Nakama custom Nakama authentication & update to RDS authentication

2019-11-03 17:34:28 -05:00 · 2019-11-03 17:34:28 -05:00 · b5e72c7a6b
commit b5e72c7a6b
parent 2f5497ee76
4 changed files with 132 additions and 26 deletions
--- a/ReadMe.md
+++ b/ReadMe.md
@ -25,7 +25,7 @@ Parameters, `DatabaseUsername`, `DatabasePassword`, `DatabaseEndpoint`, and `Dat
 - [x] Build Database
    - [ ] Database configuration
    - [x] Automatically migrate database
- [ ] Custom Admin User
+- [x] Custom Admin User
 - [ ] Custom security keys
 - [ ] Formatted Launch Parameters
 - [ ] Informative `ReadMe.md`
--- a/cloudformation/nakama/rds.yaml
+++ b/cloudformation/nakama/rds.yaml
@ -12,16 +12,41 @@ Parameters:
    Description: ID of the VPC
    Type: AWS::EC2::VPC::Id
-  #------------------
+  #-----------------
-  # Secret's Manager
+  # RDS Information
-  #------------------
+  #-----------------
-  Secret:
+  InstanceClass:
    Type: String
-    Description: Arn of the secret in Secret's Manager
+    Description: Instance class for the dabase to run on
    Default: db.t2.micro
  DatabaseEngine:
    Type: String
    Description: Database engine for the database to use
    Default: postgres
  DatabaseUsername:
    Type: String
    Description: Master account's username for database
    Default: postgres
  DatabasePort:
    Type: Number
    Description: Port for the database to open a socket on
    Default: "5432"
  DatabaseStorage:
    Type: Number
    Description: The amount of storage (in GB) allocated to the RDS instance
    Default: "100"
  DatabaseAccessCidr:
    Type: String
    Description: The CIDR used in the security group to secure the database
    Default: "0.0.0.0/0"
  DatabaseSecret:
    Type: String
    Description: Arn of the secret in Secret's Manager to use as the password
    Default: ""
 Conditions:
-  CreateSecret: !Equals [!Ref Secret, ""]
+  CreateSecret: !Equals [!Ref DatabaseSecret, ""]
 Resources:
  SecurityGroup:
@ -33,11 +58,11 @@ Resources:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
-          CidrIp: 0.0.0.0/0
+          CidrIp: !Ref DatabaseAccessCidr
        - IpProtocol: tcp
-          FromPort: "5432"
+          FromPort: !Ref DatabasePort
-          ToPort: "5432"
+          ToPort: !Ref DatabasePort
-          CidrIp: 0.0.0.0/0
+          CidrIp: !Ref DatabaseAccessCidr
      SecurityGroupEgress:
        - IpProtocol: icmp
          FromPort: "-1"
@ -65,23 +90,23 @@ Resources:
  DbInstance:
    Type: AWS::RDS::DBInstance
    Properties: 
-      DBInstanceClass: db.t2.micro
+      DBInstanceClass: !Ref InstanceClass
      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
-      Engine: postgres
+      Engine: !Ref DatabaseEngine
-      MasterUsername: postgres
+      MasterUsername: !Ref DatabaseUsername
-      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
+      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
-      Port: "5432"
+      Port: !Ref DatabasePort
-      AllocatedStorage: "100"
+      AllocatedStorage: !Ref DatabaseStorage
      VPCSecurityGroups:
        - !Ref SecurityGroup
 Outputs:
  RdsSecret:
    Description: ARN of the Secret's Manager secret for the RDS password
-    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
+    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
  RdsUsername:
    Description: ARN of the Secret's Manager secret for the RDS password
-    Value: postgres
+    Value: !Ref DatabaseUsername
  RdsEnpoint:
    Description: Endpoint to connect to database
    Value: !GetAtt DbInstance.Endpoint.Address
--- a/cloudformation/nakama/task.yaml
+++ b/cloudformation/nakama/task.yaml
@ -4,6 +4,22 @@ Parameters:
  ServerName:
    Type: String
    Default: "nakama-default"
  #----------------------------
  # Admin Portal Configuration
  #----------------------------
  NakamaUsername:
    Type: String
    Description: Username to access the Nakama admin portal
    Default: "admin"
  NakamaPasswordOverride:
    Type: String
    Description: Override Nakama admin portal password
    Default: ""
  #------------------------
  # Database Configuration
  #------------------------
  DatabaseUsername:
    Type: String
    Description: Username of the Postgres server
@ -19,7 +35,21 @@ Parameters:
    Description: Port for the Postgres server
    Default: 5432
 Conditions:
  CreateSecret: !Equals [!Ref NakamaPasswordOverride, ""]
 Resources:
