updating CF templates

2020-04-30 03:18:49 +01:00
parent 581db77d35
commit 7bda4fe4ea
2 changed files with 52 additions and 14 deletions
--- a/.cloudformation/02-stack-vpc.yaml
+++ b/.cloudformation/02-stack-vpc.yaml
@@ -75,19 +75,24 @@ Outputs:
    Description: The VPC ID.
    Value: !Ref PublicVPC
    Export:
-      Name: !Sub "${AWS::StackName}-ELBStrapiPublicVPC"
+      Name: !Sub "${AWS::StackName}-PublicVPC"
+  PublicVPCIDDefaultSecurityGroup:
+    Description: The VPC default security group.
+    Value: !GetAtt PublicVPC.DefaultSecurityGroup
+    Export:
+      Name: !Sub "${AWS::StackName}-PublicVPCIDDefaultSecurityGroup"
  PublicSubnet0ID:
    Description: The ID of the subnet.
    Value: !Ref PublicSubnet0
    Export:
-      Name: !Sub "${AWS::StackName}-ELBStrapiSubnet0"
+      Name: !Sub "${AWS::StackName}-PublicSubnet0"
  PublicSubnet1ID:
    Description: The ID of the subnet.
    Value: !Ref PublicSubnet1
    Export:
-      Name: !Sub "${AWS::StackName}-ELBStrapiSubnet1"
+      Name: !Sub "${AWS::StackName}-PublicSubnet1"
  PublicSubnet2ID:
    Description: The ID of the subnet.
    Value: !Ref PublicSubnet2
    Export:
-      Name: !Sub "${AWS::StackName}-ELBStrapiSubnet2"
+      Name: !Sub "${AWS::StackName}-PublicSubnet2"
--- a/.cloudformation/03-stack-rdsinstance.yaml
+++ b/.cloudformation/03-stack-rdsinstance.yaml
@@ -1,13 +1,46 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: RDS and settings for ELB strapi deployment.
-Metadata:
-
+Description: This template creates an RDS database for an ELB environment.
+  In addition to the database it creates a subnet group for the RDS database,
+  a security group with Ingress rules only allowing connections to the database.
+  It uses an existing Public VPC and subnet already created in
+  another Cloudformation stack. This is public so the database can go out
+  to the internet.
 Parameters:
-
-Mappings:
-
-Conditions:
-
+  StackName:
+    Description: The stack name of another CloudFormation template. This is used
+      to prepend the name of other resources in other templates.
+    Type: String
 Resources:
-
-Outputs:
+  VPCSecurityGroupIngress:
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties:
+      GroupId:
+        Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup"
+      IpProtocol: tcp
+      FromPort: 5432
+      ToPort: 5432
+      CidrIp: 0.0.0.0/0
+  RDSSubnetGroup:
+    Type: AWS::RDS::DBSubnetGroup
+    Properties:
+      DBSubnetGroupDescription: A subnet group for the RDS instance.
+      SubnetIds:
+        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet0"
+        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet1"
+        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet2"
+  rdsDBInstance:
+    Type: AWS::RDS::DBInstance
+    Properties:
+      AllocatedStorage: 5
+      AllowMajorVersionUpgrade: false
+      AutoMinorVersionUpgrade: true
+      DBInstanceClass: "db.t2.micro"
+      DBName: postgres
+      Engine: postgres
+      EngineVersion: 12.2
+      MasterUsername: mainuser
+      MasterUserPassword: password
+      PubliclyAccessible: true
+      VPCSecurityGroups:
+        - Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup"
+      DBSubnetGroupName: !Ref RDSSubnetGroup