create database (feat.terraform)

1.CIユーザーポリシーの更新

"rds:DeleteDBSubnetGroup",
"rds:CreateDBInstance",
"rds:CreateDBSubnetGroup",
"rds:DeleteDBInstance",
"rds:DescribeDBSubnetGroups",
"rds:DescribeDBInstances",
"rds:ListTagsForResource",
"rds:ModifyDBInstance",
"iam:CreateServiceLinkedRole",
"rds:AddTagsToResource"

「≪ポリシーの表示｜View Policy｜emdw≫」をクリックします。

2.RDSインスタンスの作成(feat.terraform)

variable "db_username" {
  description = "Username for the RDS postgres instance"
}

variable "db_password" {
  description = "Password for the RDS postgres instance"
}

resource "aws_db_subnet_group" "main" {
    name = "${local.prefix}-main"
    subnet_ids = [
        aws_subnet.private_a.id,
        aws_subnet.private_b.id
    ]
    tags = merge(
        local.common_tags,
        map("Name", "${local.prefix}-main")
    )
}

resource "aws_security_group" "rds" {
    description = "Allow access to the RDS database instance"
    name = "${local.prefix}-rds-inbound-access"
    vpc_id = aws_vpc.main.id
    
    ingress {
        protocol = "tcp"
        from_port = 5432
        to_port = 5432
    }
    tags = local.common_tags
}

resource "aws_db_instance" "main" {
    identifier = "${local.prefix}-db"
    name = "recipe"
    allocated_storage = 20
    storage_type = "gp2"
    engine = "postgres"
    engine_version = "11.4"
    instance_class = "db.t2.micro"
    db_subnet_group_name = aws_db_subnet_group.main.name
    password = var.db_password
    username = var.db_username
    backup_retention_period = 0
    multi_az = false
    skip_final_snapshot = true
    vpc_security_group_ids = [aws_security_group.rds.id]
    
    tags = merge(
        local.common_tags,
        map("Name", "${local.prefix}-main")
    )
}

output "db_host" {
    value = aws_db_instance.main.address
}