UMIHICO BLOG.

調査用のEC2をサクッと立ち上げるterraformスニペット

#AWS#Terraform

ECSのアプリがRDSのDBにつながらない事態が発生し、どうも解決できないのでEC2を同じVPCに立ててRDSに接続できるか確かめてみることにしました。再利用できるようにメモ

カスタムした点として以下を入れてます

  • 256GBの保存容量
  • docker, docker-compose
  • MySQL Client

tfファイルはこちらです。

terraform {
  backend "local" {
    path = "terraform.tfstate"
  }
}

provider "aws" {
  region = "ap-northeast-1"
}

variable "vpc_id" { type = string }            # TF_VAR_vpc_id
variable "subnet_id" { type = string }         # TF_VAR_subnet_id
variable "my_ip" { type = string }             # TF_VAR_my_ip
variable "security_group_id" { type = string } # TF_VAR_security_group_id

resource "random_integer" "priority" {
  min = 1000000
  max = 10000000
}

resource "aws_security_group" "temp" {
  name   = "temp${random_integer.priority.result}"
  vpc_id = var.vpc_id

  ingress {
    description = "allow from home"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["${var.my_ip}/32"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
}

resource "aws_iam_role" "temp_role" {
  name = "temp_role${random_integer.priority.result}"
  assume_role_policy = jsonencode({
    "Version" : "2012-10-17"
    "Statement" : [
      {
        "Action" : "sts:AssumeRole"
        "Effect" : "Allow"
        "Principal" : {
          "Service" : ["ec2.amazonaws.com"]
        },
      },
    ]
  })
  managed_policy_arns = [
    "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
    "arn:aws:iam::aws:policy/PowerUserAccess",
  ]
}


resource "aws_iam_instance_profile" "temp" {
  name = "temp_role_profile${random_integer.priority.result}"
  role = aws_iam_role.temp_role.name
}

resource "aws_instance" "temp" {
  ami                         = "ami-0bcc04d20228d0cf6"
  vpc_security_group_ids      = concat([aws_security_group.temp.id], length(var.security_group_id) > 0 ? [var.security_group_id] : [])
  subnet_id                   = var.subnet_id
  key_name                    = aws_key_pair.umihico.id
  instance_type               = "t2.micro"
  iam_instance_profile        = "temp_role_profile${random_integer.priority.result}"
  associate_public_ip_address = true

  root_block_device {
    delete_on_termination = true
    encrypted             = false
    volume_size           = 256 # default is 8
    volume_type           = "gp2"
  }
  user_data = <<-EOF
    #!/bin/bash

    sudo yum update -y
    sudo yum groupinstall "Development Tools" -y

    # docker
    sudo yum install -y docker
    sudo systemctl start docker
    sudo usermod -a -G docker ec2-user
    sudo systemctl enable docker
    sudo chmod 666 /var/run/docker.sock

    # docker-compose
    sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    
    # mysql client(5.7)
    sudo yum localinstall https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm -y
    sudo yum-config-manager --disable mysql80-community
    sudo yum-config-manager --enable mysql57-community
    sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
    sudo yum install mysql-community-client -y
  EOF
}

resource "aws_key_pair" "umihico" {
  # https://github.com/umihico.keys
  key_name   = "umihico${random_integer.priority.result}"
  public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUMIHICoCb3Sy2n1qPXOxc2mFBqW9Hg0dRigxl2F3nW"
}

output "temp" {
  value = {
    instance : aws_instance.temp
  }
}

applyするときのスクリプト

#!/bin/bash
set -euoxv pipefail

OUTPUT=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=hoge-vpc-private-ap-northeast-1a")

export TF_VAR_vpc_id=$(echo $OUTPUT | jq -r ".Subnets[0].VpcId")
export TF_VAR_subnet_id=$(echo $OUTPUT | jq -r ".Subnets[0].SubnetId")
export TF_VAR_security_group_id=
export TF_VAR_my_ip=$(curl -s http://checkip.amazonaws.com)

cd $(dirname $0)

terraform init
terraform apply -auto-approve
OUTPUT=$(terraform output -json)
PUBLIC_DNS=$(echo $OUTPUT | jq -r ".temp.value.instance.public_dns")
INSTANCE_ID=$(echo $OUTPUT | jq -r ".temp.value.instance.id")
echo ssh ec2-user@${PUBLIC_DNS}
echo aws ssm start-session --target ${INSTANCE_ID}
# terraform destroy -auto-approve

sshで入ってdumpしたりするコマンド


export DATABASE_USER=
export PORT=
export DATABASE_NAME=
export MYSQL_PWD=
export DATABASE_HOST=

# dump
mysqldump -u $DATABASE_USER -h $DATABASE_HOST -P $PORT --set-gtid-purged=OFF $DATABASE_NAME > dump.sql

# import
cat dump.sql | mysql -u $DATABASE_USER -P $PORT --password=$MYSQL_PWD -h $DATABASE_HOST $DATABASE_NAME
Edit this aricle on GitHub