API tools faq
paste
Guest User

Untitled

a guest
Dec 11th, 2017
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.88 KB | None | 0 0
raw download clone embed print report
  1. # I recommend to encrypt your database to make sure your snapshots and logs are encrypted too.
  2. # Automatic snapshots are stored by AWS itself, however manual snapshots will be stored in your S3 account.
  3. # You don't want to accidentally open access to an unencrypted version of your data!
  4. # It is also preferable not to use your default AWS master key if you ever need to transfer a snapshot to another
  5. # AWS account later as you can't give cross-account access to your master key.
  6. #
  7. # Not that we only create one primary DB instance for now, no read replica.
  8. KmsKey:
  9. Type: AWS::KMS::Key
  10. Properties:
  11. Description: !Sub KMS Key for our ${AWS::StackName} DB
  12. KeyPolicy:
  13. Id: !Ref AWS::StackName
  14. Version: "2012-10-17"
  15. Statement:
  16. -
  17. Sid: "Allow administration of the key"
  18. Effect: "Allow"
  19. Action:
  20. - kms:Create*
  21. - kms:Describe*
  22. - kms:Enable*
  23. - kms:List*
  24. - kms:Put*
  25. - kms:Update*
  26. - kms:Revoke*
  27. - kms:Disable*
  28. - kms:Get*
  29. - kms:Delete*
  30. - kms:ScheduleKeyDeletion
  31. - kms:CancelKeyDeletion
  32. Principal:
  33. AWS: !Ref AWS::AccountId
  34. Resource: '*'
  35. -
  36. Sid: "Allow use of the key"
  37. Effect: "Allow"
  38. Principal:
  39. AWS: !Ref AWS::AccountId
  40. Action:
  41. - "kms:Encrypt"
  42. - "kms:Decrypt"
  43. - "kms:ReEncrypt*"
  44. - "kms:GenerateDataKey*"
  45. - "kms:DescribeKey"
  46. Resource: "*"
  47.  
  48. DatabaseSubnetGroup:
  49. Type: AWS::RDS::DBSubnetGroup
  50. Properties:
  51. DBSubnetGroupDescription: CloudFormation managed DB subnet group.
  52. SubnetIds: !Ref DatabaseSubnets
  53.  
  54. DatabaseCluster:
  55. Type: AWS::RDS::DBCluster
  56. Properties:
  57. Engine: aurora
  58. DatabaseName: !Ref DatabaseName
  59. MasterUsername: !Ref DatabaseUsername
  60. MasterUserPassword: !Ref DatabasePassword
  61. BackupRetentionPeriod: 7
  62. PreferredBackupWindow: 01:00-02:30
  63. PreferredMaintenanceWindow: mon:03:00-mon:04:00
  64. DBSubnetGroupName: !Ref DatabaseSubnetGroup
  65. KmsKeyId: !GetAtt KmsKey.Arn
  66. StorageEncrypted: true
  67. VpcSecurityGroupIds:
  68. - !Ref DatabaseSecurityGroup
  69.  
  70. DatabasePrimaryInstance:
  71. Type: AWS::RDS::DBInstance
  72. Properties:
  73. Engine: aurora
  74. DBClusterIdentifier: !Ref DatabaseCluster
  75. DBInstanceClass: !Ref DatabaseInstanceType
  76. DBSubnetGroupName: !Ref DatabaseSubnetGroup
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!