- SecurityGroupInboudRule
- Label:
default: "RDS Configuration"
Parameters:
- MasterUsername
- MasterPassword
- EnableReadReplica
Parameters:
ProjectName:
Type: String
Default: 'test'
Description: The prefix to give to the resource.
MasterUsername:
Type: String
Default: 'admin'
Description: Please input RDS(Aurora) master user name.
MasterPassword:
Type: String
Default: 'password'
Description: Please input RDS(Aurora) master user password.
NoEcho: true
SecurityGroupInboudRule:
Type: String
Default: '0.0.0.0/0'
Description: Please input inbound rules for RDS client server.
EC2KeyPair:
Type: AWS::EC2::KeyPair::KeyName
EC2ImageId:
Type: AWS::SSM::Parameter::Value<String>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
EnableReplica:
Description: Enable RDS(Aurora) Replica.
Type: String
Default: false
AllowedValues: [true, false]
# ------------------------------------------------------------#
# Conditions
# ------------------------------------------------------------#
Conditions:
EnableReplica:
!Equals [true, !Ref EnableReplica]
# ------------------------------------------------------------#
# Resources
# ------------------------------------------------------------#
Resources:
# ------------------------------------------------------------#
# VPC
# ------------------------------------------------------------#
vpc:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: !Sub ${ProjectName}-vpc
# ------------------------------------------------------------#
# Internet Gateway
# ------------------------------------------------------------#
internetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Name
Value: !Sub ${ProjectName}-igw
igwAttachVpc:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref internetGateway
VpcId: !Ref vpc
# ------------------------------------------------------------#
# Subnet
# ------------------------------------------------------------#
publicSubnetA:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref vpc
AvailabilityZone: 'ap-northeast-1a'
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: 'true'
Tags:
- Key: Name
Value: !Sub ${ProjectName}-public-subnet-a
publicSubnetC:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref vpc
AvailabilityZone: 'ap-northeast-1c'
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: 'true'
Tags:
- Key: Name
Value: !Sub ${ProjectName}-public-subnet-c
privateSubnetA:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref vpc
AvailabilityZone: 'ap-northeast-1a'
CidrBlock: 10.0.3.0/24
Tags:
- Key: Name
Value: !Sub ${ProjectName}-private-subnet-a
privateSubnetC:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref vpc
AvailabilityZone: 'ap-northeast-1c'
CidrBlock: 10.0.4.0/24
Tags:
- Key: Name
Value: !Sub ${ProjectName}-private-subnet-c
# ------------------------------------------------------------#
# RouteTable
# ------------------------------------------------------------#
publicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref vpc
Tags:
- Key: Name
Value: !Sub ${ProjectName}-public-rtb
privateRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref vpc
Tags:
- Key: Name
Value: !Sub ${ProjectName}-private-rtb
routeAddInternetGateway:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref internetGateway
RouteTableId: !Ref publicRouteTable
associatePublicSubnetAToPublicRouteTable:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref publicRouteTable
SubnetId: !Ref publicSubnetA
associatePublicSubnetCToPublicRouteTable:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref publicRouteTable
SubnetId: !Ref publicSubnetC
associatePrivateSubnetAToProtectRouteTable:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref privateRouteTable
SubnetId: !Ref privateSubnetA
associatePrivateSubnetCToProtectRouteTable:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref privateRouteTable
SubnetId: !Ref privateSubnetC
# ------------------------------------------------------------#
# Securitygroup
# ------------------------------------------------------------#
rdsClientSecuritygroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub ${ProjectName}-rds-client-sg
