2019-10-24 01:44:48 +02:00
|
|
|
AWSTemplateFormatVersion: "2010-09-09"
|
|
|
|
Description: Nakama RDS stack
|
|
|
|
Parameters:
|
|
|
|
#------------------------
|
|
|
|
# Deployment Information
|
|
|
|
#------------------------
|
|
|
|
environment:
|
|
|
|
Type: String
|
|
|
|
Description: Name of the environment
|
|
|
|
Default: production
|
|
|
|
VpcId:
|
|
|
|
Description: ID of the VPC
|
|
|
|
Type: AWS::EC2::VPC::Id
|
|
|
|
|
2019-11-03 23:34:28 +01:00
|
|
|
#-----------------
|
|
|
|
# RDS Information
|
|
|
|
#-----------------
|
|
|
|
InstanceClass:
|
2019-10-24 01:44:48 +02:00
|
|
|
Type: String
|
2019-11-03 23:34:28 +01:00
|
|
|
Description: Instance class for the dabase to run on
|
|
|
|
Default: db.t2.micro
|
|
|
|
DatabaseEngine:
|
|
|
|
Type: String
|
|
|
|
Description: Database engine for the database to use
|
|
|
|
Default: postgres
|
|
|
|
DatabaseUsername:
|
|
|
|
Type: String
|
|
|
|
Description: Master account's username for database
|
|
|
|
Default: postgres
|
|
|
|
DatabasePort:
|
|
|
|
Type: Number
|
|
|
|
Description: Port for the database to open a socket on
|
|
|
|
Default: "5432"
|
|
|
|
DatabaseStorage:
|
|
|
|
Type: Number
|
|
|
|
Description: The amount of storage (in GB) allocated to the RDS instance
|
|
|
|
Default: "100"
|
|
|
|
DatabaseAccessCidr:
|
|
|
|
Type: String
|
|
|
|
Description: The CIDR used in the security group to secure the database
|
|
|
|
Default: "0.0.0.0/0"
|
|
|
|
DatabaseSecret:
|
|
|
|
Type: String
|
|
|
|
Description: Arn of the secret in Secret's Manager to use as the password
|
2019-10-24 01:44:48 +02:00
|
|
|
Default: ""
|
|
|
|
|
2019-11-03 23:34:28 +01:00
|
|
|
|
2019-10-24 01:44:48 +02:00
|
|
|
Conditions:
|
2019-11-03 23:34:28 +01:00
|
|
|
CreateSecret: !Equals [!Ref DatabaseSecret, ""]
|
2019-10-24 01:44:48 +02:00
|
|
|
|
|
|
|
Resources:
|
|
|
|
SecurityGroup:
|
|
|
|
Type: AWS::EC2::SecurityGroup
|
|
|
|
Properties:
|
|
|
|
GroupDescription: RDS Allowed Ports
|
|
|
|
VpcId: !Ref VpcId
|
|
|
|
SecurityGroupIngress:
|
|
|
|
- IpProtocol: icmp
|
|
|
|
FromPort: "-1"
|
|
|
|
ToPort: "-1"
|
2019-11-03 23:34:28 +01:00
|
|
|
CidrIp: !Ref DatabaseAccessCidr
|
2019-10-24 01:44:48 +02:00
|
|
|
- IpProtocol: tcp
|
2019-11-03 23:34:28 +01:00
|
|
|
FromPort: !Ref DatabasePort
|
|
|
|
ToPort: !Ref DatabasePort
|
|
|
|
CidrIp: !Ref DatabaseAccessCidr
|
2019-10-24 01:44:48 +02:00
|
|
|
SecurityGroupEgress:
|
|
|
|
- IpProtocol: icmp
|
|
|
|
FromPort: "-1"
|
|
|
|
ToPort: "-1"
|
|
|
|
CidrIp: 0.0.0.0/0
|
|
|
|
- IpProtocol: tcp
|
|
|
|
FromPort: "0"
|
|
|
|
ToPort: "65535"
|
|
|
|
CidrIp: 0.0.0.0/0
|
|
|
|
- IpProtocol: udp
|
|
|
|
FromPort: "0"
|
|
|
|
ToPort: "65535"
|
|
|
|
CidrIp: 0.0.0.0/0
|
|
|
|
|
|
|
|
RdsPassword:
|
|
|
|
Type: AWS::SecretsManager::Secret
|
|
|
|
Condition: CreateSecret
|
|
|
|
Properties:
|
|
|
|
Name: !Sub "nakama/rds/password"
|
|
|
|
Description: "Master password for RDS"
|
|
|
|
GenerateSecretString:
|
|
|
|
ExcludePunctuation: true
|
|
|
|
ExcludeCharacters: '"@/\'
|
|
|
|
|
|
|
|
DbInstance:
|
|
|
|
Type: AWS::RDS::DBInstance
|
|
|
|
Properties:
|
2019-11-03 23:34:28 +01:00
|
|
|
DBInstanceClass: !Ref InstanceClass
|
2019-10-24 01:44:48 +02:00
|
|
|
DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
|
2019-11-03 23:34:28 +01:00
|
|
|
Engine: !Ref DatabaseEngine
|
|
|
|
MasterUsername: !Ref DatabaseUsername
|
|
|
|
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
|
|
|
|
Port: !Ref DatabasePort
|
|
|
|
AllocatedStorage: !Ref DatabaseStorage
|
2019-10-24 01:44:48 +02:00
|
|
|
VPCSecurityGroups:
|
|
|
|
- !Ref SecurityGroup
|
|
|
|
|
|
|
|
Outputs:
|
|
|
|
RdsSecret:
|
|
|
|
Description: ARN of the Secret's Manager secret for the RDS password
|
2019-11-03 23:34:28 +01:00
|
|
|
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
|
2019-10-24 01:44:48 +02:00
|
|
|
RdsUsername:
|
|
|
|
Description: ARN of the Secret's Manager secret for the RDS password
|
2019-11-03 23:34:28 +01:00
|
|
|
Value: !Ref DatabaseUsername
|
2019-10-24 01:44:48 +02:00
|
|
|
RdsEnpoint:
|
|
|
|
Description: Endpoint to connect to database
|
|
|
|
Value: !GetAtt DbInstance.Endpoint.Address
|
|
|
|
RdsPort:
|
|
|
|
Description: Port to connect to database
|
|
|
|
Value: !GetAtt DbInstance.Endpoint.Port
|