9

How to set up MySQL RDS with Terraform

 3 years ago
source link: https://revdb.io/2020/09/25/terraform-rds-mysql-example/?utm_campaign=terraform-rds-mysql-example
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Goal of this guide

In this how to guide we will go through the basics of setting up MySQL RDS with Terraform. To do this, the minimum we have to do is:

  • Create a network (VPC)
  • Create a security group to allow incoming MySQL traffic
  • Create the RDS instance
  • Launch an EC2 instance to test the database server

Creating your network

This is the most complicated part of this guide, to be able to create an RDS instance, you will need a VPC with at least 2 subnets. We will also add an Internet Gateway and a default route table to be able to connect to this VPC from the outside. If you have these setup already, you can skip to the next part. If you don’t, setting up networking on your account, deserves its own post, so we will do the minimum to get going here.

First lets create the VPC and its subnets:

resource "aws_vpc" "main" {
  cidr_block = "10.10.0.0/16"
}
// first subnet
resource "aws_subnet" "main-1" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.10.1.0/24"
}
// second subnet
resource "aws_subnet" "main-2" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.10.2.0/24"
}

Now that we have a VPC we might want to add an Internet Gateway and a route table associating the gateway with the VPC. This will enable networking access to and from the outside world, just like your router does in your home.

// adding internet gateway to the vpc
resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.main.id
}
// adding the route table entry 
// to use the internet gateway 
resource "aws_default_route_table" "main" {
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }
  default_route_table_id = aws_vpc.main.default_route_table_id
}

Security group configuration

In Amazon AWS Security groups and Network ACLs control network traffic in and out from a given AWS resource and network. For this tutorial we will only have to worry about adding the right security group to allow MySQL traffic to the newly created database resource.

resource "aws_security_group" "db" {
  name        = "allow_mysql"
  description = "Allow MySQL inbound traffic"
  vpc_id      = aws_vpc.main.id

  ingress {
    description = "MySQL from VPC"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = [aws_vpc.main.cidr_block]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Starting MySQL RDS with Terraform

The last step is to configure RDS before applying changes via
Terraform, in this how to guide MySQL 8.0 will be used on a db.t3.micro
instance.

// The two subnets from above
resource "aws_db_subnet_group" "db" {
  subnet_ids = [aws_subnet.main-1.id, aws_subnet.main-2.id]
}
resource "aws_db_instance" "db" {
  allocated_storage    = 5
  storage_type         = "gp2"
  engine               = "mysql"
  engine_version       = "8.0"
  instance_class       = "db.t3.micro"
  name                 = "db1"
  username             = "user"
  password             = "hello_mysql"

  vpc_security_group_ids = [aws_security_group.db.id]
  db_subnet_group_name = aws_db_subnet_group.db.id
}

// output the database endpoint URL
output "database_endpoint" {
  value = aws_db_instance.db.endpoint
}

Running Terraform

Initialize Terraform by running terraform init in the terminal.

$ terraform init

Run terraform apply. If all is good you should see the following.

$ terraform apply

As you can see Terraform is going to create 8 resources and 0 resources are going to be changed or destroyed as we expect. Entering “yes” will apply the changes on your AWS account and after all the resources are created Terraform will output the MySQL server’s endpoint URL.

Launch an EC2 instance in the same VPC as our MySQL server to test the database server:

$ mysql -h terraform-20200920101212267400000001.cqhu6rnhwf6h.us-east-1.rds.amazonaws.com -u user -p

Conclusion

As you have seen the most work for standalone MySQL installations is with setting up networking and security groups. Secure password management was out of scope of this introductory tutorial, but it is a must for every production database installation so we will cover that in an upcoming blog post with other tips to keep your MySQL server installation secure.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK