在使用 CloudFormation YAML 设置 RDS 数据库时,如何为 AWS RDS Oracle 实例启用和强制/要求传输中加密。
答案1
以下内容适用于 Oracle 19 SE2。我修改了引用和导入的值中的一些值,因此可能需要进行一些调整才能使其完全正常工作。确保用户和密码设置正确。
可以找到适用的文档这里、CloudFormation 文档这里.如何连接数据库可以参阅这里。
OracleDatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Oracle Database security group
GroupName: OracleDatabaseSG
VpcId:
vpc-123456
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 2484
ToPort: 2484
CidrIp: 192.168.0.0/24
Description: Allow encrypted ingress only
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
IpProtocol: icmpv6
Description: Effectively block egress
Tags:
- Key: Name
Value: OracleDatabaseSG
OracleRDSOptionGroup:
Type: AWS::RDS::OptionGroup
Properties:
OptionGroupDescription: oracle-19-options-group
EngineName: oracle-se2
MajorEngineVersion: 19.0.0.0.ru-2020-01.rur-2020-01.r1
OptionConfigurations:
-
OptionName: APEX
OptionVersion: 19.1.v1
-
OptionName: APEX-DEV
-
OptionName: SSL
VpcSecurityGroupMemberships:
- OracleDatabaseSG
Port: 2484
OptionSettings:
-
Name: SQLNET.SSL_VERSION
Value: 1.2
OracleRDSDatabaseServer:
Type: 'AWS::RDS::DBInstance'
Properties:
DBInstanceIdentifier: RDS-Oracle
DBName: oracle
DBInstanceClass: db.t3.small
DBSubnetGroupName: Subnet-Group-Name
LicenseModel: license-included
StorageType: gp2
AllocatedStorage: 10
MaxAllocatedStorage: 50
Engine: oracle-se2
EngineVersion: 19.0.0.0.ru-2020-01.rur-2020-01.r1
MasterUsername: USERNAME
MasterUserPassword: PASSWORD
AvailabilityZone: us-east-1a
StorageEncrypted: true
MultiAZ: false
PubliclyAccessible: false
AllowMajorVersionUpgrade: false
AutoMinorVersionUpgrade: true
DeleteAutomatedBackups: true
EnablePerformanceInsights: true
PerformanceInsightsRetentionPeriod: 7
OptionGroupName: OracleRDSOptionGroup
VPCSecurityGroups:
- OracleDatabaseSG
Tags:
- Key: Name
Value: OracleDB