AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama RDS stack
Parameters:
#------------------------
# Deployment Information
#------------------------
environment:
Type: String
Description: Name of the environment
Default: production
VpcId:
Description: ID of the VPC
Type: AWS::EC2::VPC::Id
#------------------
# Secret's Manager
#------------------
Secret:
Type: String
Description: Arn of the secret in Secret's Manager
Default: ""
Conditions:
CreateSecret: !Equals [!Ref Secret, ""]
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: RDS Allowed Ports
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "5432"
ToPort: "5432"
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: icmp
FromPort: "-1"
ToPort: "-1"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: "0"
ToPort: "65535"
CidrIp: 0.0.0.0/0
RdsPassword:
Type: AWS::SecretsManager::Secret
Condition: CreateSecret
Properties:
Name: !Sub "nakama/rds/password"
Description: "Master password for RDS"
GenerateSecretString:
ExcludePunctuation: true
ExcludeCharacters: '"@/\'
DbInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: db.t2.micro
DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
Engine: postgres
MasterUsername: postgres
MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
Port: "5432"
AllocatedStorage: "100"
VPCSecurityGroups:
- !Ref SecurityGroup
Outputs:
RdsSecret:
Description: ARN of the Secret's Manager secret for the RDS password
Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
RdsUsername:
Description: ARN of the Secret's Manager secret for the RDS password
Value: postgres
RdsEnpoint:
Description: Endpoint to connect to database
Value: !GetAtt DbInstance.Endpoint.Address
RdsPort:
Description: Port to connect to database
Value: !GetAtt DbInstance.Endpoint.Port