aws-nakama-stack/cloudformation/nakama/rds.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama RDS stack
Parameters:
  #------------------------
  # Deployment Information
  #------------------------
  environment:
    Type: String
    Description: Name of the environment
    Default: production
  VpcId:
    Description: ID of the VPC
    Type: AWS::EC2::VPC::Id

  #------------------
  # Secret's Manager
  #------------------
  Secret:
    Type: String
    Description: Arn of the secret in Secret's Manager
    Default: ""

Conditions:
  CreateSecret: !Equals [!Ref Secret, ""]

Resources:
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: RDS Allowed Ports
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "5432"
          ToPort: "5432"
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0

  RdsPassword:
    Type: AWS::SecretsManager::Secret
    Condition: CreateSecret
    Properties:
      Name: !Sub "nakama/rds/password"
      Description: "Master password for RDS"
      GenerateSecretString:
        ExcludePunctuation: true
        ExcludeCharacters: '"@/\'

  DbInstance:
    Type: AWS::RDS::DBInstance
    Properties: 
      DBInstanceClass: db.t2.micro
      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
      Engine: postgres
      MasterUsername: postgres
      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
      Port: "5432"
      AllocatedStorage: "100"
      VPCSecurityGroups:
        - !Ref SecurityGroup

Outputs:
  RdsSecret:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
  RdsUsername:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: postgres
  RdsEnpoint:
    Description: Endpoint to connect to database
    Value: !GetAtt DbInstance.Endpoint.Address
  RdsPort:
    Description: Port to connect to database
    Value: !GetAtt DbInstance.Endpoint.Port
Optional build RDS database 2019-10-24 01:44:48 +02:00			`AWSTemplateFormatVersion: "2010-09-09"`
			`Description: Nakama RDS stack`
			`Parameters:`
			`#------------------------`
			`# Deployment Information`
			`#------------------------`
			`environment:`
			`Type: String`
			`Description: Name of the environment`
			`Default: production`
			`VpcId:`
			`Description: ID of the VPC`
			`Type: AWS::EC2::VPC::Id`

			`#------------------`
			`# Secret's Manager`
			`#------------------`
			`Secret:`
			`Type: String`
			`Description: Arn of the secret in Secret's Manager`
			`Default: ""`

			`Conditions:`
			`CreateSecret: !Equals [!Ref Secret, ""]`

			`Resources:`
			`SecurityGroup:`
			`Type: AWS::EC2::SecurityGroup`
			`Properties:`
			`GroupDescription: RDS Allowed Ports`
			`VpcId: !Ref VpcId`
			`SecurityGroupIngress:`
			`- IpProtocol: icmp`
			`FromPort: "-1"`
			`ToPort: "-1"`
			`CidrIp: 0.0.0.0/0`
			`- IpProtocol: tcp`
			`FromPort: "5432"`
			`ToPort: "5432"`
			`CidrIp: 0.0.0.0/0`
			`SecurityGroupEgress:`
			`- IpProtocol: icmp`
			`FromPort: "-1"`
			`ToPort: "-1"`
			`CidrIp: 0.0.0.0/0`
			`- IpProtocol: tcp`
			`FromPort: "0"`
			`ToPort: "65535"`
			`CidrIp: 0.0.0.0/0`
			`- IpProtocol: udp`
			`FromPort: "0"`
			`ToPort: "65535"`
			`CidrIp: 0.0.0.0/0`

			`RdsPassword:`
			`Type: AWS::SecretsManager::Secret`
			`Condition: CreateSecret`
			`Properties:`
			`Name: !Sub "nakama/rds/password"`
			`Description: "Master password for RDS"`
			`GenerateSecretString:`
			`ExcludePunctuation: true`
			`ExcludeCharacters: '"@/\'`

			`DbInstance:`
			`Type: AWS::RDS::DBInstance`
			`Properties:`
			`DBInstanceClass: db.t2.micro`
			`DBInstanceIdentifier: !Sub "nakama-rds-${environment}"`
			`Engine: postgres`
			`MasterUsername: postgres`
			`MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]`
			`Port: "5432"`
			`AllocatedStorage: "100"`
			`VPCSecurityGroups:`
			`- !Ref SecurityGroup`

			`Outputs:`
			`RdsSecret:`
			`Description: ARN of the Secret's Manager secret for the RDS password`
			`Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]`
			`RdsUsername:`
			`Description: ARN of the Secret's Manager secret for the RDS password`
			`Value: postgres`
			`RdsEnpoint:`
			`Description: Endpoint to connect to database`
			`Value: !GetAtt DbInstance.Endpoint.Address`
			`RdsPort:`
			`Description: Port to connect to database`
			`Value: !GetAtt DbInstance.Endpoint.Port`