如何使用cloudformation在一个RDS中创建多个数据库?

时间:2017-03-22 13:19:25

标签: amazon-web-services amazon-cloudformation

我正在编写一个cloudformation模板,我在其中创建一个RDS实例,在启动配置中,我正在安装wordpress。现在我想在单个RDS中创建多个数据库,我的启动配置应该是什么样的。 这是我目前的启动配置

AWSTemplateFormatVersion: "2010-09-09"
Description: "Wordpress: highly available and scalable template"
Parameters:
BlogID:
Description: "A unique identifier for your blog. For internal use only."
Type: String
AllowedPattern: "[A-Za-z0-9\\-]+"
ConstraintDescription: "Only letters, digits or dash allowed."
BlogTitle:
Description: "The title of the Wordpress blog."
Type: String
Default: "Just another Wordpress blog"
BlogAdminUsername:
Description: "A username for the Wordpress admin."
Type: String
Default: "admin"
BlogAdminPassword:
Description: "A password for the Wordpress admin."
Type: String
NoEcho: "true"
BlogAdminEMail:
Description: "The email address of the Wordpress admin."
Type: String
WebServerKeyName:
Description: "The key pair to establish a SSH connection to the web servers."
Type: "AWS::EC2::KeyPair::KeyName"
WebServerInstanceType:
Description: "The instance type of web servers (e.g. t2.micro)."
Type: String
Default: "t2.micro"
DBServerInstanceType:
Description: "The instance type of database server (e.g. db.t2.micro)."
Type: String
Default: "db.t2.micro"

Mappings:
EC2RegionMap:
ap-northeast-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-cbf90ecb" }
ap-southeast-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-68d8e93a" }
ap-southeast-2: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-fd9cecc7" }
eu-central-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-a8221fb5" }
eu-west-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-a10897d6" }
sa-east-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-b52890a8" }
us-east-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-1ecae776" }
us-west-1: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-d114f295" }
us-west-2: { AmazonLinuxAMIHVMEBSBacked64bit: "ami-e7527ed7" }

Resources:
VPC:
Type: "AWS::EC2::VPC"
Properties:
  CidrBlock: "172.31.0.0/16"
  EnableDnsHostnames: "true"

InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties: {}

VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
  VpcId: {"Ref": "VPC"}
  InternetGatewayId: {"Ref": "InternetGateway"}

SubnetA:
Type: "AWS::EC2::Subnet"
Properties:
  AvailabilityZone: {"Fn::Select": ["0", {"Fn::GetAZs": ""}]}
  CidrBlock: "172.31.38.0/24"
  VpcId: {"Ref": "VPC"}

SubnetB:
Type: "AWS::EC2::Subnet"
Properties:
  AvailabilityZone: {"Fn::Select": ["1", {"Fn::GetAZs": ""}]}
  CidrBlock: "172.31.37.0/24"
  VpcId: {"Ref": "VPC"}

RouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
  VpcId: {"Ref": "VPC"}

RouteTableAssociationA:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
  SubnetId: {"Ref": "SubnetA"}
  RouteTableId: {"Ref": "RouteTable"}

RouteTableAssociationB:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
  SubnetId: {"Ref": "SubnetB"}
  RouteTableId: {"Ref": "RouteTable"}

RoutePublicNATToInternet:
Type: "AWS::EC2::Route"
Properties:
  RouteTableId: {"Ref": "RouteTable"}
  DestinationCidrBlock: "0.0.0.0/0"
  GatewayId: {"Ref": "InternetGateway"}
DependsOn: "VPCGatewayAttachment"

NetworkAcl:
Type: "AWS::EC2::NetworkAcl"
Properties:
  VpcId: {"Ref": "VPC"}

SubnetNetworkAclAssociationA:
Type: "AWS::EC2::SubnetNetworkAclAssociation"
Properties:
  SubnetId: {"Ref": "SubnetA"}
  NetworkAclId: {"Ref": "NetworkAcl"}

SubnetNetworkAclAssociationB:
Type: "AWS::EC2::SubnetNetworkAclAssociation"
Properties:
  SubnetId: {"Ref": "SubnetB"}
  NetworkAclId: {"Ref": "NetworkAcl"}

NetworkAclEntryIngress:
Type: "AWS::EC2::NetworkAclEntry"
Properties:
  NetworkAclId: {"Ref": "NetworkAcl"}
  RuleNumber: "100"
  Protocol: "-1"
  RuleAction: "allow"
  Egress: "false"
  CidrBlock: "0.0.0.0/0"

NetworkAclEntryEgress:
Type: "AWS::EC2::NetworkAclEntry"
Properties:
  NetworkAclId: {"Ref": "NetworkAcl"}
  RuleNumber: "100"
  Protocol: "-1"
  RuleAction: "allow"
  Egress: "true"
  CidrBlock: "0.0.0.0/0"

