Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AWSTemplateFormatVersion: 2010-09-09
- Description: This creates an Aurora RDS cluster with 2 instances and using Secrets Manger to generate and store the password
- Parameters:
- SubnetA:
- Description: Subnets to use for Aurora deployment
- Type: AWS::EC2::Subnet::Id
- SubnetB:
- Description: Subnets to use for Aurora deployment
- Type: AWS::EC2::Subnet::Id
- DefaultSecurityGroup:
- Description: Default VPC security group
- Type: AWS::EC2::SecurityGroup::Id
- KmsKeyId:
- Description: KMS Key ID to use for encrypting secrets
- Type: String
- DBName:
- Description: Name of database
- Type: String
- DBInstanceType:
- Description: Instance type for instances in the Aurora cluster
- Type: String
- DeleteAutomatedBackups:
- Description: Defines whether to keep automated database backups when DB instance deleted
- Type: String
- DeletionProtection:
- Description: Defines whether deletion protection should be enabled
- Type: String
- Resources:
- DBSubnetGroup:
- Type: AWS::RDS::DBSubnetGroup
- Properties:
- DBSubnetGroupDescription: Subnet group that Aurora instances are deployed into
- DBSubnetGroupName: aurora-subnet-group
- SubnetIds:
- - !Ref SubnetA
- - !Ref SubnetB
- # Creates custom DB Parameter Group
- DBParameterGroup:
- Type: AWS::RDS::DBParameterGroup
- Properties:
- Description: Custom parameter group for instances in Aurora cluster
- Family: aurora-mysql5.7
- Parameters:
- max_allowed_packet: '134217728'
- Tags:
- - Key: Name
- Value: aurora-parameter-group
- DBCluster:
- Type: AWS::RDS::DBCluster
- Properties:
- BackupRetentionPeriod: 7
- DatabaseName: !Ref DBName
- DBClusterParameterGroupName: default.aurora-mysql5.7
- DBSubnetGroupName: !Ref DBSubnetGroup
- DeletionProtection: !Ref DeletionProtection
- Engine: aurora-mysql
- EngineMode: provisioned
- EngineVersion: 5.7.12
- MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:username}}' ]]
- MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:password}}' ]]
- Port: 3306
- PreferredBackupWindow: 00:00-00:30
- PreferredMaintenanceWindow: Sun:23:00-Sun:23:30
- StorageEncrypted: true
- Tags:
- - Key: Name
- Value: DBCluster
- VpcSecurityGroupIds:
- - !Ref DefaultSecurityGroup
- DBInstanceA:
- Type: AWS::RDS::DBInstance
- Properties:
- DBClusterIdentifier: !Ref DBCluster
- DBInstanceClass: !Ref DBInstanceType
- DBParameterGroupName: !Ref DBParameterGroup
- DBSubnetGroupName: !Ref DBSubnetGroup
- DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
- Engine: aurora-mysql
- DBInstanceB:
- Type: AWS::RDS::DBInstance
- Properties:
- DBClusterIdentifier: !Ref DBCluster
- DBInstanceClass: !Ref DBInstanceType
- DBParameterGroupName: !Ref DBParameterGroup
- DBSubnetGroupName: !Ref DBSubnetGroup
- DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
- Engine: aurora-mysql
- DBSecret:
- Type: AWS::SecretsManager::Secret
- Properties:
- Description: Username and password for database
- KmsKeyId: !Ref KmsKeyId
- GenerateSecretString:
- GenerateStringKey: "password"
- PasswordLength: 20
- SecretStringTemplate: '{"username": "master-user"}'
- ExcludePunctuation: True
- Tags:
- - Key: Name
- Value: db-secret
- Name: DBSecret
- DBSecretAttachment:
- Type: AWS::SecretsManager::SecretTargetAttachment
- Properties:
- SecretId: !Ref DBSecret
- TargetId: !Ref DBCluster
- TargetType: AWS::RDS::DBCluster
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement