AWSTemplateFormatVersion: 2010-09-09
Description: This template creates an RDS database for an ELB environment.
  In addition to the database it creates a subnet group for the RDS database,
  a security group with Ingress rules only allowing connections to the database.
  It uses an existing Public VPC and subnet already created in
  another Cloudformation stack. This is public so the database can go out
  to the internet.
Parameters:
  StackName:
    Description: The stack name of another CloudFormation template. This is used
      to prepend the name of other resources in other templates.
    Type: String
Resources:
  RDSSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: A subnet group for the RDS instance.
      SubnetIds:
        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet0"
        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet1"
        - Fn::ImportValue: !Sub "${StackName}-PublicSubnet2"
  RDSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-RDS-SecurityGroup"
      GroupDescription: Security Group for RDS allowing ingress on DB port only.
      VpcId:
        Fn::ImportValue: !Sub "${StackName}-PublicVPC"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 5432
          ToPort: 5432
          CidrIp: 82.6.205.148/32
        - IpProtocol: tcp
          FromPort: 5432
          ToPort: 5432
          SourceSecurityGroupId:
            Fn::ImportValue: !Sub "${StackName}-ASSecurityGroup"
  RDSDBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 5
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: true
      DBInstanceClass: "db.t2.micro"
      DBName: postgres
      Engine: postgres
      EngineVersion: 12.2
      MasterUsername: mainuser
      MasterUserPassword: password
      PubliclyAccessible: true
      VPCSecurityGroups:
        - !Ref RDSSecurityGroup
      DBSubnetGroupName: !Ref RDSSubnetGroup