https://qiita.com/okubot55/items/e5d81216d730eb2619cc
https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/param-create-cli.html
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 コマンドインストール
sudo yum -y install jq mysql
-- 1.3 MySQL 8クライアント インストール
sudo yum -y remove mariadb-libs
sudo yum -y localinstall https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
sudo yum-config-manager --disable mysql57-community
sudo yum-config-manager --enable mysql80-community
sudo yum info mysql-community-client
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
sudo yum -y install mysql-community-client
mysql --version
-- 2. Secure Stringタイプのパラメータを登録する
aws ssm describe-parameters
aws ssm put-parameter \
--type "SecureString" \
--name "password" \
--value 'password'
aws ssm get-parameter \
--name "password" \
--with-decryption
aws ssm get-parameter-history \
--name "password"
-- 3. スタック作成
AWSTemplateFormatVersion: "2010-09-09"
Description: Provision RDS using AWS Secrets Manager
Resources:
RDS:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: mysql01
Engine: MySQL
EngineVersion: 8.0.25
DBInstanceClass: db.t3.micro
AllocatedStorage: 20
StorageType: gp2
MasterUsername: root
MasterUserPassword: '{{resolve:ssm-secure:password:1}}'
PubliclyAccessible: false
MultiAZ: false
AutoMinorVersionUpgrade: false
EnablePerformanceInsights : false
BackupRetentionPeriod: 1
Tags:
- Key: Name
Value: mysql01
DeletionPolicy: Delete
aws cloudformation validate-template \
--template-body file://a.yaml
aws cloudformation create-stack \
--stack-name stack01 \
--template-body file://a.yaml
-- 4. スタック一覧
aws cloudformation describe-stacks \
--stack-name stack01
aws cloudformation describe-stack-resources \
--stack-name stack01
-- 5. 動作確認
mysql -h mysql01.xxxxxxxxxxxx.ap-northeast-1.rds.amazonaws.com -P 3306 -u root -p
-- 6. クリーンアップ
-- スタック削除
aws cloudformation delete-stack \
--stack-name stack01
aws rds describe-db-instances
aws rds describe-db-instances | jq -c '.DBInstances[] | [ .DBInstanceIdentifier , .DBInstanceStatus ] '
-- パラメータ削除
aws ssm describe-parameters
aws ssm delete-parameter \
--name "password"