Terraform AWS RDS 实例跨区域复制 - US-west-1 中的只读副本
Terraform AWS RDS Instance Cross Region Replication - Read Replica in US-west-1
我通过 terraform 代码在 aws 区域 us-east-1 运行ning 中有一个数据库实例。
现在我想在另一个区域创建该数据库的只读副本:us-west-1。
这是代码:
# PostgreSQL RDS App Instance
module "rds" {
source = "git@github.com:****"
name = var.rds_name_app
engine = var.rds_engine_app
engine_version = var.rds_engine_version_app
family = var.rds_family_app
instance_class = var.rds_instance_class_app
# WARNING: 'terraform taint random_string.rds_password' must be run prior to recreating the DB if it is destroyed
password = random_string.rds_password.result
port = var.rds_port_app
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app
backup_retention_period = var.rds_backup_retention_period_app
backup_window = var.rds_backup_window_app
maintenance_window = var.rds_maintenance_window_app
environment = var.environment
kms_key_id = aws_kms_key.rds.arn
multi_az = var.rds_multi_az_app
notification_topic = var.rds_notification_topic_app
publicly_accessible = var.rds_publicly_accessible_app
storage_encrypted = var.rds_storage_encrypted_app
storage_size = var.rds_storage_size_app
storage_type = var.rds_storage_type_app
apply_immediately = true
}
# PostgreSQL RDS Read Replica Instance
module "rds_replica" {
source = "git@github.com:****"
name = var.rds_name_app_replica
engine = var.rds_engine_app_replica
engine_version = var.rds_engine_version_app_replica
family = var.rds_family_app_replica
instance_class = var.rds_instance_class_app_replica
read_replica = "true"
source_db = module.rds.db_instance
# NOTE: Using same password as primary 'rds_app' instance generated above
password = ""
port = var.rds_port_app_replica
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app_replica
backup_retention_period = var.rds_backup_retention_period_app_replica
backup_window = var.rds_backup_window_app_replica
maintenance_window = var.rds_maintenance_window_app_replica
environment = var.environment
kms_key_id = aws_kms_key.rds.arn
multi_az = var.rds_multi_az_app_replica
notification_topic = var.rds_notification_topic_app_replica
publicly_accessible = var.rds_publicly_accessible_app_replica
storage_encrypted = var.rds_storage_encrypted_app_replica
storage_size = var.rds_storage_size_app_replica
storage_type = var.rds_storage_type_app_replica
apply_immediately = true
}
此外,这是我的 main.tf:
# pinned provider versions
provider "random" {
version = "~> 2.3.0"
}
provider "template" {
version = "~> 2.1.2"
}
provider "archive" {
version = "~> 1.1"
}
# default provider
provider "aws" {
version = "~> 2.44"
allowed_account_ids = [var.aws_account_id]
region = "us-east-1"
}
# remote state
terraform {
required_version = "0.12.24"
backend "s3" {
key = "terraform.dev.tfstate"
encrypt = "true"
bucket = "dev-tfstate"
region = "us-east-1"
}
}
- 这部分是否正确定义以告诉 terraform 我正在创建先前数据库的副本?:
read_replica = "true"
source_db = module.rds.db_instance
- 我不确定在哪里以及如何指定我希望在另一个区域创建我的副本?
有人请告诉我!
- 我添加了 Grzegorz Oledzki 在答案中给出的解决方案..并且有效。
- 然而,当我 运行 计划时,它没有告诉我它将在 us-west-1 中创建的任何地方。我如何确认?
部分计划:
module.rds_replica.aws_db_instance.db_instance will be created
+ resource "aws_db_instance" "db_instance" {
+ address = (known after apply)
+ allocated_storage = 200
+ allow_major_version_upgrade = false
+ apply_immediately = true
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = 0
+ backup_window = "***"
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = true
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = false
+ endpoint = (known after apply)
+ engine = "postgres"
+ engine_version = "9.5.22"
+ final_snapshot_identifier = "app-replica-final-snapshot"
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = "app-replica-"
+ instance_class = "db.t2.micro"
+ iops = 0
+ kms_key_id = "arn****"
+ license_model = (known after apply)
+ maintenance_window = "sat:05:09-sat:05:39"
+ max_allocated_storage = 0
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ multi_az = false
+ name = (known after apply)
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = 5432
+ publicly_accessible = false
+ replicas = (known after apply)
+ replicate_source_db = "arn****"
+ resource_id = (known after apply)
+ skip_final_snapshot = true
+ status = (known after apply)
+ storage_encrypted = true
+ storage_type = "gp2"
看到它确实说明了区域吗?
(我自己没做过,但是...)
看起来 the docs for AWS Terraform provider 已经考虑了这种可能性。
我根本没有测试过,但是当我阅读它时:
- 您可以创建一个 单独的 Terraform 配置或在同一配置中声明另一个
aws provider under different alias,让其他提供者使用 us-west-1作为地区:
# The default provider you already have
provider "aws" {
region = "us-east-1"
}
# Thew new one
provider "aws" {
region = "us-west-1"
alias = "west"
}
- 并创建一个只读副本,其中
replicate_source_db 具有 writer/main 实例的 ARN。
在这里您再次使用模块,因此在“调用”rds_replica 模块以将 aws.west 作为 aws 传递并让它用作主实例 ARN 作为 replicate_source_db。类似于:(再次未经测试)
module "rds_replica" {
source = "git@github.com:****"
...
