layla/aws-nakama-stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nakama custom Nakama authentication & update to RDS authentication

Browse Source
This commit is contained in:
Layla 2019-11-03 17:34:28 -05:00
parent 2f5497ee76
commit b5e72c7a6b
4 changed files with 132 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ReadMe.md
View File

@ -25,7 +25,7 @@ Parameters, `DatabaseUsername`, `DatabasePassword`, `DatabaseEndpoint`, and `Dat
- [x] Build Database
- [ ] Database configuration
- [x] Automatically migrate database
- [ ] Custom Admin User
- [x] Custom Admin User
- [ ] Custom security keys
- [ ] Formatted Launch Parameters
- [ ] Informative `ReadMe.md`

61
cloudformation/nakama/rds.yaml
View File

@ -12,16 +12,41 @@ Parameters:
Description: ID of the VPC
Type: AWS::EC2::VPC::Id
#------------------
# Secret's Manager
#------------------
Secret:
#-----------------
# RDS Information
#-----------------
InstanceClass:
Type: String
Description: Arn of the secret in Secret's Manager
Description: Instance class for the dabase to run on
Default: db.t2.micro
DatabaseEngine:
Type: String
Description: Database engine for the database to use
Default: postgres
DatabaseUsername:
Type: String
Description: Master account's username for database
Default: postgres
DatabasePort:
Type: Number
Description: Port for the database to open a socket on
Default: "5432"
DatabaseStorage:
Type: Number
Description: The amount of storage (in GB) allocated to the RDS instance
Default: "100"
DatabaseAccessCidr:
Type: String
Description: The CIDR used in the security group to secure the database
Default: "0.0.0.0/0"
DatabaseSecret:
Type: String
Description: Arn of the secret in Secret's Manager to use as the password
Default: ""
Conditions:
CreateSecret: !Equals [!Ref Secret, ""]
CreateSecret: !Equals [!Ref DatabaseSecret, ""]
Resources:
SecurityGroup:
@ -33,11 +58,11 @@ Resources:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
CidrIp: !Ref DatabaseAccessCidr
- IpProtocol: tcp
FromPort: "5432"
ToPort: "5432"
CidrIp: 0.0.0.0/0
FromPort: !Ref DatabasePort
ToPort: !Ref DatabasePort
CidrIp: !Ref DatabaseAccessCidr
SecurityGroupEgress:
- IpProtocol: icmp
FromPort: "-1"
@ -65,23 +90,23 @@ Resources:
DbInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: db.t2.micro
DBInstanceClass: !Ref InstanceClass
DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
Engine: postgres
MasterUsername: postgres
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
Port: "5432"
AllocatedStorage: "100"
Engine: !Ref DatabaseEngine
MasterUsername: !Ref DatabaseUsername
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
Port: !Ref DatabasePort
AllocatedStorage: !Ref DatabaseStorage
VPCSecurityGroups:
- !Ref SecurityGroup
Outputs:
RdsSecret:
Description: ARN of the Secret's Manager secret for the RDS password
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
RdsUsername:
Description: ARN of the Secret's Manager secret for the RDS password
Value: postgres
Value: !Ref DatabaseUsername
RdsEnpoint:
Description: Endpoint to connect to database
Value: !GetAtt DbInstance.Endpoint.Address

46
cloudformation/nakama/task.yaml
View File

@ -4,6 +4,22 @@ Parameters:
ServerName:
Type: String
Default: "nakama-default"
#----------------------------
# Admin Portal Configuration
#----------------------------
NakamaUsername:
Type: String
Description: Username to access the Nakama admin portal
Default: "admin"
NakamaPasswordOverride:
Type: String
Description: Override Nakama admin portal password
Default: ""
#------------------------
# Database Configuration
#------------------------
DatabaseUsername:
Type: String
Description: Username of the Postgres server
@ -19,7 +35,21 @@ Parameters:
Description: Port for the Postgres server
Default: 5432
Conditions:
CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""]
Resources:
AdminPortalPassword:
Type: AWS::SecretsManager::Secret
Condition: CreateSecret
Properties:
Name: !Sub "nakama/admin/password"
Description: "Admin portal password for Nakama"
GenerateSecretString:
ExcludePunctuation: true
ExcludeCharacters: '"@/\'
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
@ -48,13 +78,19 @@ Resources:
Ref: AWS::Region
awslogs-group:
Ref: LogGroup
EntryPoint:
MountPoints:
- ContainerPath: /nakama/volume
SourceVolume: "nakama-volume"
EntryPoint:
- "/bin/sh"
- "-ecx"
- Fn::Sub: |
/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&
exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort}
- !Join ["", [
!Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
!Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
!If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:", !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
]]
Volumes:
- Name: "nakama-volume"
Outputs:
TaskArn:
Description: ARN of the TaskDefinition

49
cloudformation/nakama/top.yaml
View File

@ -38,7 +38,18 @@ Parameters:
#----------------------
# Nakama Configuration
#----------------------
NakamaUsername:
Type: String
Description: Username to access the Nakama admin portal
Default: "admin"
NakamaPasswordOverride:
Type: String
Description: Override Nakama admin portal password. Leave blank for random password.
Default: ""
#------------------------
# Database Configuration
#------------------------
CreateDatabase:
Type: String
Default: "true"
@ -62,6 +73,32 @@ Parameters:
Description: Port for the Postgres server
Default: 5432
# Advanced RDS Configuration
RdsInstanceClass:
Type: String
Description: Instance class for the dabase to run on
Default: db.t2.micro
RdsEngine:
Type: String
Description: Database engine for the database to use
Default: postgres
AllowedValues: ["aurora", "aurora-mysql", "aurora-postgresql", "mariadb", "mysql", "oracle-ee", "oracle-se2", "oracle-se1", "oracle-se", "postgres", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web"]
RdsUsername:
Type: String
Description: Master account's username for database
Default: postgres
RdsPort:
Type: Number
Description: Port for the database to open a socket on
Default: "5432"
RdsStorage:
Type: Number
Description: The amount of storage (in GB) allocated to the RDS instance
Default: "100"
RdsAccessCidr:
Type: String
Description: The CIDR used in the security group to secure the database
Default: "0.0.0.0/0"
Conditions:
CreateRdsStack: !Equals [!Ref CreateDatabase, "true"]
@ -79,6 +116,12 @@ Resources:
Parameters:
environment: !Ref environment
VpcId: !Ref VpcId
InstanceClass: !Ref RdsInstanceClass
DatabaseEngine: !Ref RdsEngine
DatabaseUsername: !Ref RdsUsername
DatabasePort: !Ref RdsPort
DatabaseStorage: !Ref RdsStorage
DatabaseAccessCidr: !Ref RdsAccessCidr
#-----------------
# Load Balancing
@ -93,7 +136,7 @@ Resources:
Value: 60
Scheme: internet-facing
SecurityGroups:
- !Ref SecurityGroup
- !Ref AlbSecurityGroup
Subnets: !Split [",", !Ref PublicSubnets]
Tags:
- Key: Name
@ -101,7 +144,7 @@ Resources:
- Key: environment
Value: !Ref environment
SecurityGroup:
AlbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ECS Allowed Ports
@ -197,6 +240,8 @@ Resources:
DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword]
DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint]
DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]
NakamaUsername: !Ref NakamaUsername
NakamaPasswordOverride: !Ref NakamaPasswordOverride
EcsService:
DependsOn: AdminPortalAlbListener