-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathAuroraRDSServerless.yml
87 lines (78 loc) · 3.36 KB
/
AuroraRDSServerless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Resources:
# RDS log group, when created automatically by the serverless framework,
# gets orphaned and is not deleted when the cloudformation stack is deleted.
# To make sure it is deleted along with the stack,
# we create it manually and include it in the stack.
RDSClusterLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: /aws/rds/cluster/${self:custom.stage}-cluster/postgresql
RetentionInDays: ${self:provider.logRetentionInDays}
DBSubnetGroup:
Type: 'AWS::RDS::DBSubnetGroup'
Properties:
DBSubnetGroupDescription: ${self:provider.stackName}-DBSubnetGroup
SubnetIds:
- !Ref SubnetAPrivate
- !Ref SubnetBPrivate
SGIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: ClusterSecurityGroup
Properties:
Description: "RDS port ingress Self Reference"
FromPort: '5432'
GroupId: !Ref ClusterSecurityGroup
IpProtocol: tcp
SourceSecurityGroupId: !Ref ClusterSecurityGroup
ToPort: '5432'
ClusterSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: !Ref 'AWS::StackName'
VpcId:
Fn::Join:
- ""
- - !Ref VPC
Tags:
- Key: Name
Value: ${self:provider.stackName}-AuroraClusterSecurityGroup
# Info about this resource below
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html
ClusterSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: ${self:provider.stackName}-AuroraClusterSecret
Description: 'This is the Master secret for the RDS Aurora cluster'
GenerateSecretString:
SecretStringTemplate: '{"username": "demo"}'
GenerateStringKey: 'password'
PasswordLength: 16
ExcludeCharacters: '"@/\'
SecretRDSInstanceAttachment:
Type: AWS::SecretsManager::SecretTargetAttachment
Properties:
SecretId: !Ref ClusterSecret
TargetId: !Ref AuroraDBCluster
TargetType: AWS::RDS::DBCluster
AuroraDBCluster:
Type: AWS::RDS::DBCluster
UpdateReplacePolicy: ${self:custom.DBUpdateReplacePolicy.${self:custom.stage}, self:custom.DBUpdateReplacePolicy.default}
DeletionPolicy: ${self:custom.deletionPolicy.${self:custom.stage}, self:custom.deletionPolicy.default}
Properties:
DBClusterIdentifier: ${self:custom.DBClusterIdentifier}
# DatabaseName: ${self:custom.DatabaseName}
Engine: aurora-postgresql
EngineMode: serverless
EngineVersion: "10.7"
EnableHttpEndpoint: true
BackupRetentionPeriod: ${self:custom.DBBackupRetentionPeriod.${self:custom.stage}, self:custom.DBBackupRetentionPeriod.default}
DeletionProtection: ${self:custom.DBDeletionProtection.${self:custom.stage}, self:custom.DBDeletionProtection.default}
MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref ClusterSecret, ':SecretString:username}}' ]]
MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref ClusterSecret, ':SecretString:password}}' ]]
DBSubnetGroupName: !Ref DBSubnetGroup
VpcSecurityGroupIds:
- !Ref ClusterSecurityGroup
ScalingConfiguration:
AutoPause: ${self:custom.DBautopause.${self:custom.stage}, self:custom.DBautopause.default}
MinCapacity: ${self:custom.MinTableThroughput}
MaxCapacity: ${self:custom.MaxTableThroughput}