AWSTemplateFormatVersion: "2010-09-09"
Description: Nakama RDS stack
Parameters:
  #------------------------
  # Deployment Information
  #------------------------
  environment:
    Type: String
    Description: Name of the environment
    Default: production
  VpcId:
    Description: ID of the VPC
    Type: AWS::EC2::VPC::Id

  #-----------------
  # RDS Information
  #-----------------
  InstanceClass:
    Type: String
    Description: Instance class for the dabase to run on
    Default: db.t2.micro
  DatabaseEngine:
    Type: String
    Description: Database engine for the database to use
    Default: postgres
  DatabaseUsername:
    Type: String
    Description: Master account's username for database
    Default: postgres
  DatabasePort:
    Type: Number
    Description: Port for the database to open a socket on
    Default: "5432"
  DatabaseStorage:
    Type: Number
    Description: The amount of storage (in GB) allocated to the RDS instance
    Default: "100"
  DatabaseAccessCidr:
    Type: String
    Description: The CIDR used in the security group to secure the database
    Default: "0.0.0.0/0"
  DatabaseSecret:
    Type: String
    Description: Arn of the secret in Secret's Manager to use as the password
    Default: ""


Conditions:
  CreateSecret: !Equals [!Ref DatabaseSecret, ""]

Resources:
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: RDS Allowed Ports
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: !Ref DatabaseAccessCidr
        - IpProtocol: tcp
          FromPort: !Ref DatabasePort
          ToPort: !Ref DatabasePort
          CidrIp: !Ref DatabaseAccessCidr
      SecurityGroupEgress:
        - IpProtocol: icmp
          FromPort: "-1"
          ToPort: "-1"
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0
        - IpProtocol: udp
          FromPort: "0"
          ToPort: "65535"
          CidrIp: 0.0.0.0/0

  RdsPassword:
    Type: AWS::SecretsManager::Secret
    Condition: CreateSecret
    Properties:
      Name: !Sub "nakama/rds/password"
      Description: "Master password for RDS"
      GenerateSecretString:
        ExcludePunctuation: true
        ExcludeCharacters: '"@/\'

  DbInstance:
    Type: AWS::RDS::DBInstance
    Properties: 
      DBInstanceClass: !Ref InstanceClass
      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
      Engine: !Ref DatabaseEngine
      MasterUsername: !Ref DatabaseUsername
      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret] ,":SecretString}}" ]]
      Port: !Ref DatabasePort
      AllocatedStorage: !Ref DatabaseStorage
      VPCSecurityGroups:
        - !Ref SecurityGroup

Outputs:
  RdsSecret:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref DatabaseSecret]
  RdsUsername:
    Description: ARN of the Secret's Manager secret for the RDS password
    Value: !Ref DatabaseUsername
  RdsEnpoint:
    Description: Endpoint to connect to database
    Value: !GetAtt DbInstance.Endpoint.Address
  RdsPort:
    Description: Port to connect to database
    Value: !GetAtt DbInstance.Endpoint.Port