Identifying an AWS RDS-hosted database by its tag information
2021-08-28 02:58:10 Author: derflounder.wordpress.com(查看原文) 阅读量:41 收藏

Recently, I was working on a task where I wanted to set up an automated process to create manual database snapshots for a database hosted in Amazon’s RDS service. Normally this is a straightforward process because you can use the database’s unique identifier when requesting the database snapshot to be created.

However in this case, the database was being created as part of an Elastic Beanstalk configuration. This meant that there was the potential for the database in question to be removed from RDS and a new one set up, which meant a new unique identifier for the database I wanted to create manual database snapshots from.

The Elastic Beanstalk configuration does tag the database, using a Name tag specified in the Elastic Beanstalk configuration, so the answer seemed obvious: Use the tag information to identify the database. That way, even if the database identifier changed (because a new database had been created), the automated process could find the new database on its own and continue to make snapshots.

One hitch: Within the AWS API, RDS lists only the following three API calls to interact with tags.

ListTagsForResource would seem to be the answer, but the hitch there is that you have to have the database’s Amazon Resource Name (ARN) identifier available first and then use that to list the tags associated with the database:

aws rds add-tags-to-resource --resource-name arn:aws:rds:us-east-1:123456789102:db:dev-test-db-instance --tags Key=Name

I was coming at it from the other end – I wanted to use the tag information to find the database. RDS’s API doesn’t support that.

Fortunately, the RDS API is not the only way to read tags from an RDS database. For more details, please see below the jump.

The answer is that outside of RDS, there is also the Resource Groups Tagging API, which is accessible using the resourcegroupstaggingapi command for the AWS CLI tool. Among other things, the resourcegroupstaggingapi command allows you to identify a specified values for a specified key for a specified service.

For example, if you were looking for a RDS-hosted database whose database identifier you didn’t know, but you did know that it is in AWS’s eu-west-1 region and had a Name tag with the value of VIPDatabase, you could run the following query to get that databases’s ARN identifier:

aws –region eu-west-1 resourcegroupstaggingapi get-resources –resource-type-filters rds:db –query "ResourceTagMappingList[?Tags[? Key == 'Name' && Value == 'VIPDatabase']].ResourceARN"

Once you had the ARN identifier, you could then use the following command to get the matching database’s instance identifier. For this example, we’re using arn:aws:rds:eu-west-1:123456789012:db:database_name_here as the ARN identifier:

aws rds --region eu-west-1 describe-db-instances --db-instance-identifier arn:aws:rds:eu-west-1:123456789012:db:database_name_here --query "*[].{DBInstanceIdentifier:DBInstanceIdentifier}"

Assuming you wanted to use this lookup capability in a shell script, the following code should get you started:

#!/bin/bash
TagKey="Tag Key Goes Here"
TagValue="Tag's Value Goes Here"
aws_region=$(/bin/curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed "s/.$//g")
RDSDatabaseARNIdentifier=$(aws –region "$aws_region" resourcegroupstaggingapi get-resources –resource-type-filters rds:db –query "ResourceTagMappingList[?Tags[? Key == '$TagKey' && Value == '$TagValue']].ResourceARN" –output=text)
RDSDatabaseDBIdentifier=$(aws rds –region "$aws_region" describe-db-instances –db-instance-identifier "$RDSDatabaseARNIdentifier" –query "*[].{DBInstanceIdentifier:DBInstanceIdentifier}" –output text)

In the case of our example, where you’re looking for a database with a Name tag where the Name tag’s value is VIPDatabase, it would look like this:

#!/bin/bash
TagKey="Name"
TagValue="VIPDatabase"
aws_region=$(/bin/curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed "s/.$//g")
RDSDatabaseARNIdentifier=$(aws –region "$aws_region" resourcegroupstaggingapi get-resources –resource-type-filters rds:db –query "ResourceTagMappingList[?Tags[? Key == '$TagKey' && Value == '$TagValue']].ResourceARN" –output=text)
RDSDatabaseDBIdentifier=$(aws rds –region "$aws_region" describe-db-instances –db-instance-identifier "$RDSDatabaseARNIdentifier" –query "*[].{DBInstanceIdentifier:DBInstanceIdentifier}" –output text)

文章来源: https://derflounder.wordpress.com/2021/08/27/identifying-an-aws-rds-hosted-database-by-its-tag-information/
如有侵权请联系:admin#unsafe.sh