本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
篩選條件查看
篩選條件查看
主題
Amazon RDS 資料庫執行個體資源
此範例顯示具有受管主要使用者密碼的 Amazon RDS 資料庫執行個體資源。如需詳細資訊,請參閱《Amazon RDS 使用者指南》中的使用 AWS Secrets Manager進行密碼管理和《Aurora 使用者指南》中的使用 AWS Secrets Manager進行密碼管理。由於未指定選用EngineVersion屬性,因此預設引擎版本會用於此資料庫執行個體。如需有關預設引擎版本和其他預設設定的詳細資訊,請參閱 CreateDBInstance。DBSecurityGroups 屬性會授權網路傳入名為 MyDbSecurityByEC2SecurityGroup和 MyDbSecurityByCIDRIPGroup AWS::RDS::DBSecurityGroup的資源。如需詳細資訊,請參閱AWS::RDS::DBInstance。資料庫執行個體資源也有設定為 的DeletionPolicy屬性Snapshot。Snapshot DeletionPolicy 設定 後, AWS CloudFormation 會在堆疊刪除期間刪除此資料庫執行個體之前,先拍攝該資料庫執行個體的快照。
JSON
"MyDB" : {
"Type" : "AWS::RDS::DBInstance",
"Properties" : {
"DBSecurityGroups" : [
{"Ref" : "MyDbSecurityByEC2SecurityGroup"}, {"Ref" : "MyDbSecurityByCIDRIPGroup"} ],
"AllocatedStorage" : "5",
"DBInstanceClass" : "db.t2.small",
"Engine" : "MySQL",
"MasterUsername" : "MyName",
"ManageMasterUserPassword" : true,
"MasterUserSecret" : {
"KmsKeyId" : {"Ref" : "KMSKey"}
}
},
"DeletionPolicy" : "Snapshot"
}YAML
MyDB:
Type: AWS::RDS::DBInstance
Properties:
DBSecurityGroups:
- Ref: MyDbSecurityByEC2SecurityGroup
- Ref: MyDbSecurityByCIDRIPGroup
AllocatedStorage: '5'
DBInstanceClass: db.t2.small
Engine: MySQL
MasterUsername: MyName
ManageMasterUserPassword: true
MasterUserSecret:
KmsKeyId: !Ref KMSKey
DeletionPolicy: SnapshotAmazon RDS Oracle Database 資料庫執行個體資源
此範例建立具有受管主要使用者密碼的 Oracle Database 資料庫執行個體資源。如需詳細資訊,請參閱《Amazon RDS 使用者指南》中的使用 AWS Secrets Manager進行密碼管理。此範例指定 Engine 做為 oracle-ee,授權模型為bring-your-own-license。如需有關 Oracle Database 資料庫執行個體的詳細資訊,請參閱 CreateDBInstance。DBSecurityGroups 屬性授權網路輸入至名為 MyDbSecurityByEC2SecurityGroup 和 MyDbSecurityByCIDRIPGroup 的 AWS::RDS::DBSecurityGroup 資源。如需詳細資訊,請參閱AWS::RDS::DBInstance。資料庫執行個體資源也有設定為 的DeletionPolicy屬性Snapshot。Snapshot DeletionPolicy 設定 後, AWS CloudFormation 會在堆疊刪除期間先擷取此資料庫執行個體的快照,然後再將其刪除。
JSON
"MyDB" : {
"Type" : "AWS::RDS::DBInstance",
"Properties" : {
"DBSecurityGroups" : [
{"Ref" : "MyDbSecurityByEC2SecurityGroup"}, {"Ref" : "MyDbSecurityByCIDRIPGroup"} ],
"AllocatedStorage" : "5",
"DBInstanceClass" : "db.t2.small",
"Engine" : "oracle-ee",
"LicenseModel" : "bring-your-own-license",
"MasterUsername" : "master",
"ManageMasterUserPassword" : true,
"MasterUserSecret" : {
"KmsKeyId" : {"Ref" : "KMSKey"}
}
},
"DeletionPolicy" : "Snapshot"
}YAML
MyDB:
Type: AWS::RDS::DBInstance
Properties:
DBSecurityGroups:
- Ref: MyDbSecurityByEC2SecurityGroup
- Ref: MyDbSecurityByCIDRIPGroup
AllocatedStorage: '5'
DBInstanceClass: db.t2.small
Engine: oracle-ee
LicenseModel: bring-your-own-license
MasterUsername: master
ManageMasterUserPassword: true
MasterUserSecret:
KmsKeyId: !Ref KMSKey
DeletionPolicy: Snapshot適用於 CIDR 範圍的 Amazon RDS DBSecurityGroup 資源
此範例顯示具有指定 CIDR 範圍輸入授權的 Amazon RDS DBSecurityGroup 資源,格式為 ddd.ddd.ddd.ddd/dd。如需詳細資訊,請參閱 AWS::RDS::DBSecurityGroup 和 Ingress。
JSON
"MyDbSecurityByCIDRIPGroup" : {
"Type" : "AWS::RDS::DBSecurityGroup",
"Properties" : {
"GroupDescription" : "Ingress for CIDRIP",
"DBSecurityGroupIngress" : {
"CIDRIP" : "192.168.0.0/32"
}
}
}YAML
MyDbSecurityByCIDRIPGroup:
Type: AWS::RDS::DBSecurityGroup
Properties:
GroupDescription: Ingress for CIDRIP
DBSecurityGroupIngress:
CIDRIP: "192.168.0.0/32"具有 Amazon EC2 安全群組的 Amazon RDS DBSecurityGroup
此範例顯示 AWS::RDS::DBSecurityGroup 資源,其中包含 所參考之 Amazon EC2 安全群組的輸入授權MyEc2SecurityGroup。
若要這樣做,請定義 EC2 安全群組,然後使用 內部Ref函數來參考 中的 EC2 安全群組DBSecurityGroup。
JSON
"DBInstance" : {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName" : { "Ref" : "DBName" },
"Engine" : "MySQL",
"MasterUsername" : { "Ref" : "DBUsername" },
"DBInstanceClass" : { "Ref" : "DBClass" },
"DBSecurityGroups" : [ { "Ref" : "DBSecurityGroup" } ],
"AllocatedStorage" : { "Ref" : "DBAllocatedStorage" },
"MasterUserPassword": { "Ref" : "DBPassword" }
}
},
"DBSecurityGroup": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties": {
