aws-nakama-stack/cloudformation/nakama/rds.yaml

115 lines
3.3 KiB
YAML
Raw Normal View History

2019-10-24 01:44:48 +02:00
AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama RDS stack
Parameters:
#------------------------
# Deployment Information
#------------------------
environment:
Type: String
Description: Name of the environment
Default: production
VpcId:
Description: ID of the VPC
Type: AWS::EC2::VPC::Id
#-----------------
# RDS Information
#-----------------
InstanceClass:
2019-10-24 01:44:48 +02:00
Type: String
Description: Instance class for the dabase to run on
Default: db.t2.micro
DatabaseEngine:
Type: String
Description: Database engine for the database to use
Default: postgres
DatabaseUsername:
Type: String
Description: Master account's username for database
Default: postgres
DatabasePort:
Type: Number
Description: Port for the database to open a socket on
Default: "5432"
DatabaseStorage:
Type: Number
Description: The amount of storage (in GB) allocated to the RDS instance
Default: "100"
DatabaseAccessCidr:
Type: String
Description: The CIDR used in the security group to secure the database
Default: "0.0.0.0/0"
DatabaseSecret:
Type: String
Description: Arn of the secret in Secret's Manager to use as the password
2019-10-24 01:44:48 +02:00
Default: ""
2019-10-24 01:44:48 +02:00
Conditions:
CreateSecret: !Equals [!Ref DatabaseSecret, ""]
2019-10-24 01:44:48 +02:00
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: RDS Allowed Ports
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: !Ref DatabaseAccessCidr
2019-10-24 01:44:48 +02:00
- IpProtocol: tcp
FromPort: !Ref DatabasePort
ToPort: !Ref DatabasePort
CidrIp: !Ref DatabaseAccessCidr
2019-10-24 01:44:48 +02:00
SecurityGroupEgress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
RdsPassword:
Type: AWS::SecretsManager::Secret
Condition: CreateSecret
Properties:
Name: !Sub "nakama/rds/password"
Description: "Master password for RDS"
GenerateSecretString:
ExcludePunctuation: true
ExcludeCharacters: '"@/\'
DbInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: !Ref InstanceClass
2019-10-24 01:44:48 +02:00
DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
Engine: !Ref DatabaseEngine
MasterUsername: !Ref DatabaseUsername
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
Port: !Ref DatabasePort
AllocatedStorage: !Ref DatabaseStorage
2019-10-24 01:44:48 +02:00
VPCSecurityGroups:
- !Ref SecurityGroup
Outputs:
RdsSecret:
Description: ARN of the Secret's Manager secret for the RDS password
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
2019-10-24 01:44:48 +02:00
RdsUsername:
Description: ARN of the Secret's Manager secret for the RDS password
Value: !Ref DatabaseUsername
2019-10-24 01:44:48 +02:00
RdsEnpoint:
Description: Endpoint to connect to database
Value: !GetAtt DbInstance.Endpoint.Address
RdsPort:
Description: Port to connect to database
Value: !GetAtt DbInstance.Endpoint.Port