Optional build RDS database

ReadMe.md

@@ -10,6 +10,10 @@ Make sure you are logged into the AWS Console and have permissions then click:
 
 Fill out the parameters and launch!
 
+### Parameter Notes
+
+Parameters, `DatabaseUsername`, `DatabasePassword`, `DatabaseEndpoint`, and `DatabasePort`, only used if `CreateDatabase` is false.
+
 ## To Do
 
 - [ ] Load Balancing
@@ -18,6 +22,9 @@ Fill out the parameters and launch!
 - [ ] Auto Scaling
 - [x] Dynamic Port Routing
 - [x] HTTPS
+- [x] Build Database
 - [ ] Custom Admin User
 - [x] Automatically migrate database
 - [ ] Custom security keys
+- [ ] Formatted Launch Parameters
+- [ ] Informative `ReadMe.md`

cloudformation/nakama/rds.yaml

@@ -0,0 +1,90 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Nakama RDS stack
+Parameters:
+  #------------------------
+  # Deployment Information
+  #------------------------
+  environment:
+    Type: String
+    Description: Name of the environment
+    Default: production
+  VpcId:
+    Description: ID of the VPC
+    Type: AWS::EC2::VPC::Id
+
+  #------------------
+  # Secret's Manager
+  #------------------
+  Secret:
+    Type: String
+    Description: Arn of the secret in Secret's Manager
+    Default: ""
+
+Conditions:
+  CreateSecret: !Equals [!Ref Secret, ""]
+
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: RDS Allowed Ports
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "5432"
+          ToPort: "5432"
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: icmp
+          FromPort: "-1"
+          ToPort: "-1"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: udp
+          FromPort: "0"
+          ToPort: "65535"
+          CidrIp: 0.0.0.0/0
+
+  RdsPassword:
+    Type: AWS::SecretsManager::Secret
+    Condition: CreateSecret
+    Properties:
+      Name: !Sub "nakama/rds/password"
+      Description: "Master password for RDS"
+      GenerateSecretString:
+        ExcludePunctuation: true
+        ExcludeCharacters: '"@/\'
+
+  DbInstance:
+    Type: AWS::RDS::DBInstance
+    Properties: 
+      DBInstanceClass: db.t2.micro
+      DBInstanceIdentifier: !Sub "nakama-rds-${environment}"
+      Engine: postgres
+      MasterUsername: postgres
+      MasterUserPassword: !Join ["", ["{{resolve:secretsmanager:", !If [ CreateSecret, !Ref RdsPassword, !Ref Secret] ,":SecretString}}" ]]
+      Port: "5432"
+      AllocatedStorage: "100"
+      VPCSecurityGroups:
+        - !Ref SecurityGroup
+
+Outputs:
+  RdsSecret:
+    Description: ARN of the Secret's Manager secret for the RDS password
+    Value: !If [ CreateSecret, !Ref RdsPassword, !Ref Secret]
+  RdsUsername:
+    Description: ARN of the Secret's Manager secret for the RDS password
+    Value: postgres
+  RdsEnpoint:
+    Description: Endpoint to connect to database
+    Value: !GetAtt DbInstance.Endpoint.Address
+  RdsPort:
+    Description: Port to connect to database
+    Value: !GetAtt DbInstance.Endpoint.Port

cloudformation/nakama/top.yaml

@@ -14,6 +14,9 @@ Parameters:
     Default: production
     AllowedValues: ['develop', 'production']
     ConstraintDescription: "Must be a possible release version."
+  VpcId:
+    Description: ID of the VPC
+    Type: AWS::EC2::VPC::Id
 
   #-------------------
   # ECS Configuration
@@ -28,9 +31,6 @@ Parameters:
   PublicSubnets:
     Description: The public subnets for the ALB to run in.
     Type: String
-  VpcId:
-    Description: ID of the VPC
-    Type: AWS::EC2::VPC::Id
   PortalCertificate:
     Description: Arn of AWS Certificate
     Type: String
@@ -38,6 +38,13 @@ Parameters:
   #----------------------
   # Nakama Configuration
   #----------------------
+
+  CreateDatabase:
+    Type: String
+    Default: "true"
+    AllowedValues: ["true", "false"]
+
+  # Manual Database Configuration
   DatabaseUsername:
     Type: String
     Description: Username of the Postgres server
@@ -45,16 +52,34 @@ Parameters:
   DatabasePassword:
     Type: String
     Description: Password for the Postgres server
+    Default: ""
   DatabaseEndpoint:
     Type: String
     Description: Endpoint for the Postgres server
+    Default: ""
   DatabasePort:
     Type: Number
     Description: Port for the Postgres server
     Default: 5432
 
+
+Conditions:
+  CreateRdsStack: !Equals [!Ref CreateDatabase, "true"]
+
 Resources:
 
+  #----------
+  # Database
+  #----------
+  RdsDatabase:
+    Condition: CreateRdsStack
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/rds.yaml'
+      Parameters:
+        environment: !Ref environment
+        VpcId: !Ref VpcId
+
   #-----------------
   # Load Balancing 
   #-----------------
@@ -168,10 +193,10 @@ Resources:
     Properties:
       TemplateURL: !Sub 'https://s3.${AWS::Region}.amazonaws.com/sumu-stacks/nakama/${release}/cloudformation/nakama/task.yaml'
       Parameters:
-        DatabaseUsername: !Ref DatabaseUsername
+        DatabaseUsername: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsUsername, !Ref DatabaseUsername]
-        DatabasePassword: !Ref DatabasePassword
+        DatabasePassword: !If ["CreateRdsStack", !Join ["", ["{{resolve:secretsmanager:", !GetAtt RdsDatabase.Outputs.RdsSecret, ":SecretString}}" ]], !Ref DatabasePassword]
-        DatabaseEndpoint: !Ref DatabaseEndpoint
+        DatabaseEndpoint: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsEnpoint, !Ref DatabaseEndpoint]
-        DatabasePort: !Ref DatabasePort
+        DatabasePort: !If ["CreateRdsStack", !GetAtt RdsDatabase.Outputs.RdsPort, !Ref DatabasePort]
 
   EcsService:
     DependsOn: AdminPortalAlbListener