LoadBalancer:
Type: "AWS::ElasticLoadBalancing::LoadBalancer"
Properties:
  Subnets: [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}]
  LoadBalancerName: {"Ref": "BlogID"}
  Listeners:
    - InstancePort: "80"
      InstanceProtocol: "HTTP"
      LoadBalancerPort: "80"
      Protocol: "HTTP"
  HealthCheck:
    HealthyThreshold: "2"
    Interval: "5"
    Target: "TCP:80"
    Timeout: "3"
    UnhealthyThreshold: "2"
  SecurityGroups: [{"Ref": "LoadBalancerSecurityGroup"}]
  Scheme: "internet-facing"
  CrossZone: "true"

  LoadBalancerSecurityGroup:
  Type: "AWS::EC2::SecurityGroup"
  Properties:
  GroupDescription: "wordpress-elb"
  VpcId: {"Ref": "VPC"}
  SecurityGroupIngress:
    - CidrIp: "0.0.0.0/0"
      FromPort: 80
      IpProtocol: "tcp"
      ToPort: 80

 WebServerSecurityGroup:
 Type: "AWS::EC2::SecurityGroup"
 Properties:
  GroupDescription: "wordpress-ec2"
  VpcId: {"Ref": "VPC"}
  SecurityGroupIngress:
    - CidrIp: "0.0.0.0/0"
      FromPort: 22
      IpProtocol: "tcp"
      ToPort: 22

    - FromPort: 80
      IpProtocol: "tcp"
      SourceSecurityGroupId: {"Ref": "LoadBalancerSecurityGroup"}
      ToPort: 80

  DatabaseSecurityGroup:
  Type: "AWS::EC2::SecurityGroup"
  Properties:
  GroupDescription: "wordpress-rds"
  VpcId: {"Ref": "VPC"}
  SecurityGroupIngress:
    - IpProtocol: "tcp"
      FromPort: "3306"
      ToPort: "3306"
      SourceSecurityGroupId: {"Ref": "WebServerSecurityGroup"}

 Database:
 Type: "AWS::RDS::DBInstance"
  Properties:
  AllocatedStorage: "5"
  BackupRetentionPeriod: "0"
  DBInstanceClass: {"Ref": "DBServerInstanceType"}
  DBInstanceIdentifier: {"Ref": "BlogID"}
  DBName: "wordpress"
  Engine: "MySQL"
  MasterUsername: "wordpress"
  MasterUserPassword: "wordpress"
  VPCSecurityGroups: [{"Fn::GetAtt": ["DatabaseSecurityGroup", "GroupId"]}]
  DBSubnetGroupName: {"Ref": "DBSubnetGroup"}
  MultiAZ: "true"
  StorageType: "gp2"

DBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
  DBSubnetGroupDescription: "DB subnet group"
  SubnetIds: [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}]



IAMUser:
Type: "AWS::IAM::User"
Properties:
  Path: "/"
  Policies:
    - PolicyName: "UploadToS3"
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Action: ["s3:*"]
            Resource:
              - {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "BlogID"} ,"/*"]]}

IAMAccessKey:
Type: "AWS::IAM::AccessKey"
Properties:
  UserName: {"Ref": "IAMUser"}

