CloudFormationでRDS構築(Oracle SE2 19c bring-your-own-license)を構築する手順


この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので十分ご注意ください。

背景

AWS Database Migration Serviceを検証するために移行先DBであるOracle SE2 19c bring-your-own-licenseの構築が必要になります。ここでCloudFormationでの構築手順紹介します。

前提

・VPCが作成済みであること
・RDS用のセキュリティグループが作成済みであること
・CloudFormationのテンプレートをyaml形式とする。
・AWSの管理者ユーザで検証しています。
・AWSコンソール上でスタックを作成します(作成手順を割愛します)。

構築手順

Cfnテンプレート

コピペで利用できます。下記のパラメータを自分の環境に合わせて変更してご利用ください。
DBSubnet1a: { ID: subnet-xxxxxxxxxxxxxxxxx }
DBSubnet1c: { ID: subnet-xxxxxxxxxxxxxxxxx }
RdsSecurityGroup: { ID: sg-xxxxxxxxxxxxxxxxx }

AWSTemplateFormatVersion: '2010-09-09'
Description: This CloudFormation template to create RDS(Oracle) db instances.

Mappings:
  dev:
    DBSubnet1a: { ID: subnet-xxxxxxxxxxxxxxxxx }
    DBSubnet1c: { ID: subnet-xxxxxxxxxxxxxxxxx }
    RdsSecurityGroup: { ID: sg-xxxxxxxxxxxxxxxxx }
    DBInstance:
      Engine: oracle-se2
      LicenseModel: bring-your-own-license
      EngineVersion: 19.0.0.0.ru-2022-10.rur-2022-10.r1
      RDS1AvailabilityZone: ap-northeast-1a
      RDS2AvailabilityZone: ap-northeast-1c
      BackupRetentionPeriod: 7
      InstancePreferredBackupWindow: 13:00-13:30
      InstancePreferredMaintenanceWindow: wed:14:00-wed:14:30
      DatabaseName: testdb
      AutoMinorVersionUpgrade: true
      DBInstanceClass: db.t3.medium
    DBParameterGroup:
      DBEngineFamily: oracle-se2-19

Parameters:
  Environment:
    Description: Type of this environment.
    Type: String
    Default: dev
    AllowedValues:
    - dev

  SystemName:
    Description: Name of this system.
    Type: String
    Default: cpi
  Username:
    Description: Name of DB mater username.
    Type: String
    Default: dmsuser2
  Password:
    Description: Name of DB mater user password.
    Type: String
    NoEcho: true

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - 
        Label:
          default: Environment Configuration
          Parameters:
            - SystemName
            - Environment
      - 
        Label:
          default: RDS DB instace Configuration
          Parameters:
            - Username
            - Password

Resources:
  # IAM Role for enhanced monitoring
  RDSMonitoringRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${SystemName}-${Environment}-rds-monitoring-role
      Path: /
      AssumeRolePolicyDocument: !Sub |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": "monitoring.rds.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        }
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole
      Tags:
        - Key: User
          Value: kobayashi

  RDSDBInstance1:
    Type: AWS::RDS::DBInstance
    Properties:
      MasterUsername: !Ref Username
      MasterUserPassword: !Ref Password
      LicenseModel: !FindInMap [ !Ref Environment, DBInstance, LicenseModel ]
      Port: 1521    
      VPCSecurityGroups: 
        - !FindInMap [ !Ref Environment, RdsSecurityGroup, ID ]
      StorageEncrypted: true
      DBName: !FindInMap [ !Ref Environment, DBInstance, DatabaseName ]
      AllocatedStorage: '50'
      DBSubnetGroupName: !Ref DBSubnetGroup
      DBParameterGroupName: !Ref RDSDBParameterGroup
      Engine: !FindInMap [ !Ref Environment, DBInstance, Engine ]
      EngineVersion: !FindInMap [ !Ref Environment, DBInstance, EngineVersion ]
      AvailabilityZone: !FindInMap [ !Ref Environment, DBInstance, RDS1AvailabilityZone ]
      DBInstanceClass: !FindInMap [ !Ref Environment, DBInstance, DBInstanceClass ]
      AutoMinorVersionUpgrade: !FindInMap [ !Ref Environment, DBInstance, AutoMinorVersionUpgrade ]
      CopyTagsToSnapshot: true
      DBInstanceIdentifier: !Sub ${SystemName}-${Environment}-kobayashi-oracle-test
      EnablePerformanceInsights: true
      PreferredBackupWindow: !FindInMap [ !Ref Environment, DBInstance, InstancePreferredBackupWindow ]
      PreferredMaintenanceWindow: !FindInMap [ !Ref Environment, DBInstance, InstancePreferredMaintenanceWindow ]
      # DeletionProtection: true
      MonitoringInterval: 60
      MonitoringRoleArn: !GetAtt RDSMonitoringRole.Arn
      PubliclyAccessible: false
      Tags:
        - Key: Name
          Value: !Sub ${SystemName}-${Environment}-kobayashi-oracle-test
        - Key: User
          Value: kobayashi

  # DB subnet group
  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupName: !Sub ${SystemName}-${Environment}-db-subnet-group
      DBSubnetGroupDescription: !Sub ${SystemName}-${Environment}-db-subnet-group
      SubnetIds:
        - !FindInMap [ !Ref Environment, DBSubnet1a, ID ]
        - !FindInMap [ !Ref Environment, DBSubnet1c, ID ]
      Tags:
        - Key: Name
          Value: !Sub ${SystemName}-${Environment}-db-subnet-group
        - Key: User
          Value: kobayashi

  # DB parameter group
  RDSDBParameterGroup:
    Type: AWS::RDS::DBParameterGroup
    Properties:
      Description: !Sub ${SystemName}-${Environment}-db-param-group
      Family: !FindInMap [ !Ref Environment, DBParameterGroup, DBEngineFamily ]
      Tags:
        - Key: Name
          Value: !Sub ${SystemName}-${Environment}-db-param-group
        - Key: User
          Value: kobayashi

スタック作成時のパラメータ

file

作成後の確認

file

file

接続確認

接続コマンド
sqlplus dmsuser2/passw0rd@"(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=cpi-dev-kobayashi-oracle-test.c5qwrqga2axq.ap-northeast-1.rds.amazonaws.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=TESTDB)))"

file

テーブル一覧の確認コマンド
SELECT TABLE_NAME FROM USER_TABLES ORDER BY TABLE_NAME;
file

参考

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html

Last modified: 2023-01-11

Author