-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-prerequisite-resources-template.yml
93 lines (80 loc) · 2.79 KB
/
aws-prerequisite-resources-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a service on AWS Fargate, hosted in a public subnet, and accessible via a public load balancer.
Parameters:
Subnet1Id:
Type: String
Description: The name of the parent Fargate networking stack that you created. Necessary
to locate and reference resources created by that stack.
Subnet2Id:
Type: String
Description: The name of the parent Fargate networking stack that you created. Necessary
to locate and reference resources created by that stack.
Subnet3Id:
Type: String
Description: The name of the parent Fargate networking stack that you created. Necessary
to locate and reference resources created by that stack.
SecurityGroups:
Type: String
Description: The name of the parent Fargate networking stack that you created. Necessary
to locate and reference resources created by that stack.
DBClusterIdentifier:
Type: String
Description: The name of the database cluster
DBName:
Type: String
Description: The name of the database
Resources:
MyRepository:
Type: AWS::ECR::Repository
Properties:
RepositoryName: "allen_backend_registry"
AllenBackendLogStream:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: '/fargate/allenBackend'
RetentionInDays: 7
AuroraSecrets:
Type: "AWS::SecretsManager::Secret"
Properties:
Name: Allen-Backend-Secrets
GenerateSecretString:
PasswordLength: 15
ExcludeCharacters: '"@/\~<=;(){}-_$^!`*&'
SecretStringTemplate: '{"username": "admin"}'
GenerateStringKey: "password"
AuroraDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: "Auto generated by Cloudformation template"
SubnetIds:
- !Ref Subnet1Id
- !Ref Subnet2Id
- !Ref Subnet3Id
Aurora:
Type: 'AWS::RDS::DBCluster'
Properties:
DatabaseName: !Ref DBName
DBClusterIdentifier: !Ref DBClusterIdentifier
MasterUsername: !Sub '{{resolve:secretsmanager:${AuroraSecrets}:SecretString:username}}'
MasterUserPassword: !Sub '{{resolve:secretsmanager:${AuroraSecrets}:SecretString:password}}'
Engine: aurora-mysql
EngineMode: serverless
DBSubnetGroupName: !Ref AuroraDBSubnetGroup
VpcSecurityGroupIds:
- !Ref 'SecurityGroups'
ScalingConfiguration:
AutoPause: true
MinCapacity: 1
MaxCapacity: 2
SecondsUntilAutoPause: 3600 # 1h
LinkSecretsToAurora:
Type: "AWS::SecretsManager::SecretTargetAttachment"
Properties:
SecretId: !Ref AuroraSecrets
TargetId: !Ref Aurora
TargetType: AWS::RDS::DBCluster
Outputs:
AuroraSecretsARN:
Value: !Ref LinkSecretsToAurora
Export:
Name: !Sub "${AWS::StackName}-AuroraSecretsARN"