GroupDescription: Security group for RDS Client Server
VpcId: !Ref vpc
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Sub ${SecurityGroupInboudRule}
Tags:
- Key: Name
Value: !Sub ${ProjectName}-rds-client-sg
rdsSecuritygroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub ${ProjectName}-rds-sg
GroupDescription: Security group for RDS
VpcId: !Ref vpc
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !Ref rdsClientSecuritygroup
Description: 'from RDS Client Server'
Tags:
- Key: Name
Value: !Sub ${ProjectName}-rds-sg
# ------------------------------------------------------------#
# RDS
# ------------------------------------------------------------#
auroraDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnets available for the RDS DB Instance
SubnetIds:
- !Ref privateSubnetA
- !Ref privateSubnetC
Tags:
- Key: Name
Value: !Sub ${ProjectName}-SubnetGroup
auroraDBClusterParameterGroup:
Type: AWS::RDS::DBClusterParameterGroup
Properties:
Family: "aurora-mysql5.7"
Description: "Aurora(MySQL 5.7) DBCluster ParameterGroup"
Parameters:
time_zone: "Asia/Tokyo"
general_log: 1
server_audit_logging: 1
server_audit_events: "Connect,Query,Query_DCL,Query_DDL,Query_DML,Table"
slow_query_log: 1
auroraOptionGroup:
Type: "AWS::RDS::OptionGroup"
Properties:
EngineName: "aurora-mysql"
MajorEngineVersion: "5.7"
OptionGroupDescription: "Aurora(MySQL 5.7) OptionGroup"
Tags:
- Key: Name
Value: Test-Aurora-57db-OptionGroup
auroraDBParameterGroup:
Type: AWS::RDS::DBParameterGroup
Properties:
Family: "aurora-mysql5.7"
Description: "Aurora(MySQL 5.7) Instance ParameterGroup"
auroraDBCluster:
Type: AWS::RDS::DBCluster
Properties:
BackupRetentionPeriod: 1
DatabaseName: test_database
DBClusterIdentifier: !Sub ${ProjectName}-aurora-cluster
DBClusterParameterGroupName: !Ref auroraDBClusterParameterGroup
DBSubnetGroupName: !Ref auroraDBSubnetGroup
Engine: aurora-mysql
MasterUsername: !Ref MasterUsername
MasterUserPassword: !Ref MasterPassword
Port: 3306
PreferredBackupWindow: "19:00-19:30" #JST AM 4:00
PreferredMaintenanceWindow: "sat:18:00-sat:18:30" #JST 日曜 AM 3:00
EnableCloudwatchLogsExports:
- general
- error
- slowquery
- audit
VpcSecurityGroupIds:
- Ref: rdsSecuritygroup
Tags:
- Key: Name
Value: !Sub ${ProjectName}-aurora-cluster
auroraMasterInstance:
Type: "AWS::RDS::DBInstance"
Properties:
AutoMinorVersionUpgrade: False
AvailabilityZone: ap-northeast-1a
DBInstanceClass: db.t3.small
DBInstanceIdentifier: !Sub ${ProjectName}-aurora-master-instance
DBClusterIdentifier: !Ref auroraDBCluster
DBSubnetGroupName: !Ref auroraDBSubnetGroup
Engine: aurora-mysql
OptionGroupName: !Ref auroraOptionGroup
DBParameterGroupName: !Ref auroraDBParameterGroup
PubliclyAccessible: False
Tags:
- Key: Name
Value: !Sub ${ProjectName}-aurora-master-instance
auroraReplicaInstance:
Type: "AWS::RDS::DBInstance"
Condition: EnableReplica
Properties:
AutoMinorVersionUpgrade: False
AvailabilityZone: ap-northeast-1c
DBInstanceClass: db.t3.small
DBInstanceIdentifier: !Sub ${ProjectName}-aurora-replica-instance
DBClusterIdentifier: !Ref auroraDBCluster
DBSubnetGroupName: !Ref auroraDBSubnetGroup
Engine: aurora-mysql
OptionGroupName: !Ref auroraOptionGroup
DBParameterGroupName: !Ref auroraDBParameterGroup
PubliclyAccessible: False
Tags:
- Key: Name
Value: !Sub ${ProjectName}-aurora-replica-instance
# ------------------------------------------------------------#
# EC2
# ------------------------------------------------------------#
rdsClientInstance:
Type: "AWS::EC2::Instance"
Properties:
AvailabilityZone: ap-northeast-1a
ImageId: !Ref EC2ImageId
InstanceType: t3.micro
KeyName: !Ref EC2KeyPair
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: 8
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
GroupSet:
- Ref: rdsClientSecuritygroup
SubnetId:
Ref: publicSubnetA
Tags:
- Key: Name
Value: !Sub ${ProjectName}-rds-client-server
UserData:
Fn::Base64: |
#!/bin/bash
sudo yum -y update
sudo yum -y install mysql
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment