AWS CLI (Contd…)

Activity 1: Lets create a shell script to use aws cli to create rds mysql instance

• Steps:
  • We need a security group
    • mysql => 3306
  • We need a db subnet group default or create one
  • We need to create a free tier eligble db instance
    • instance class db.t2.micro
    • storage size 20GB
• Creating security group
• command line

#!/bin/bash

aws ec2 create-security-group \
    --description "rds mysql security group" \
    --group-name "mysqlsg" \
    --vpc-id "vpc-0263a09e73d00080c"\
    --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=mysqlsg}]"

# {
#     "GroupId": "sg-08bcb448f727c9e96",
#     "Tags": [
#         {
#             "Key": "Name",
#             "Value": "mysqlsg"
#         }
#     ]
# }

### Add 3306 open rule to every one
aws ec2 authorize-security-group-ingress \
    --group-id sg-08bcb448f727c9e96 \
    --protocol tcp \
    --port 3306 \
    --cidr 0.0.0.0/0
# {
#     "Return": true,
#     "SecurityGroupRules": [
#         {
#             "SecurityGroupRuleId": "sgr-0c0e32b5788018104",
#             "GroupId": "sg-08bcb448f727c9e96",
#             "GroupOwnerId": "678879106782",
#             "IsEgress": false,
#             "IpProtocol": "tcp",
#             "FromPort": 3306,
#             "ToPort": 3306,
#             "CidrIpv4": "0.0.0.0/0"
#         }
#     ]
# }

# Create a mysql rds instance

aws rds create-db-instance \
   --db-name 'employees' \
   --db-instance-identifier 'qtemployeesdbinst' \
   --allocated-storage 20 \
   --db-instance-class "db.t2.micro" \
   --engine "mysql" \
   --master-username "root" \
   --master-user-password "rootroot" \
   --backup-retention-period 0 \
   --no-multi-az \
   --no-auto-minor-version-upgrade \
   --publicly-accessible \
   --vpc-security-group-ids "sg-08bcb448f727c9e96"

# {
#     "DBInstance": {
#         "DBInstanceIdentifier": "qtemployeesdbinst",
#         "DBInstanceClass": "db.t2.micro",
#         "Engine": "mysql",
#         "DBInstanceStatus": "creating",
#         "MasterUsername": "root",
#         "DBName": "employees",
#         "AllocatedStorage": 20,
#         "PreferredBackupWindow": "21:33-22:03",
#         "BackupRetentionPeriod": 0,
#         "DBSecurityGroups": [],
#         "VpcSecurityGroups": [
#             {
#                 "VpcSecurityGroupId": "sg-08bcb448f727c9e96",
#                 "Status": "active"
#             }
#         ],
#         "DBParameterGroups": [
#             {
#                 "DBParameterGroupName": "default.mysql8.0",
#                 "ParameterApplyStatus": "in-sync"

• Write a script to create a security group and then lets make it reusable
• We have made the script partially reusable

#!/bin/bash

VPC_ID=$(aws ec2 describe-vpcs --filters "Name=is-default,Values=true" --query "Vpcs[0].VpcId" --output text)

echo "Found default vpc with id ${VPC_ID}"

SG_ID=$(aws ec2 create-security-group \
    --description "rds mysql security group" \
    --group-name "mysqlsg" \
    --vpc-id ${VPC_ID}\
    --tag-specifications "ResourceType=security-group,Tags=[{Key=Name,Value=mysqlsg}]" \
    --query "GroupId" \
    --output text)

echo "Created security group with id ${SG_ID}"


### Add 3306 open rule to every one
OUTPUT=$(aws ec2 authorize-security-group-ingress \
    --group-id ${SG_ID} \
    --protocol tcp \
    --port 3306 \
    --cidr 0.0.0.0/0)