Amazon Redshift 模板代码段
Amazon Redshift 是云中一种完全托管的 PB 级数据仓库服务。您可以使用 AWS CloudFormation 预置和管理 Amazon Redshift 集群。
Amazon Redshift 集群
下述示例模板根据在创建堆栈时指定的参数值创建 Amazon Redshift 集群。与 Amazon Redshift 集群关联的集群参数组可实现用户活动日志记录。该模板还在模板中定义的 Amazon VPC 中启动 Amazon Redshift 集群。VPC 包含一个 Internet 网关,以便您从 Internet 访问 Amazon Redshift 集群。然而,还必须启用集群与 Internet 网关之间的通信,这是通过路由表条目实现的。
注意
该模板包含 IsMultiNodeCluster
条件,以便仅当 NumberOfNodes
参数值设置为 ClusterType
时才声明 multi-node
参数。
该示例定义了 MysqlRootPassword
参数,并将其 NoEcho
属性设置为 true
。如果您将 NoEcho
属性设置为 true
,则对于描述堆栈或堆栈事件的任何调用,CloudFormation 返回使用星号 (*****) 遮蔽的参数值,但存储在下面指定位置的信息除外。
重要
使用 NoEcho
属性不会遮蔽在以下各区段中存储的任何信息:
-
Metadata
模板区段。CloudFormation 不会转换、修改或编辑您在Metadata
部分中包含的任何信息。有关更多信息,请参阅 CloudFormation 模板的 Metadata 部分语法参考。 -
Outputs
模板区段。有关更多信息,请参阅 CloudFormation 模板的 Outputs 部分语法参考。 -
资源定义的
Metadata
属性。有关更多信息,请参阅 Metadata 属性。
强烈建议您不要使用这些机制来包含敏感信息,例如密码。
重要
我们建议不要将敏感信息直接嵌入 CloudFormation 模板中,而应使用堆栈模板中的动态参数来引用在 CloudFormation 外部存储和管理的敏感信息,例如 AWS Systems Manager Parameter Store 或 AWS Secrets Manager 中的敏感信息。
有关更多信息,请参阅 请勿将凭证嵌入您的模板 最佳实践。
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Parameters" : { "DatabaseName" : { "Description" : "The name of the first database to be created when the cluster is created", "Type" : "String", "Default" : "dev", "AllowedPattern" : "([a-z]|[0-9])+" }, "ClusterType" : { "Description" : "The type of cluster", "Type" : "String", "Default" : "single-node", "AllowedValues" : [ "single-node", "multi-node" ] }, "NumberOfNodes" : { "Description" : "The number of compute nodes in the cluster. For multi-node clusters, the NumberOfNodes parameter must be greater than 1", "Type" : "Number", "Default" : "1" }, "NodeType" : { "Description" : "The type of node to be provisioned", "Type" : "String", "Default" : "ds2.xlarge", "AllowedValues" : [ "ds2.xlarge", "ds2.8xlarge", "dc1.large", "dc1.8xlarge" ] }, "MasterUsername" : { "Description" : "The user name that is associated with the master user account for the cluster that is being created", "Type" : "String", "Default" : "defaultuser", "AllowedPattern" : "([a-z])([a-z]|[0-9])*" }, "MasterUserPassword" : { "Description" : "The password that is associated with the master user account for the cluster that is being created.", "Type" : "String", "NoEcho" : "true" }, "InboundTraffic" : { "Description" : "Allow inbound traffic to the cluster from this CIDR range.", "Type" : "String", "MinLength": "9", "MaxLength": "18", "Default" : "0.0.0.0/0", "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." }, "PortNumber" : { "Description" : "The port number on which the cluster accepts incoming connections.", "Type" : "Number", "Default" : "5439" } }, "Conditions" : { "IsMultiNodeCluster" : { "Fn::Equals" : [{ "Ref" : "ClusterType" }, "multi-node" ] } }, "Resources" : { "RedshiftCluster" : { "Type" : "AWS::Redshift::Cluster", "DependsOn" : "AttachGateway", "Properties" : { "ClusterType" : { "Ref" : "ClusterType" }, "NumberOfNodes" : { "Fn::If" : [ "IsMultiNodeCluster", { "Ref" : "NumberOfNodes" }, { "Ref" : "AWS::NoValue" }]}, "NodeType" : { "Ref" : "NodeType" }, "DBName" : { "Ref" : "DatabaseName" }, "MasterUsername" : { "Ref" : "MasterUsername" }, "MasterUserPassword" : { "Ref" : "MasterUserPassword" }, "ClusterParameterGroupName" : { "Ref" : "RedshiftClusterParameterGroup" }, "VpcSecurityGroupIds" : [ { "Ref" : "SecurityGroup" } ], "ClusterSubnetGroupName" : { "Ref" : "RedshiftClusterSubnetGroup" }, "PubliclyAccessible" : "true", "Port" : { "Ref" : "PortNumber" } } }, "RedshiftClusterParameterGroup" : { "Type" : "AWS::Redshift::ClusterParameterGroup", "Properties" : { "Description" : "Cluster parameter group", "ParameterGroupFamily" : "redshift-1.0", "Parameters" : [{ "ParameterName" : "enable_user_activity_logging", "ParameterValue" : "true" }] } }, "RedshiftClusterSubnetGroup" : { "Type" : "AWS::Redshift::ClusterSubnetGroup", "Properties" : { "Description" : "Cluster subnet group", "SubnetIds" : [ { "Ref" : "PublicSubnet" } ] } }, "VPC" : { "Type" : "AWS::EC2::VPC", "Properties" : { "CidrBlock" : "10.0.0.0/16" } }, "PublicSubnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "CidrBlock" : "10.0.0.0/24", "VpcId" : { "Ref" : "VPC" } } }, "SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Security group", "SecurityGroupIngress" : [ { "CidrIp" : { "Ref": "InboundTraffic" }, "FromPort" : { "Ref" : "PortNumber" }, "ToPort" : { "Ref" : "PortNumber" }, "IpProtocol" : "tcp" } ], "VpcId" : { "Ref" : "VPC" } } }, "myInternetGateway" : { "Type" : "AWS::EC2::InternetGateway" }, "AttachGateway" : { "Type" : "AWS::EC2::VPCGatewayAttachment", "Properties" : { "VpcId" : { "Ref" : "VPC" }, "InternetGatewayId" : { "Ref" : "myInternetGateway" } } }, "PublicRouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { "VpcId" : { "Ref" : "VPC" } } }, "PublicRoute" : { "Type" : "AWS::EC2::Route", "DependsOn" : "AttachGateway", "Properties" : { "RouteTableId" : { "Ref" : "PublicRouteTable" }, "DestinationCidrBlock" : "0.0.0.0/0", "GatewayId" : { "Ref" : "myInternetGateway" } } }, "PublicSubnetRouteTableAssociation" : { "Type" : "AWS::EC2::SubnetRouteTableAssociation", "Properties" : { "SubnetId" : { "Ref" : "PublicSubnet" }, "RouteTableId" : { "Ref" : "PublicRouteTable" } } } }, "Outputs" : { "ClusterEndpoint" : { "Description" : "Cluster endpoint", "Value" : { "Fn::Join" : [ ":", [ { "Fn::GetAtt" : [ "RedshiftCluster", "Endpoint.Address" ] }, { "Fn::GetAtt" : [ "RedshiftCluster", "Endpoint.Port" ] } ] ] } }, "ClusterName" : { "Description" : "Name of cluster", "Value" : { "Ref" : "RedshiftCluster" } }, "ParameterGroupName" : { "Description" : "Name of parameter group", "Value" : { "Ref" : "RedshiftClusterParameterGroup" } }, "RedshiftClusterSubnetGroupName" : { "Description" : "Name of cluster subnet group", "Value" : { "Ref" : "RedshiftClusterSubnetGroup" } }, "RedshiftClusterSecurityGroupName" : { "Description" : "Name of cluster security group", "Value" : { "Ref" : "SecurityGroup" } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Parameters: DatabaseName: Description: The name of the first database to be created when the cluster is created Type: String Default: dev AllowedPattern: "([a-z]|[0-9])+" ClusterType: Description: The type of cluster Type: String Default: single-node AllowedValues: - single-node - multi-node NumberOfNodes: Description: The number of compute nodes in the cluster. For multi-node clusters, the NumberOfNodes parameter must