LaunchConfiguration:
Type: "AWS::AutoScaling::LaunchConfiguration"
Metadata:
  "AWS::CloudFormation::Init":
    config:
      packages:
        yum:
          "php": []
          "php-mysql": []
          "mysql": []
          "httpd": []
      sources: {"/var/www/html": "https://wordpress.org/wordpress-4.2.4.tar.gz"}
      files:
        "/root/config.sh":
          content:
            "Fn::Join":
              - ""
              - [
                  "#!/bin/bash -ex\n",
                  "cp wp-config-sample.php wp-config.php\n",
                  "sed -i \"s/'database_name_here'/'wordpress'/g\" wp-config.php\n",
                  "sed -i \"s/'username_here'/'wordpress'/g\" wp-config.php\n",
                  "sed -i \"s/'password_here'/'wordpress'/g\" wp-config.php\n",
                  "sed -i \"s/'localhost'/'", {"Fn::GetAtt": ["Database", "Endpoint.Address"]}, "'/g\" wp-config.php\n",
                  "echo \"define('AWS_ACCESS_KEY_ID', '", {"Ref": "IAMAccessKey"},"'); \" >> wp-config.php \n",
                  "echo \"define('AWS_SECRET_ACCESS_KEY', '", {"Fn::GetAtt": ["IAMAccessKey", "SecretAccessKey"]},"'); \" >> wp-config.php \n",
                  "echo \"define( 'DISALLOW_FILE_MODS', true ); \" >> wp-config.php \n",
                  "echo \"define( 'WP_AUTO_UPDATE_CORE', false ); \" >> wp-config.php \n",
                  "chmod -R 777 wp-content/ \n",
                  "curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \n",
                  "php wp-cli.phar core install --url=\"", {"Fn::GetAtt": ["LoadBalancer", "DNSName"]}, "\" --title=\"", {"Ref": "BlogTitle"}, "\" --admin_user=\"", {"Ref": "BlogAdminUsername"}, "\" --admin_password=\"", {"Ref": "BlogAdminPassword"}, "\" --admin_email=\"", {"Ref": "BlogAdminEMail"}, "\" \n",
                  "php wp-cli.phar plugin install --activate amazon-web-services \n",
                  "php wp-cli.phar plugin install --activate amazon-s3-and-cloudfront \n",
                  "CHARCOUNT=`printf \"",{"Ref": "BlogID"} ,"\" | wc -c` \n",
                  "php wp-cli.phar db query \"DELETE FROM wp_options WHERE option_name = 'tantan_wordpress_s3'; INSERT INTO wp_options (option_name, option_value, autoload) VALUES('tantan_wordpress_s3', 'a:15:{s:17:\\\"post_meta_version\\\";i:1;s:6:\\\"bucket\\\";s:", "$CHARCOUNT", ":\\\"", {"Ref": "BlogID"},"\\\";s:6:\\\"region\\\";s:0:\\\"\\\";s:6:\\\"domain\\\";s:9:\\\"subdomain\\\";s:7:\\\"expires\\\";s:1:\\\"0\\\";s:10:\\\"cloudfront\\\";s:0:\\\"\\\";s:13:\\\"object-prefix\\\";s:19:\\\"wp-content/uploads/\\\";s:10:\\\"copy-to-s3\\\";s:1:\\\"1\\\";s:13:\\\"serve-from-s3\\\";s:1:\\\"1\\\";s:17:\\\"remove-local-file\\\";s:1:\\\"0\\\";s:3:\\\"ssl\\\";s:7:\\\"request\\\";s:12:\\\"hidpi-images\\\";s:1:\\\"0\\\";s:17:\\\"object-versioning\\\";s:1:\\\"0\\\";s:21:\\\"use-yearmonth-folders\\\";s:1:\\\"1\\\";s:20:\\\"enable-object-prefix\\\";s:1:\\\"1\\\";}', 'yes');\" \n"
                ]
          mode: "000500"
          owner: "root"
          group: "root"

      commands:
        01_mv:
          command: "mv * ../"
          cwd: "/var/www/html/wordpress"
        02_config:
          command: "/root/config.sh"
          cwd: "/var/www/html"

      services:
        sysvinit:
          httpd:
            enabled: "true"
            ensureRunning: "true"

  Properties:
  ImageId: {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]}
  InstanceType: {"Ref": "WebServerInstanceType"}
  SecurityGroups: [{"Ref": "WebServerSecurityGroup"}]
  KeyName: {"Ref": "WebServerKeyName"}
  AssociatePublicIpAddress: "true"
  UserData:
    "Fn::Base64":
      "Fn::Join":
        - ""
        - [
            "#!/bin/bash -ex\n",
            "yum update -y aws-cfn-bootstrap\n",
            "/opt/aws/bin/cfn-init -v --stack ", {"Ref": "AWS::StackName"}, " --resource LaunchConfiguration --region ", {"Ref": "AWS::Region"}, "\n",
            "/opt/aws/bin/cfn-signal -e $? --stack ", {"Ref": "AWS::StackName"}, " --resource AutoScalingGroup --region ", {"Ref": "AWS::Region"}, "\n"
          ]
  InstanceMonitoring: "true"

AutoScalingGroup:
Type: "AWS::AutoScaling::AutoScalingGroup"
Properties:
  LoadBalancerNames: [{"Ref": "LoadBalancer"}]
  LaunchConfigurationName: {"Ref": "LaunchConfiguration"}
  MinSize: "1"
  MaxSize: "2"
  DesiredCapacity: "1"
  Cooldown: "300"
  HealthCheckGracePeriod: "300"
  HealthCheckType: "ELB"
  VPCZoneIdentifier: [{"Ref": "SubnetA"}, {"Ref": "SubnetB"}]
  Tags:
    - PropagateAtLaunch: "true"
      Value: "wordpress"
      Key: "Name"



Outputs:
URL:
Value: {"Fn::Join": ["", ["http://", {"Fn::GetAtt": ["LoadBalancer", "DNSName"]}]]}
Description: "URL to Wordpress"

1 个答案:

答案 0 :(得分:0)

CloudFormation不支持此功能。但是,您可以使用custom resources

扩展CF.

方法是:

1 - 创建可以访问RDS的lambda函数

2 - 将其添加到cloudformation并让它创建其他数据库/表/用户......