  AdminPortalPassword:
    Type: AWS::SecretsManager::Secret
    Condition: CreateSecret
    Properties:
      Name: !Sub "nakama/admin/password"
      Description: "Admin portal password for Nakama"
      GenerateSecretString:
        ExcludePunctuation: true
        ExcludeCharacters: '"@/\'
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
@ -48,13 +78,19 @@ Resources:
              Ref: AWS::Region
            awslogs-group:
              Ref: LogGroup
-        EntryPoint:
+        MountPoints:
          - ContainerPath: /nakama/volume
            SourceVolume: "nakama-volume"
        EntryPoint: 
            - "/bin/sh"
            - "-ecx"
-            - Fn::Sub: |
+            - !Join ["", [
-                /nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&
+              !Sub "/nakama/nakama migrate up --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} &&\n",
-                exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort}
+              !Sub "exec /nakama/nakama --name ${ServerName} --database.address ${DatabaseUsername}:${DatabasePassword}@${DatabaseEndpoint}:${DatabasePort} --console.username ${NakamaUsername} --console.password \"",
-
+              !If [CreateSecret, !Join ["", ["{{resolve:secretsmanager:",  !Ref AdminPortalPassword,":SecretString}}" ]], !Ref NakamaPasswordOverride ], "\""
              ]]                
      Volumes:
        - Name: "nakama-volume"
 Outputs:
  TaskArn:
    Description: ARN of the TaskDefinition
--- a/cloudformation/nakama/top.yaml
+++ b/cloudformation/nakama/top.yaml
@ -38,7 +38,18 @@ Parameters:
  #----------------------
  # Nakama Configuration
  #----------------------
  NakamaUsername:
    Type: String
    Description: Username to access the Nakama admin portal
    Default: "admin"
  NakamaPasswordOverride:
    Type: String
    Description: Override Nakama admin portal password. Leave blank for random password.
    Default: ""
  #------------------------
  # Database Configuration
  #------------------------
  CreateDatabase:
    Type: String
    Default: "true"
@ -62,6 +73,32 @@ Parameters:
    Description: Port for the Postgres server
    Default: 5432
  # Advanced RDS Configuration
  RdsInstanceClass:
    Type: String
    Description: Instance class for the dabase to run on
    Default: db.t2.micro
  RdsEngine:
    Type: String
    Description: Database engine for the database to use
    Default: postgres
    AllowedValues: ["aurora", "aurora-mysql", "aurora-postgresql", "mariadb", "mysql", "oracle-ee", "oracle-se2", "oracle-se1", "oracle-se", "postgres", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web"]
  RdsUsername:
    Type: String
    Description: Master account's username for database
    Default: postgres
  RdsPort:
    Type: Number
    Description: Port for the database to open a socket on
    Default: "5432"
  RdsStorage:
    Type: Number
    Description: The amount of storage (in GB) allocated to the RDS instance
    Default: "100"
  RdsAccessCidr:
    Type: String
    Description: The CIDR used in the security group to secure the database
    Default: "0.0.0.0/0"
 Conditions:
  CreateRdsStack: !Equals [!Ref CreateDatabase, "true"]
@ -79,6 +116,12 @@ Resources:
      Parameters:
        environment: !Ref environment
        VpcId: !Ref VpcId
        InstanceClass: !Ref RdsInstanceClass
        DatabaseEngine: !Ref RdsEngine
        DatabaseUsername: !Ref RdsUsername
        DatabasePort: !Ref RdsPort
        DatabaseStorage: !Ref RdsStorage
        DatabaseAccessCidr: !Ref RdsAccessCidr
  #-----------------
  # Load Balancing 
@ -93,7 +136,7 @@ Resources:
          Value: 60
      Scheme: internet-facing
      SecurityGroups:
-        - !Ref SecurityGroup
+        - !Ref AlbSecurityGroup
      Subnets: !Split [",", !Ref PublicSubnets]
      Tags:
        - Key: Name
@ -101,7 +144,7 @@ Resources:
        - Key: environment
          Value: !Ref environment
-  SecurityGroup:
+  AlbSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: ECS Allowed Ports
@ -197,6 +240,8 @@ Resources:
        DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword]
        DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint]
        DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]
        NakamaUsername: !Ref NakamaUsername
        NakamaPasswordOverride: !Ref NakamaPasswordOverride
  EcsService:
    DependsOn: AdminPortalAlbListener