Merge pull request #184 from YAPP-Github/fix/backup

lvalentine6 · web-flow · commit 050e495f9373 · 2025-08-20T08:36:00.000+09:00
[Fix] dev 환경 db 백업 문제 수정
diff --git a/terraform/common/locals.tf b/terraform/common/locals.tf
@@ -32,16 +32,20 @@ locals {
         "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
       ]
       custom_inline_policies = {
-        ssm_mysql_url_access = {
-          name        = "ssm-mysql-url-access"
-          description = "Allow reading MySQL URL parameter from SSM"
+        ssm_mysql_params_access = {
+          name        = "ssm-mysql-params-access"
+          description = "Allow reading MySQL params from SSM"
           policy_document = {
             Version = "2012-10-17"
             Statement = [
               {
-                Effect   = "Allow"
-                Action   = ["ssm:GetParameter"]
-                Resource = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_URL"
+                Effect = "Allow"
+                Action = ["ssm:GetParameter", "ssm:GetParametersByPath"]
+                Resource = [
+                  "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_URL",
+                  "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_USER_NAME",
+                  "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_PASSWORD"
+                ]
               }
             ]
           }
diff --git a/terraform/dev/outputs.tf b/terraform/dev/outputs.tf
@@ -28,3 +28,11 @@ output "cloudfront_domain_name" {
   value     = module.s3.cloudfront_domain_name
   sensitive = true
 }
+
+output "s3_bucket_id" {
+  value = module.s3.s3_bucket_id
+}
+
+output "s3_bucket_arn" {
+  value = module.s3.s3_bucket_arn
+}
diff --git a/terraform/dev/s3/outputs.tf b/terraform/dev/s3/outputs.tf
@@ -2,3 +2,11 @@ output "cloudfront_domain_name" {
   value     = aws_cloudfront_distribution.dev_cdn.domain_name
   sensitive = true
 }
+
+output "s3_bucket_id" {
+  value = aws_s3_bucket.dev.id
+}
+
+output "s3_bucket_arn" {
+  value = aws_s3_bucket.dev.arn
+}
diff --git a/terraform/dev/s3/scripts/mysql-backup.sh b/terraform/dev/s3/scripts/mysql-backup.sh
@@ -14,7 +14,15 @@ HOST=$(echo "$MYSQL_URL" | sed -E 's|jdbc:mysql://([^:/]+):([0-9]+)/([^?]+).*|\1
 PORT=$(echo "$MYSQL_URL" | sed -E 's|jdbc:mysql://([^:/]+):([0-9]+)/([^?]+).*|\2|')
 DB_NAME=$(echo "$MYSQL_URL" | sed -E 's|jdbc:mysql://([^:/]+):([0-9]+)/([^?]+).*|\3|')
 
-if mysqldump -h "$HOST" -P "$PORT" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$DB_NAME" > "$ARCHIVE_PATH"; then
+retries=10
+count=0
+until mysqladmin ping -h "$HOST" -P "$PORT" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" --silent || [ $count -eq $retries ]; do
+  echo "[INFO] Waiting for MySQL to be ready... ($count/$retries)"
+  sleep 2
+  count=$((count+1))
+done
+
+if mysqldump --no-tablespaces -h "$HOST" -P "$PORT" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$DB_NAME" > "$ARCHIVE_PATH"; then
   echo "[INFO] MySQL backup successful: $ARCHIVE_PATH"
 
   if aws s3 cp "$ARCHIVE_PATH" "$S3_BUCKET"; then
diff --git a/terraform/dev/scripts/user-data.sh b/terraform/dev/scripts/user-data.sh
@@ -21,6 +21,10 @@ until systemctl is-active --quiet crond; do
   sleep 1
 done
 
+sudo chown -R ec2-user:ec2-user /home/ec2-user/mysql
+
+sudo dnf install -y mariadb105
+
 (
   sudo crontab -u ec2-user -l 2>/dev/null || true
   echo "0 0 * * 0 /home/ec2-user/scripts/app-backup-dev-logs.sh >> /home/ec2-user/logs/backup/app-backup.log 2>&1"
diff --git a/terraform/prod/outputs.tf b/terraform/prod/outputs.tf
@@ -30,3 +30,13 @@ output "cloudfront_domain_name" {
   value     = module.s3.cloudfront_domain_name
   sensitive = true
 }
+
+output "rds_instance_identifier" {
+  description = "The identifier of the production RDS instance."
+  value       = module.rds.rds_instance_identifier
+}
+
+output "rds_instance_id" {
+  value     = module.rds.rds_instance_id
+  sensitive = true
+}
diff --git a/terraform/prod/rds/outputs.tf b/terraform/prod/rds/outputs.tf
@@ -7,3 +7,12 @@ output "arn" {
   description = "RDS instance ARN"
   value       = aws_db_instance.prod.arn
 }
+
+output "rds_instance_identifier" {
+  description = "The identifier of the production RDS instance."
+  value       = aws_db_instance.prod.identifier
+}
+
+output "rds_instance_id" {
+  value = aws_db_instance.prod.id
+}

Original file line number	Diff line number	Diff line change
`@@ -32,16 +32,20 @@ locals {`
`32`	`32`	`"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"`
`33`	`33`	`]`
`34`	`34`	`custom_inline_policies = {`
`35`		`- ssm_mysql_url_access = {`
`36`		`- name = "ssm-mysql-url-access"`
`37`		`- description = "Allow reading MySQL URL parameter from SSM"`
	`35`	`+ ssm_mysql_params_access = {`
	`36`	`+ name = "ssm-mysql-params-access"`
	`37`	`+ description = "Allow reading MySQL params from SSM"`
`38`	`38`	`policy_document = {`
`39`	`39`	`Version = "2012-10-17"`
`40`	`40`	`Statement = [`
`41`	`41`	`{`
`42`		`- Effect = "Allow"`
`43`		`- Action = ["ssm:GetParameter"]`
`44`		`- Resource = "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_URL"`
	`42`	`+ Effect = "Allow"`
	`43`	`+ Action = ["ssm:GetParameter", "ssm:GetParametersByPath"]`
	`44`	`+ Resource = [`
	`45`	`+ "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_URL",`
	`46`	`+ "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_USER_NAME",`
	`47`	`+ "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/dev/MYSQL_PASSWORD"`
	`48`	`+ ]`
`45`	`49`	`}`
`46`	`50`	`]`
`47`	`51`	`}`