在这个AWS数据库博客中,他们断言
您可以在单个AZ数据库(DB(实例或针对高可用性要求的多AZ数据库实例
并且您可以
。。。将现有的单AZ实例修改为多AZ部署。
此外,
。。。您可以创建多AZ读取复制副本,并将其与单个AZ数据库实例,然后将其提升为您的主数据库实例以最小化转换期间的延迟。
此外,在官方AWS VPC模块的v1.32中,有多处引用了single_nat_gateway的使用,特别是
如果single_nat_gateway=true,则所有私有子网都将路由他们的互联网流量通过这个单一的NAT网关。
并且在官方RDS模块中,multi_az显示为默认为false(链接(。
尽管如此,我还是得到了以下错误
╷
│ Error: DBSubnetGroupDoesNotCoverEnoughAZs: The DB subnet group doesn't meet Availability Zone (AZ) coverage requirement. Current AZ coverage: us-west-2a. Add subnets to cover at least 2 AZs.
│ status code: 400, request id: *****
│
│ with module.rds.module.db_subnet_group.aws_db_subnet_group.this[0],
│ on .terraform/modules/rds/modules/db_subnet_group/main.tf line 8, in resource "aws_db_subnet_group" "this":
│ 8: resource "aws_db_subnet_group" "this" {
当尝试terraform apply时,此main.tf配置:
module "rds" {
source = "terraform-aws-modules/rds/aws"
version = "~> 3.4.0"
identifier = "${var.env}-${var.user}-${local.db_name}"
engine = var.postgres.engine
engine_version = var.postgres.engine_version
family = var.postgres.family
major_engine_version = var.postgres.major_engine_version
instance_class = var.postgres.instance_class
allocated_storage = var.postgres.allocated_storage
max_allocated_storage = var.postgres.max_allocated_storage
storage_encrypted = var.postgres.storage_encrypted
password = random_password.password.result
port = var.postgres.port
multi_az = false
subnet_ids = [data.aws_subnet.priv1.id]
vpc_security_group_ids = [module.db_security_group.security_group_id]
maintenance_window = var.postgres.maintenance_window
backup_window = var.postgres.backup_window
enabled_cloudwatch_logs_exports = var.postgres.enabled_cloudwatch_logs_exports
backup_retention_period = var.postgres.backup_retention_period
skip_final_snapshot = var.postgres.skip_final_snapshot
deletion_protection = var.postgres.deletion_protection
performance_insights_enabled = var.postgres.performance_insights_enabled
performance_insights_retention_period = var.postgres.performance_insights_retention_period
create_monitoring_role = var.postgres.create_monitoring_role
monitoring_role_name = "${var.env}-${var.user}-${var.postgres.monitoring_role_name}"
monitoring_interval = var.postgres.monitoring_interval
snapshot_identifier = var.postgres.snapshot_identifier
iam_database_authentication_enabled = var.postgres.iam_auth
apply_immediately = true
tags = {
Name = "${var.env}-${var.user}-rds"
Terraform = "true"
Environment = var.env
Created = timestamp()
}
}
在我的terraform.tfvars:中定义了这个postgres变量
postgres = {
db_name = "postgres-db"
# All available versions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts
engine = "postgres"
engine_version = "11.12"
family = "postgres11" # DB parameter group
major_engine_version = "11" # DB option group
instance_class = "db.t2.micro"
allocated_storage = 100
max_allocated_storage = 200
storage_encrypted = false
port = 5432
multi_az = false
maintenance_window = "Mon:00:00-Mon:03:00"
backup_window = "03:00-06:00"
enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
backup_retention_period = 0
skip_final_snapshot = true
deletion_protection = false
performance_insights_enabled = false
performance_insights_retention_period = 7
create_monitoring_role = true
monitoring_role_name = "monitoring_role"
monitoring_interval = 60
snapshot_identifier = "arn:aws:rds:us-west-2:999999999999:snapshot:rds-ss"
iam_auth = true
}
SO上的类似问题似乎都有答案,主题是您必须提供多个可用区域,这意味着至少有两个子网,如果您手动将其创建为私有子网,则每个子网都需要自己的NAT网关。这似乎是不必要的昂贵和限制,尤其是对于开发和测试环境。
如何使用这些组件部署单个az RDS Postgres实例?
一个DB子网组必须有多个子网。这是RDS无法绕过的要求。即使您只部署了一个实例,如果整个可用性区域关闭,Amazon RDS也会自动在您指定的其他可用性区域中启动一个新实例。这是您使用Amazon RDS自动获得的托管数据库服务之一。
因此,即使部署单个az实例,也必须在DB子网组中指定多个可用区域。