https://aws.amazon.com/jp/premiumsupport/knowledge-center/rds-aurora-mysql-logs-cloudwatch/
-- 1. IAMポリシー作成
vim policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogEvents",
"Effect": "Allow",
"Action": [
"logs:GetLogEvents",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
},
{
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroupsAndStreams",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy",
"logs:CreateLogGroup"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/rds/*"
}
]
}
aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "rds.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 3. ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01 \
--role-name role01
-- 4. クラスタパラメータグループ作成
aws rds create-db-cluster-parameter-group \
--db-parameter-group-family aurora-mysql5.7 \
--db-cluster-parameter-group-name cpg01 \
--description cpg01
vim a.json
[
{
"ParameterName": "general_log",
"ParameterValue": "1",
"ApplyMethod": "immediate"
},
{
"ParameterName": "slow_query_log",
"ParameterValue": "1",
"ApplyMethod": "immediate"
},
{
"ParameterName": "long_query_time",
"ParameterValue": "3",
"ApplyMethod": "immediate"
},
{
"ParameterName": "server_audit_logging",
"ParameterValue": "1",
"ApplyMethod": "immediate"
},
{
"ParameterName": "server_audit_events",
"ParameterValue": "CONNECT,QUERY,TABLE",
"ApplyMethod": "immediate"
},
{
"ParameterName": "server_audit_incl_users",
"ParameterValue": "root",
"ApplyMethod": "immediate"
}
]
aws rds modify-db-cluster-parameter-group \
--db-cluster-parameter-group-name cpg01 \
--parameters file://a.json
-- 5. クラスタの作成
aws rds create-db-cluster \
--db-cluster-identifier cluster12 \
--engine aurora-mysql \
--engine-version 5.7.mysql_aurora.2.10.0 \
--master-username root \
--master-user-password 'password' \
--db-cluster-parameter-group-name cpg01 \
--enable-cloudwatch-logs-exports '["error","general","audit","slowquery"]'
aws rds create-db-instance \
--db-instance-identifier cluster12-instance01 \
--db-cluster-identifier cluster12 \
--db-instance-class db.t3.small \
--engine aurora-mysql \
--no-auto-minor-version-upgrade
-- 6. IAMロールをクラスタに関連付ける
aws rds add-role-to-db-cluster \
--db-cluster-identifier cluster12 \
--role-arn arn:aws:iam::999999999999:role/role01
-- 7. ログ確認
aws rds describe-db-log-files --db-instance-identifier cluster12-instance01
select sleep(10);
-- 8. クリーンアップ
-- ロールの一覧
aws iam list-roles | grep role01
-- ロールの削除
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam delete-role --role-name role01
-- ポリシーの一覧
aws iam list-policies | grep policy01
-- ポリシーの削除
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01
-- クラスタ削除
aws rds delete-db-instance \
--db-instance-identifier cluster12-instance01 \
--skip-final-snapshot
aws rds delete-db-cluster \
--db-cluster-identifier cluster12 \
--skip-final-snapshot
-- クラスタパラメータグループ削除
aws rds delete-db-cluster-parameter-group --db-cluster-parameter-group-name cpg01
