Merge pull request #29 from isucon/feature/26_RDS

add rds resources and security groups
isucon · Jun 18, 2021 · 5a34b8e · 5a34b8e
2 parents 354f574 + 6b1a113
commit 5a34b8e
Show file tree

Hide file tree

Showing 4 changed files with 180 additions and 0 deletions.
diff --git a/tf/rds-parameter-group.tf b/tf/rds-parameter-group.tf
@@ -0,0 +1,102 @@
+resource "aws_db_parameter_group" "aurora57" {
+  name        = "isux-aurora57"
+  family      = "aurora-mysql5.7"
+  description = "isux-aurora57"
+
+  parameter {
+    apply_method = "immediate"
+    name         = "innodb_large_prefix"
+    value        = "1"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "long_query_time"
+    value        = "0.5"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "slow_launch_time"
+    value        = "1"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "slow_query_log"
+    value        = "1"
+  }
+
+  parameter {
+    apply_method = "pending-reboot"
+    name         = "query_cache_type"
+    value        = "0"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "max_connections"
+    value        = "2000"
+  }
+}
+
+resource "aws_rds_cluster_parameter_group" "aurora57" {
+  name        = "isux-aurora57"
+  family      = "aurora-mysql5.7"
+  description = "isux-aurora57"
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_client"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_connection"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_database"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_filesystem"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_results"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "character_set_server"
+    value        = "utf8mb4"
+  }
+
+  parameter {
+    apply_method = "immediate"
+    name         = "collation_connection"
+    value        = "utf8mb4_general_ci"
+  }
+
+  parameter {
+    apply_method = "pending-reboot"
+    name         = "innodb_file_per_table"
+    value        = "1"
+  }
+
+  parameter {
+    apply_method = "pending-reboot"
+    name         = "query_cache_type"
+    value        = "0"
+  }
+}
+
diff --git a/tf/rds-subnet-group.tf b/tf/rds-subnet-group.tf
@@ -0,0 +1,6 @@
+resource "aws_db_subnet_group" "isuxportal" {
+  name        = "isuxportal"
+  description = "isuxportal"
+
+  subnet_ids = aws_subnet.private.*.id
+}
diff --git a/tf/rds_isuportal-dev.tf b/tf/rds_isuportal-dev.tf
@@ -0,0 +1,39 @@
+resource "aws_rds_cluster" "isuxportal-dev" {
+  cluster_identifier              = "isuxportal-dev"
+  master_username                 = "root"
+  master_password                 = random_password.isuxportal-rds-dev.result
+  backup_retention_period         = 20
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora57.name
+  db_subnet_group_name            = aws_db_subnet_group.isuxportal.name
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7.mysql_aurora.2.08.1"
+  preferred_backup_window         = "15:00-15:30"
+  preferred_maintenance_window    = "tue:17:00-tue:17:30"
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  deletion_protection             = false
+
+  vpc_security_group_ids = [
+    aws_security_group.default.id,
+    aws_security_group.mysql.id,
+  ]
+
+  iam_roles = [
+    aws_iam_service_linked_role.AWSServiceRoleForRDS.arn,
+  ]
+
+  enabled_cloudwatch_logs_exports = [
+    "slowquery",
+  ]
+}
+
+resource "random_password" "isuxportal-rds-dev" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+}
+
+resource "aws_iam_service_linked_role" "AWSServiceRoleForRDS" {
+  aws_service_name = "rds.amazonaws.com"
+}
+
diff --git a/tf/security-group_mysql.tf b/tf/security-group_mysql.tf
@@ -0,0 +1,33 @@
+resource "aws_security_group" "mysql" {
+  vpc_id      = aws_vpc.main.id
+  name        = "mysql"
+  description = "mysql VPC security group"
+}
+
+resource "aws_security_group_rule" "mysql-ingress_mysql_http" {
+  security_group_id        = aws_security_group.mysql.id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = 3306
+  to_port                  = 3306
+  source_security_group_id = aws_security_group.http.id
+}
+resource "aws_security_group_rule" "mysql-ingress_mysql_bastion" {
+  security_group_id        = aws_security_group.mysql.id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = 3306
+  to_port                  = 3306
+  source_security_group_id = aws_security_group.bastion.id
+}
+
+resource "aws_security_group_rule" "mysql-egress_all" {
+  security_group_id = aws_security_group.mysql.id
+  type              = "egress"
+  protocol          = "all"
+  from_port         = 0
+  to_port           = 0
+  cidr_blocks       = ["0.0.0.0/0"]
+  ipv6_cidr_blocks  = ["::/0"]
+}
+