providers = {
aws = aws.west
}
# point to the main instance's ARN
replicate_source_db = module.rds.db_instance.arn
}
我正在执行相同的任务,为跨区域创建 RDS 副本并参考此文档,但没有找到类似这样的选项
我通过 terraform 代码在 aws 区域 us-east-1 运行ning 中有一个数据库实例。 现在我想在另一个区域创建该数据库的只读副本:us-west-1。
这是代码:
# PostgreSQL RDS App Instance
module "rds" {
source = "git@github.com:****"
name = var.rds_name_app
engine = var.rds_engine_app
engine_version = var.rds_engine_version_app
family = var.rds_family_app
instance_class = var.rds_instance_class_app
# WARNING: 'terraform taint random_string.rds_password' must be run prior to recreating the DB if it is destroyed
password = random_string.rds_password.result
port = var.rds_port_app
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app
backup_retention_period = var.rds_backup_retention_period_app
backup_window = var.rds_backup_window_app
maintenance_window = var.rds_maintenance_window_app
environment = var.environment
kms_key_id = aws_kms_key.rds.arn
multi_az = var.rds_multi_az_app
notification_topic = var.rds_notification_topic_app
publicly_accessible = var.rds_publicly_accessible_app
storage_encrypted = var.rds_storage_encrypted_app
storage_size = var.rds_storage_size_app
storage_type = var.rds_storage_type_app
apply_immediately = true
}
# PostgreSQL RDS Read Replica Instance
module "rds_replica" {
source = "git@github.com:****"
name = var.rds_name_app_replica
engine = var.rds_engine_app_replica
engine_version = var.rds_engine_version_app_replica
family = var.rds_family_app_replica
instance_class = var.rds_instance_class_app_replica
read_replica = "true"
source_db = module.rds.db_instance
# NOTE: Using same password as primary 'rds_app' instance generated above
password = ""
port = var.rds_port_app_replica
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app_replica
backup_retention_period = var.rds_backup_retention_period_app_replica
backup_window = var.rds_backup_window_app_replica
maintenance_window = var.rds_maintenance_window_app_replica
environment = var.environment
kms_key_id = aws_kms_key.rds.arn
multi_az = var.rds_multi_az_app_replica
notification_topic = var.rds_notification_topic_app_replica
publicly_accessible = var.rds_publicly_accessible_app_replica
storage_encrypted = var.rds_storage_encrypted_app_replica
storage_size = var.rds_storage_size_app_replica
storage_type = var.rds_storage_type_app_replica
apply_immediately = true
}
此外,这是我的 main.tf:
# pinned provider versions
provider "random" {
version = "~> 2.3.0"
}
provider "template" {
version = "~> 2.1.2"
}
provider "archive" {
version = "~> 1.1"
}
# default provider
provider "aws" {
version = "~> 2.44"
allowed_account_ids = [var.aws_account_id]
region = "us-east-1"
}
# remote state
terraform {
required_version = "0.12.24"
backend "s3" {
key = "terraform.dev.tfstate"
encrypt = "true"
bucket = "dev-tfstate"
region = "us-east-1"
}
}
- 这部分是否正确定义以告诉 terraform 我正在创建先前数据库的副本?:
read_replica = "true"
source_db = module.rds.db_instance
- 我不确定在哪里以及如何指定我希望在另一个区域创建我的副本?
有人请告诉我!
- 我添加了 Grzegorz Oledzki 在答案中给出的解决方案..并且有效。
- 然而,当我 运行 计划时,它没有告诉我它将在 us-west-1 中创建的任何地方。我如何确认?
部分计划:
module.rds_replica.aws_db_instance.db_instance will be created
+ resource "aws_db_instance" "db_instance" {
+ address = (known after apply)
+ allocated_storage = 200
+ allow_major_version_upgrade = false
+ apply_immediately = true
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = 0
+ backup_window = "***"
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = true
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = false
+ endpoint = (known after apply)
+ engine = "postgres"
+ engine_version = "9.5.22"
+ final_snapshot_identifier = "app-replica-final-snapshot"
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = "app-replica-"
+ instance_class = "db.t2.micro"
+ iops = 0
+ kms_key_id = "arn****"
+ license_model = (known after apply)
+ maintenance_window = "sat:05:09-sat:05:39"
+ max_allocated_storage = 0
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ multi_az = false
+ name = (known after apply)
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = 5432
+ publicly_accessible = false
+ replicas = (known after apply)
+ replicate_source_db = "arn****"
+ resource_id = (known after apply)
+ skip_final_snapshot = true
+ status = (known after apply)
+ storage_encrypted = true
+ storage_type = "gp2"
看到它确实说明了区域吗?
(我自己没做过,但是...)
看起来 the docs for AWS Terraform provider 已经考虑了这种可能性。
我根本没有测试过,但是当我阅读它时:
- 您可以创建一个 单独的 Terraform 配置或在同一配置中声明另一个
awsprovider under different alias,让其他提供者使用us-west-1作为地区:
# The default provider you already have
provider "aws" {
region = "us-east-1"
}
# Thew new one
provider "aws" {
region = "us-west-1"
alias = "west"
}
- 并创建一个只读副本,其中
replicate_source_db具有 writer/main 实例的 ARN。 在这里您再次使用模块,因此在“调用”rds_replica模块以将aws.west作为aws传递并让它用作主实例 ARN 作为replicate_source_db。类似于:(再次未经测试)
module "rds_replica" {
source = "git@github.com:****"
...
providers = {
aws = aws.west
}
# point to the main instance's ARN
replicate_source_db = module.rds.db_instance.arn
}
我正在执行相同的任务,为跨区域创建 RDS 副本并参考此文档,但没有找到类似这样的选项