"DBSecurityGroupIngress": {
"EC2SecurityGroupName": {
"Fn::GetAtt": ["WebServerSecurityGroup", "GroupName"]
}
},
"GroupDescription" : "Frontend Access"
}
},
"WebServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access via port 80 and SSH access",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : 22, "ToPort" : 22, "CidrIp" : "0.0.0.0/0"}
]
}
}YAML
此範例擷取自以下完整範例:Drupal_Single_Instance_With_RDS.template
DBInstance:
Type: AWS::RDS::DBInstance
Properties:
DBName:
Ref: DBName
Engine: MySQL
MasterUsername:
Ref: DBUsername
DBInstanceClass:
Ref: DBClass
DBSecurityGroups:
- Ref: DBSecurityGroup
AllocatedStorage:
Ref: DBAllocatedStorage
MasterUserPassword:
Ref: DBPassword
DBSecurityGroup:
Type: AWS::RDS::DBSecurityGroup
Properties:
DBSecurityGroupIngress:
EC2SecurityGroupName:
Ref: WebServerSecurityGroup
GroupDescription: Frontend Access
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0多個 VPC 安全群組
此範例顯示 AWS::RDS::DBSecurityGroup 資源與 AWS::RDS::DBSecurityGroupIngress 中多個 Amazon EC2 VPC 安全群組的輸入授權。
JSON
{
"Resources" : {
"DBinstance" : {
"Type" : "AWS::RDS::DBInstance",
"Properties" : {
"AllocatedStorage" : "5",
"DBInstanceClass" : "db.t2.small",
"DBName" : {"Ref": "MyDBName" },
"DBSecurityGroups" : [ { "Ref" : "DbSecurityByEC2SecurityGroup" } ],
"DBSubnetGroupName" : { "Ref" : "MyDBSubnetGroup" },
"Engine" : "MySQL",
"MasterUserPassword": { "Ref" : "MyDBPassword" },
"MasterUsername" : { "Ref" : "MyDBUsername" }
},
"DeletionPolicy" : "Snapshot"
},
"DbSecurityByEC2SecurityGroup" : {
"Type" : "AWS::RDS::DBSecurityGroup",
"Properties" : {
"GroupDescription" : "Ingress for Amazon EC2 security group",
"EC2VpcId" : { "Ref" : "MyVPC" },
"DBSecurityGroupIngress" : [ {
"EC2SecurityGroupId" : "sg-b0ff1111",
"EC2SecurityGroupOwnerId" : "111122223333"
}, {
"EC2SecurityGroupId" : "sg-ffd722222",
"EC2SecurityGroupOwnerId" : "111122223333"
} ]
}
}
}
}YAML
Resources:
DBinstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: '5'
DBInstanceClass: db.t2.small
DBName:
Ref: MyDBName
DBSecurityGroups:
- Ref: DbSecurityByEC2SecurityGroup
DBSubnetGroupName:
Ref: MyDBSubnetGroup
Engine: MySQL
MasterUserPassword:
Ref: MyDBPassword
MasterUsername:
Ref: MyDBUsername
DeletionPolicy: Snapshot
DbSecurityByEC2SecurityGroup:
Type: AWS::RDS::DBSecurityGroup
Properties:
GroupDescription: Ingress for Amazon EC2 security group
EC2VpcId:
Ref: MyVPC
DBSecurityGroupIngress:
- EC2SecurityGroupId: sg-b0ff1111
EC2SecurityGroupOwnerId: '111122223333'
- EC2SecurityGroupId: sg-ffd722222
EC2SecurityGroupOwnerId: '111122223333'VPC 安全群組中的 Amazon RDS 資料庫執行個體
此範例顯示與 Amazon EC2 VPC 安全群組關聯的 Amazon RDS 資料庫執行個體。
JSON
{
"DBEC2SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription": "Open database for access",
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : 3306,
"ToPort" : 3306,
"SourceSecurityGroupName" : { "Ref" : "WebServerSecurityGroup" }
}]
}
},
"DBInstance" : {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBName" : { "Ref" : "DBName" },
"Engine" : "MySQL",
"MultiAZ" : { "Ref": "MultiAZDatabase" },
"MasterUsername" : { "Ref" : "DBUser" },
"DBInstanceClass" : { "Ref" : "DBClass" },
"AllocatedStorage" : { "Ref" : "DBAllocatedStorage" },
"MasterUserPassword": { "Ref" : "DBPassword" },
"VPCSecurityGroups" : [ { "Fn::GetAtt": [ "DBEC2SecurityGroup", "GroupId" ] } ]
}
}
}YAML
DBEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Open database for access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupName:
Ref: WebServerSecurityGroup
DBInstance:
Type: AWS::RDS::DBInstance
Properties:
DBName:
Ref: DBName
Engine: MySQL
MultiAZ:
Ref: MultiAZDatabase
MasterUsername:
Ref: DBUser
DBInstanceClass:
Ref: DBClass
AllocatedStorage:
Ref: DBAllocatedStorage
MasterUserPassword:
Ref: DBPassword
VPCSecurityGroups:
- !GetAtt DBEC2SecurityGroup.GroupId