Optional build RDS database

2025-10-31 10:03:03 +01:00 · 2019-10-23 19:44:48 -04:00
parent f7529c993c
commit 567d8c837f
3 changed files with 129 additions and 7 deletions
--- a/cloudformation/nakama/rds.yaml
+++ b/cloudformation/nakama/rds.yaml
@ -0,0 +1,90 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Nakama RDS stack
+Parameters:
+  #------------------------
+  # Deployment Information
+  #------------------------
+  environment:
+    Type: String
+    Description: Name of the environment
+    Default: production
+  VpcId:
+    Description: ID of the VPC
+    Type: AWS::EC2::VPC::Id
+
+  #------------------
+  # Secret's Manager
+  #------------------
+  Secret:
+    Type: String
+    Description: Arn of the secret in Secret's Manager
+    Default: ""
+
+Conditions:
+  CreateSecret: !Equals [!Ref Secret, ""]
+
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: RDS Allowed Ports
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "5432"
+          ToPort: "5432"
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: udp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+
+  RdsPassword:
+    Type: AWS::SecretsManager::Secret
+    Condition: CreateSecret
+    Properties:
+      Name: !Sub "nakama/rds/password"
+      Description: "Master password for RDS"
+      GenerateSecretString:
+        ExcludePunctuation: true
+        ExcludeCharacters: '"@/\'
+
+  DbInstance:
+    Type: AWS::RDS::DBInstance
+    Properties: 
+      DBInstanceClass: db.t2.micro
+      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
+      Engine: postgres
+      MasterUsername: postgres
+      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
+      Port: "5432"
+      AllocatedStorage: "100"
+      VPCSecurityGroups:
+        - !Ref SecurityGroup
+
+Outputs:
+  RdsSecret:
+    Description: ARN of the Secret's Manager secret for the RDS password
+    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
+  RdsUsername:
+    Description: ARN of the Secret's Manager secret for the RDS password
+    Value: postgres
+  RdsEnpoint:
+    Description: Endpoint to connect to database
+    Value: !GetAtt DbInstance.Endpoint.Address
+  RdsPort:
+    Description: Port to connect to database
+    Value: !GetAtt DbInstance.Endpoint.Port
--- a/cloudformation/nakama/top.yaml
+++ b/cloudformation/nakama/top.yaml
@ -14,6 +14,9 @@ Parameters:
    Default: production
    AllowedValues: ['develop', 'production']
    ConstraintDescription: "Must be a possible release version."
+  VpcId:
+    Description: ID of the VPC
+    Type: AWS::EC2::VPC::Id

  #-------------------
  # ECS Configuration
@ -28,9 +31,6 @@ Parameters:
  PublicSubnets:
    Description: The public subnets for the ALB to run in.
    Type: String
-  VpcId:
-    Description: ID of the VPC
-    Type: AWS::EC2::VPC::Id
  PortalCertificate:
    Description: Arn of AWS Certificate
    Type: String
@ -38,6 +38,13 @@ Parameters:
  #----------------------
  # Nakama Configuration
  #----------------------
+
+  CreateDatabase:
+    Type: String
+    Default: "true"
+    AllowedValues: ["true", "false"]
+
+  # Manual Database Configuration
  DatabaseUsername:
    Type: String
    Description: Username of the Postgres server
@ -45,16 +52,34 @@ Parameters:
  DatabasePassword:
    Type: String
    Description: Password for the Postgres server
+    Default: ""
  DatabaseEndpoint:
    Type: String
    Description: Endpoint for the Postgres server
+    Default: ""
  DatabasePort:
    Type: Number
    Description: Port for the Postgres server
    Default: 5432

+
+Conditions:
+  CreateRdsStack: !Equals [!Ref CreateDatabase, "true"]
+
 Resources:

+  #----------
+  # Database
+  #----------
+  RdsDatabase:
+    Condition: CreateRdsStack
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/rds.yaml'
+      Parameters:
+        environment: !Ref environment
+        VpcId: !Ref VpcId
+
  #-----------------
  # Load Balancing 
  #-----------------
@ -168,10 +193,10 @@ Resources:
    Properties:
      TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/task.yaml'
      Parameters:
-        DatabaseUsername: !Ref DatabaseUsername
-        DatabasePassword: !Ref DatabasePassword
-        DatabaseEndpoint: !Ref DatabaseEndpoint
-        DatabasePort: !Ref DatabasePort
+        DatabaseUsername: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsUsername, !Ref DatabaseUsername]
+        DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword]
+        DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint]
+        DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]

  EcsService:
    DependsOn: AdminPortalAlbListener