-
Notifications
You must be signed in to change notification settings - Fork 0
/
rds.yml
113 lines (98 loc) · 3.04 KB
/
rds.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
AWSTemplateFormatVersion: 2010-09-09
Description: RDS layer
Parameters:
DatabaseUsername:
Description: Database username
Type: String
Default: postgres
DatabaseName:
Description: Database name
Type: String
Default: postgres
DatabasePort:
Description: Database port
Type: Number
Default: 5432
Resources:
# Database
DatabaseSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: BattlemonDatabaseSecret
GenerateSecretString:
SecretStringTemplate: !Sub '{"username": "${DatabaseUsername}"}'
GenerateStringKey: "password"
PasswordLength: 20
ExcludeCharacters: '"@/\'
DatabasePassword:
Type: AWS::SecretsManager::Secret
Properties:
Name: BattlemonDatabasePassword
SecretString: !Sub '{{resolve:secretsmanager:${DatabaseSecret}:SecretString:password}}'
DatabaseSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable database access on port (default 5432) only from Private Subnets 1 and 2
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: !Ref DatabasePort
ToPort: !Ref DatabasePort
CidrIp: !ImportValue BattlemonPrivateSubnet1CIDR
- IpProtocol: tcp
FromPort: !Ref DatabasePort
ToPort: !Ref DatabasePort
CidrIp: !ImportValue BattlemonPrivateSubnet2CIDR
VpcId: !ImportValue BattlemonVpcId
Tags:
- Key: Name
Value: BattlemonDatabaseSecurityGroup
DatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnet group for RDS database
SubnetIds:
- !ImportValue BattlemonPrivateSubnet3
- !ImportValue BattlemonPrivateSubnet4
Tags:
- Key: Name
Value: BattlemonDatabaseSubnetGroup
DatabaseInstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 20
AvailabilityZone: !Select [ 0, !GetAZs "" ]
BackupRetentionPeriod: 0
DBInstanceClass: db.t3.micro
DBInstanceIdentifier: BattlemonDatabaseInstance
DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref DatabaseSubnetGroup
Engine: postgres
EngineVersion: 14.6
MasterUsername: !Ref DatabaseUsername
MasterUserPassword: !Sub '{{resolve:secretsmanager:${DatabasePassword}:SecretString}}'
MultiAZ: false
Port: !Ref DatabasePort
PubliclyAccessible: false
StorageEncrypted: false
VPCSecurityGroups: [ !Ref DatabaseSecurityGroup ]
Outputs:
DatabaseInstanceEndpointAddress:
Value: !GetAtt DatabaseInstance.Endpoint.Address
Export:
Name: BattlemonDatabaseInstanceEndpointAddress
DatabaseUserName:
Value: !Ref DatabaseUsername
Export:
Name: BattlemonDatabaseUsername
DatabaseName:
Value: !Ref DatabaseName
Export:
Name: BattlemonDatabaseName
DatabasePort:
Value: !Ref DatabasePort
Export:
Name: BattlemonDatabasePort
DatabasePasswordArn:
Value: !Ref DatabasePassword
Export:
Name: BattlemonDatabasePassword