be greater than 1 Type: Number Default: '1' NodeType: Description: The type of node to be provisioned Type: String Default: ds2.xlarge AllowedValues: - ds2.xlarge - ds2.8xlarge - dc1.large - dc1.8xlarge MasterUsername: Description: The user name that is associated with the master user account for the cluster that is being created Type: String Default: defaultuser AllowedPattern: "([a-z])([a-z]|[0-9])*" MasterUserPassword: Description: The password that is associated with the master user account for the cluster that is being created. Type: String NoEcho: 'true' InboundTraffic: Description: Allow inbound traffic to the cluster from this CIDR range. Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid CIDR range of the form x.x.x.x/x. PortNumber: Description: The port number on which the cluster accepts incoming connections. Type: Number Default: '5439' Conditions: IsMultiNodeCluster: Fn::Equals: - Ref: ClusterType - multi-node Resources: RedshiftCluster: Type: AWS::Redshift::Cluster DependsOn: AttachGateway Properties: ClusterType: Ref: ClusterType NumberOfNodes: Fn::If: - IsMultiNodeCluster - Ref: NumberOfNodes - Ref: AWS::NoValue NodeType: Ref: NodeType DBName: Ref: DatabaseName MasterUsername: Ref: MasterUsername MasterUserPassword: Ref: MasterUserPassword ClusterParameterGroupName: Ref: RedshiftClusterParameterGroup VpcSecurityGroupIds: - Ref: SecurityGroup ClusterSubnetGroupName: Ref: RedshiftClusterSubnetGroup PubliclyAccessible: 'true' Port: Ref: PortNumber RedshiftClusterParameterGroup: Type: AWS::Redshift::ClusterParameterGroup Properties: Description: Cluster parameter group ParameterGroupFamily: redshift-1.0 Parameters: - ParameterName: enable_user_activity_logging ParameterValue: 'true' RedshiftClusterSubnetGroup: Type: AWS::Redshift::ClusterSubnetGroup Properties: Description: Cluster subnet group SubnetIds: - Ref: PublicSubnet VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 PublicSubnet: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.0.0/24 VpcId: Ref: VPC SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security group SecurityGroupIngress: - CidrIp: Ref: InboundTraffic FromPort: Ref: PortNumber ToPort: Ref: PortNumber IpProtocol: tcp VpcId: Ref: VPC myInternetGateway: Type: AWS::EC2::InternetGateway AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: VPC InternetGatewayId: Ref: myInternetGateway PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: VPC PublicRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: Ref: PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: myInternetGateway PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: Ref: PublicSubnet RouteTableId: Ref: PublicRouteTable Outputs: ClusterEndpoint: Description: Cluster endpoint Value: !Sub "${RedshiftCluster.Endpoint.Address}:${RedshiftCluster.Endpoint.Port}" ClusterName: Description: Name of cluster Value: Ref: RedshiftCluster ParameterGroupName: Description: Name of parameter group Value: Ref: RedshiftClusterParameterGroup RedshiftClusterSubnetGroupName: Description: Name of cluster subnet group Value: Ref: RedshiftClusterSubnetGroup RedshiftClusterSecurityGroupName: Description: Name of cluster security group Value: Ref: SecurityGroup