AWSTemplateFormatVersion: 2010-09-09Description: This creates an Aurora RDS clu

1. AWSTemplateFormatVersion: 2010-09-09
2. Description: This creates an Aurora RDS cluster with 2 instances and using Secrets Manger to generate and store the password
3.  
4. Parameters:
5. SubnetA:
6. Description: Subnets to use for Aurora deployment
7. Type: AWS::EC2::Subnet::Id
8.  
9. SubnetB:
10. Description: Subnets to use for Aurora deployment
11. Type: AWS::EC2::Subnet::Id
12.  
13.  
14. DefaultSecurityGroup:
15. Description: Default VPC security group
16. Type: AWS::EC2::SecurityGroup::Id
17.  
18. KmsKeyId:
19. Description: KMS Key ID to use for encrypting secrets
20. Type: String
21.  
22. DBName:
23. Description: Name of database
24. Type: String
25.  
26. DBInstanceType:
27. Description: Instance type for instances in the Aurora cluster
28. Type: String
29.  
30. DeleteAutomatedBackups:
31. Description: Defines whether to keep automated database backups when DB instance deleted
32. Type: String
33.  
34. DeletionProtection:
35. Description: Defines whether deletion protection should be enabled
36. Type: String
37.  
38. Resources:
39. DBSubnetGroup:
40. Type: AWS::RDS::DBSubnetGroup
41. Properties:
42. DBSubnetGroupDescription: Subnet group that Aurora instances are deployed into
43. DBSubnetGroupName: aurora-subnet-group
44. SubnetIds:
45. - !Ref SubnetA
46. - !Ref SubnetB
47.  
48. # Creates custom DB Parameter Group
49. DBParameterGroup:
50. Type: AWS::RDS::DBParameterGroup
51. Properties:
52. Description: Custom parameter group for instances in Aurora cluster
53. Family: aurora-mysql5.7
54. Parameters:
55. max_allowed_packet: '134217728'
56. Tags:
57. - Key: Name
58. Value: aurora-parameter-group
59.  
60. DBCluster:
61. Type: AWS::RDS::DBCluster
62. Properties:
63. BackupRetentionPeriod: 7
64. DatabaseName: !Ref DBName
65. DBClusterParameterGroupName: default.aurora-mysql5.7
66. DBSubnetGroupName: !Ref DBSubnetGroup
67. DeletionProtection: !Ref DeletionProtection
68. Engine: aurora-mysql
69. EngineMode: provisioned
70. EngineVersion: 5.7.12
71. MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:username}}' ]]
72. MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:password}}' ]]
73. Port: 3306
74. PreferredBackupWindow: 00:00-00:30
75. PreferredMaintenanceWindow: Sun:23:00-Sun:23:30
76. StorageEncrypted: true
77. Tags:
78. - Key: Name
79. Value: DBCluster
80. VpcSecurityGroupIds:
81. - !Ref DefaultSecurityGroup
82.  
83. DBInstanceA:
84. Type: AWS::RDS::DBInstance
85. Properties:
86. DBClusterIdentifier: !Ref DBCluster
87. DBInstanceClass: !Ref DBInstanceType
88. DBParameterGroupName: !Ref DBParameterGroup
89. DBSubnetGroupName: !Ref DBSubnetGroup
90. DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
91. Engine: aurora-mysql
92.  
93. DBInstanceB:
94. Type: AWS::RDS::DBInstance
95. Properties:
96. DBClusterIdentifier: !Ref DBCluster
97. DBInstanceClass: !Ref DBInstanceType
98. DBParameterGroupName: !Ref DBParameterGroup
99. DBSubnetGroupName: !Ref DBSubnetGroup
100. DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
101. Engine: aurora-mysql
102.  
103. DBSecret:
104. Type: AWS::SecretsManager::Secret
105. Properties:
106. Description: Username and password for database
107. KmsKeyId: !Ref KmsKeyId
108. GenerateSecretString:
109. GenerateStringKey: "password"
110. PasswordLength: 20
111. SecretStringTemplate: '{"username": "master-user"}'
112. ExcludePunctuation: True
113. Tags:
114. - Key: Name
115. Value: db-secret
116. Name: DBSecret
117.  
118. DBSecretAttachment:
119. Type: AWS::SecretsManager::SecretTargetAttachment
120. Properties:
121. SecretId: !Ref DBSecret
122. TargetId: !Ref DBCluster
123. TargetType: AWS::RDS::DBCluster