AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama RDS stack
Parameters:
  #------------------------
  # Deployment Information
  #------------------------
  environment:
    Type: String
    Description: Name of the environment
    Default: production
  VpcId:
    Description: ID of the VPC
    Type: AWS::EC2::VPC::Id

  #------------------
  # Secret's Manager
  #------------------
  Secret:
    Type: String
    Description: Arn of the secret in Secret's Manager
    Default: ""

Conditions:
  CreateSecret: !Equals [!Ref Secret, ""]

Resources:
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: RDS Allowed Ports
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "5432"
          ToPort: "5432"
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0

  RdsPassword:
    Type: AWS::SecretsManager::Secret
    Condition: CreateSecret
    Properties:
      Name: !Sub "nakama/rds/password"
      Description: "Master password for RDS"
      GenerateSecretString:
        ExcludePunctuation: true
        ExcludeCharacters: '"@/\'

  DbInstance:
    Type: AWS::RDS::DBInstance
    Properties: 
      DBInstanceClass: db.t2.micro
      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
      Engine: postgres
      MasterUsername: postgres
      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
      Port: "5432"
      AllocatedStorage: "100"
      VPCSecurityGroups:
        - !Ref SecurityGroup

Outputs:
  RdsSecret:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
  RdsUsername:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: postgres
  RdsEnpoint:
    Description: Endpoint to connect to database
    Value: !GetAtt DbInstance.Endpoint.Address
  RdsPort:
    Description: Port to connect to database
    Value: !GetAtt DbInstance.Endpoint.Port