From 567d8c837fe38f13e1e44c2c753baf152da3e0f5 Mon Sep 17 00:00:00 2001 From: Joseph Manley Date: Wed, 23 Oct 2019 19:44:48 -0400 Subject: [PATCH] Optional build RDS database --- ReadMe.md | 7 +++ cloudformation/nakama/rds.yaml | 90 ++++++++++++++++++++++++++++++++++ cloudformation/nakama/top.yaml | 39 ++++++++++++--- 3 files changed, 129 insertions(+), 7 deletions(-) create mode 100644 cloudformation/nakama/rds.yaml diff --git a/ReadMe.md b/ReadMe.md index 555d8c1..56760fa 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -10,6 +10,10 @@ Make sure you are logged into the AWS Console and have permissions then click: Fill out the parameters and launch! +### Parameter Notes + +Parameters, `DatabaseUsername`, `DatabasePassword`, `DatabaseEndpoint`, and `DatabasePort`, only used if `CreateDatabase` is false. + ## To Do - [ ] Load Balancing @@ -18,6 +22,9 @@ Fill out the parameters and launch! - [ ] Auto Scaling - [x] Dynamic Port Routing - [x] HTTPS +- [x] Build Database - [ ] Custom Admin User - [x] Automatically migrate database - [ ] Custom security keys +- [ ] Formatted Launch Parameters +- [ ] Informative `ReadMe.md` diff --git a/cloudformation/nakama/rds.yaml b/cloudformation/nakama/rds.yaml new file mode 100644 index 0000000..e304dcf --- /dev/null +++ b/cloudformation/nakama/rds.yaml @@ -0,0 +1,90 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: Nakama RDS stack +Parameters: + #------------------------ + # Deployment Information + #------------------------ + environment: + Type: String + Description: Name of the environment + Default: production + VpcId: + Description: ID of the VPC + Type: AWS::EC2::VPC::Id + + #------------------ + # Secret's Manager + #------------------ + Secret: + Type: String + Description: Arn of the secret in Secret's Manager + Default: "" + +Conditions: + CreateSecret: !Equals [!Ref Secret, ""] + +Resources: + SecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: RDS Allowed Ports + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: "-1" + ToPort: "-1" + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: "5432" + ToPort: "5432" + CidrIp: 0.0.0.0/0 + SecurityGroupEgress: + - IpProtocol: icmp + FromPort: "-1" + ToPort: "-1" + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: "0" + ToPort: "65535" + CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: "0" + ToPort: "65535" + CidrIp: 0.0.0.0/0 + + RdsPassword: + Type: AWS::SecretsManager::Secret + Condition: CreateSecret + Properties: + Name: !Sub "nakama/rds/password" + Description: "Master password for RDS" + GenerateSecretString: + ExcludePunctuation: true + ExcludeCharacters: '"@/\' + + DbInstance: + Type: AWS::RDS::DBInstance + Properties: + DBInstanceClass: db.t2.micro + DBInstanceIdentifier: !Sub "nakama-rds-${environment}" + Engine: postgres + MasterUsername: postgres + MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]] + Port: "5432" + AllocatedStorage: "100" + VPCSecurityGroups: + - !Ref SecurityGroup + +Outputs: + RdsSecret: + Description: ARN of the Secret's Manager secret for the RDS password + Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] + RdsUsername: + Description: ARN of the Secret's Manager secret for the RDS password + Value: postgres + RdsEnpoint: + Description: Endpoint to connect to database + Value: !GetAtt DbInstance.Endpoint.Address + RdsPort: + Description: Port to connect to database + Value: !GetAtt DbInstance.Endpoint.Port \ No newline at end of file diff --git a/cloudformation/nakama/top.yaml b/cloudformation/nakama/top.yaml index 9b7bf36..a6307cd 100644 --- a/cloudformation/nakama/top.yaml +++ b/cloudformation/nakama/top.yaml @@ -14,6 +14,9 @@ Parameters: Default: production AllowedValues: ['develop', 'production'] ConstraintDescription: "Must be a possible release version." + VpcId: + Description: ID of the VPC + Type: AWS::EC2::VPC::Id #------------------- # ECS Configuration @@ -28,9 +31,6 @@ Parameters: PublicSubnets: Description: The public subnets for the ALB to run in. Type: String - VpcId: - Description: ID of the VPC - Type: AWS::EC2::VPC::Id PortalCertificate: Description: Arn of AWS Certificate Type: String @@ -38,6 +38,13 @@ Parameters: #---------------------- # Nakama Configuration #---------------------- + + CreateDatabase: + Type: String + Default: "true" + AllowedValues: ["true", "false"] + + # Manual Database Configuration DatabaseUsername: Type: String Description: Username of the Postgres server @@ -45,16 +52,34 @@ Parameters: DatabasePassword: Type: String Description: Password for the Postgres server + Default: "" DatabaseEndpoint: Type: String Description: Endpoint for the Postgres server + Default: "" DatabasePort: Type: Number Description: Port for the Postgres server Default: 5432 + +Conditions: + CreateRdsStack: !Equals [!Ref CreateDatabase, "true"] + Resources: + #---------- + # Database + #---------- + RdsDatabase: + Condition: CreateRdsStack + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/rds.yaml' + Parameters: + environment: !Ref environment + VpcId: !Ref VpcId + #----------------- # Load Balancing #----------------- @@ -168,10 +193,10 @@ Resources: Properties: TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/task.yaml' Parameters: - DatabaseUsername: !Ref DatabaseUsername - DatabasePassword: !Ref DatabasePassword - DatabaseEndpoint: !Ref DatabaseEndpoint - DatabasePort: !Ref DatabasePort + DatabaseUsername: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsUsername, !Ref DatabaseUsername] + DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword] + DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint] + DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort] EcsService: DependsOn: AdminPortalAlbListener