主页 / server / 问题 / 1011362
Accepted
Tim
Asked: 2020-04-08 14:01:52 +0800 CST

如何使用 CloudFormation YAML 对 AWS RDS Oracle 实施传输中的加密?

  • 772

在使用 CloudFormation YAML 设置 RDS 数据库时,如何为 AWS RDS Oracle 实例启用和强制执行/强制传输中的加密。

oracle amazon-web-services amazon-rds

1 个回答

  1. Best Answer

    以下适用于 Oracle 19 SE2。我已经从引用值和导入值中修改了一些值,因此可能需要进行一些调整才能使其完全正常工作。确保正确设置用户和密码。

    适用的文档可以在这里找到,CloudFormation 文档在这里。如何连接到数据库可以在这里找到。

    OracleDatabaseSG:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Oracle Database security group
    GroupName: OracleDatabaseSG
    VpcId: 
      vpc-123456
    SecurityGroupIngress: 
      - IpProtocol: tcp
        FromPort: 2484
        ToPort: 2484
        CidrIp: 192.168.0.0/24
        Description: Allow encrypted ingress only
  SecurityGroupEgress:
    - CidrIp: 127.0.0.1/32
      IpProtocol: icmpv6
      Description: Effectively block egress
  Tags: 
    - Key: Name
      Value: OracleDatabaseSG


OracleRDSOptionGroup:
  Type: AWS::RDS::OptionGroup
  Properties: 
    OptionGroupDescription: oracle-19-options-group
    EngineName: oracle-se2
    MajorEngineVersion: 19.0.0.0.ru-2020-01.rur-2020-01.r1
    OptionConfigurations:
      - 
        OptionName: APEX
        OptionVersion: 19.1.v1
      -
        OptionName: APEX-DEV
      -
        OptionName: SSL
        VpcSecurityGroupMemberships:
          - OracleDatabaseSG
        Port: 2484
        OptionSettings:
          -
            Name: SQLNET.SSL_VERSION
            Value: 1.2

OracleRDSDatabaseServer:
    Type: 'AWS::RDS::DBInstance'
    Properties:
        DBInstanceIdentifier: RDS-Oracle
        DBName: oracle
        DBInstanceClass: db.t3.small
        DBSubnetGroupName: Subnet-Group-Name
        LicenseModel: license-included
        StorageType: gp2
        AllocatedStorage: 10
        MaxAllocatedStorage: 50
        Engine: oracle-se2
        EngineVersion: 19.0.0.0.ru-2020-01.rur-2020-01.r1         
        MasterUsername: USERNAME
        MasterUserPassword: PASSWORD
        AvailabilityZone: us-east-1a
        StorageEncrypted: true
        MultiAZ: false
        PubliclyAccessible: false
        AllowMajorVersionUpgrade: false
        AutoMinorVersionUpgrade: true
        DeleteAutomatedBackups: true
        EnablePerformanceInsights: true
        PerformanceInsightsRetentionPeriod: 7
        OptionGroupName: OracleRDSOptionGroup
        VPCSecurityGroups:
            - OracleDatabaseSG
        Tags: 
            - Key: Name
              Value: OracleDB
    • 0

相关问题