-
Notifications
You must be signed in to change notification settings - Fork 0
/
rds-aurora-mysql.yaml
138 lines (123 loc) · 4.14 KB
/
rds-aurora-mysql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# aws cloudformation create-stack --stack-name rds-aurora-mysql-us-east-1-demo --template-body file://rds-aurora-mysql.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: >
This template creates a RDS Aurora MySQL Database (Serverless) and also utilizes Secrets Manager.
Parameters:
DeploymentId:
Type: String
Description: A unique deployment identifier.
Default: demo
Owner:
Type: String
Description: Email address of the person that created the stack.
Default: [email protected]
Service:
Type: String
Description: Name of the service or product that is associated with this stack.
Default: aurora-mysql
RdsAuroraMySqlDatabaseName:
Type: String
Description: RDS database name.
Default: demo
RdsAuroraMySqlInstanceType:
Description: RDS EC2 instance type
Type: String
Default: db.t2.small
# The Resources section specifies the resources and their properties deployed in the stack.
Resources:
### RDS Aurora MySQL Database ###
RdsAuroraMySqlSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: EES RDS Subnet Group
SubnetIds:
- !ImportValue 'DatabaseSubnetAz1'
- !ImportValue 'DatabaseSubnetAz2'
Tags:
- Key: Name
Value: !Sub rds-${Service}-${DeploymentId}
- Key: Service
Value: !Ref 'Service'
- Key: Owner
Value: !Ref 'Owner'
RdsAuroraMySqlSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: RDS Security Group
VpcId: !ImportValue 'VpcId'
Tags:
- Key: Name
Value: !Sub rds-${Service}-${DeploymentId}
- Key: Service
Value: !Ref 'Service'
- Key: Owner
Value: !Ref 'Owner'
RdsAuroraMySqlSecurityGroup3306Inbound:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref 'RdsAuroraMySqlSecurityGroup'
IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
CidrIp: 10.19.0.0/24
RdsAuroraMySqlDbCluster:
Type: AWS::RDS::DBCluster
DeletionPolicy: Snapshot
Properties:
DatabaseName: !Ref 'RdsAuroraMySqlDatabaseName'
DBClusterIdentifier: !Join ['-', [ !Ref 'Service', rds, !Ref 'AWS::Region', !Ref 'DeploymentId']]
DBSubnetGroupName: !Ref 'RdsAuroraMySqlSubnetGroup'
Engine: aurora
EngineMode: serverless
MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref RdsAuroraMySqlDbSecret, ':SecretString:username}}' ]]
MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref RdsAuroraMySqlDbSecret, ':SecretString:password}}' ]]
BackupRetentionPeriod: 7
StorageEncrypted: true
ScalingConfiguration:
AutoPause: true
MaxCapacity: 2
MinCapacity: 1
SecondsUntilAutoPause: 300
Tags:
- Key: Name
Value: !Sub rds-${Service}-${DeploymentId}
- Key: Service
Value: !Ref 'Service'
- Key: Owner
Value: !Ref 'Owner'
VpcSecurityGroupIds:
- !Ref 'RdsAuroraMySqlSecurityGroup'
### Secrets Manager ###
RdsAuroraMySqlDbSecret:
Type: AWS::SecretsManager::Secret
Properties:
Description: "Dynamically generated secret password."
GenerateSecretString:
SecretStringTemplate: '{"username": "admin"}'
GenerateStringKey: "password"
PasswordLength: 16
ExcludeCharacters: '"@/\'
Tags:
- Key: Name
Value: !Sub rds-${Service}-${DeploymentId}
- Key: Service
Value: !Ref 'Service'
- Key: Owner
Value: !Ref 'Owner'
SecretRDSInstanceAttachment:
Type: AWS::SecretsManager::SecretTargetAttachment
Properties:
SecretId: !Ref RdsAuroraMySqlDbSecret
TargetId: !Ref RdsAuroraMySqlDbCluster
TargetType: AWS::RDS::DBCluster
Outputs:
RdsAuroraMySqlDbClusterUrl:
Description: RDS Aurora MySQL Database URL
Value: !GetAtt [RdsAuroraMySqlDbCluster, Endpoint.Address]
Export:
Name: RdsAuroraMySqlDbClusterUrl
RdsAuroraMySqlDbName:
Description: RDS Aurora MySQL Database Name
Value: !Ref 'RdsAuroraMySqlDatabaseName'
Export:
Name: RdsAuroraMySqlDbName