-
Notifications
You must be signed in to change notification settings - Fork 63
/
Copy path06_rds.yaml
135 lines (124 loc) · 3.81 KB
/
06_rds.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
AWSTemplateFormatVersion: 2010-09-09
Description: Part 2 - Add a database with CloudFormation
Parameters:
AvailabilityZone:
Type: AWS::EC2::AvailabilityZone::Name
EnvironmentType:
Description: 'Specify the Environment type of the stack.'
Type: String
Default: dev
AllowedValues:
- dev
- test
- prod
AmiID:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Description: 'The ID of the AMI.'
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
KeyPairName:
Type: String
Description: The name of an existing Amazon EC2 key pair in this region to use to SSH into the Amazon EC2 instances.
DBInstanceIdentifier:
Type: String
Default: 'webapp-db'
DBUsername:
NoEcho: 'true'
Description: Username for Postgresql database access
Type: String
MinLength: '1'
MaxLength: '16'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: Must begin with a letter and contain only alphanumeric characters.
Default: 'postgres'
DBPassword:
NoEcho: 'true'
Description: Password for Postgresql database access
Type: String
MinLength: '8'
MaxLength: '41'
AllowedPattern: '[a-zA-Z0-9]*'
ConstraintDescription: Must contain only alphanumeric characters.
Mappings:
EnvironmentToInstanceType:
dev:
InstanceType: t2.nano
test:
InstanceType: t2.micro
prod:
InstanceType: t2.small
Resources:
WebAppInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: !Ref AvailabilityZone
ImageId: !Ref AmiID
InstanceType: !FindInMap [EnvironmentToInstanceType, !Ref EnvironmentType, InstanceType]
KeyName: !Ref KeyPairName
SecurityGroupIds:
- !Ref WebAppSecurityGroup
WebAppSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join [ '-', [ webapp-security-group, !Ref EnvironmentType ] ]
GroupDescription: 'Allow HTTP/HTTPS and SSH inbound and outbound traffic'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
WebAppEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref WebAppInstance
Tags:
- Key: Name
Value: !Join [ '-', [ webapp-eip, !Ref EnvironmentType ] ]
WebAppDatabase:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
VPCSecurityGroups:
- !GetAtt DBEC2SecurityGroup.GroupId
AllocatedStorage: '5'
DBInstanceClass: db.t3.micro
Engine: postgres
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
Tags:
- Key: Name
Value: !Join [ '-', [ webapp-rds, !Ref EnvironmentType ] ]
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
DBEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join [ '-', [ webapp-db-security-group, !Ref EnvironmentType ] ]
GroupDescription: Allow postgres inbound traffic
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
SourceSecurityGroupName:
Ref: WebAppSecurityGroup
Tags:
- Key: Name
Value: !Join [ '-', [ webapp-db-security-group, !Ref EnvironmentType ] ]
Outputs:
WebsiteURL:
Value: !Sub http://${WebAppEIP}
Description: WebApp URL
WebServerPublicDNS:
Description: 'Public DNS of EC2 instance'
Value: !GetAtt WebAppInstance.PublicDnsName
WebAppDatabaseEndpoint:
Description: 'Connection endpoint for the database'
Value: !GetAtt WebAppDatabase.Endpoint.Address