forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathno_value.yaml
161 lines (152 loc) · 6 KB
/
no_value.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
---
AWSTemplateFormatVersion: '2010-09-09'
Description: MyApp RDS instances
Parameters:
pApplicationName:
Type: String
Description: Application name (typically MyApp).
Default: MyApp
pMultiAZ:
Type: String
Description: Set to true to create instances in both AZs, false for one.
AllowedValues:
- true
- false
pEnhancedMonitoring:
Type: String
Description: Set to true to enable RDS enhanced monitoring, false to disable.
AllowedValues:
- true
- false
pDBAllocatedStorage:
Type: String
Description: The amount of disk storage allocated to the database server.
pDBParameterGroupFamily:
Type: String
Description: The RDS parameter group family.
pDBInstanceClass:
Type: String
Description: The RDS instance class.
pDBEngine:
Type: String
Description: The RDS Engine.
pDBEngineVersion:
Type: String
Description: The RDS Engine version.
pDBMasterUsername:
Type: String
Description: The DB Master Username.
pDBServerPort:
Type: Number
Description: The DB engine port. Valid values are 1150-65535 except for 1434, 3389, 47001, 49152, and 49152 through 49156.
Default: 1433
pProdMonitoringInterval:
Type: Number
Description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance when running in the Prod stage.
Default: 60
pDevMonitoringInterval:
Type: Number
Description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance when running in the Dev stage.
Default: 0
Resources:
rParameterGroup:
Type: AWS::RDS::DBParameterGroup
Properties:
Description: !Join [' ', [!Ref pApplicationName, 'RDS Parameter Group.']]
Family: !Ref pDBParameterGroupFamily
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
rDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: !Join [' ', [!Ref pApplicationName, 'RDS Subnet Group.']]
SubnetIds:
- Fn::ImportValue: !Sub "${pApplicationName}:subnet:data:1"
- Fn::ImportValue: !Sub "${pApplicationName}:subnet:data:2"
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
rDBPassword:
Type: Custom::Secret
Properties:
Name: !Sub "/passwords/rds/${AWS::StackName}"
KeyAlias: alias/aws/ssm
Alphabet: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Length: 30
ReturnSecret: true
ServiceToken:
Fn::Join: [ ":", [ "arn:aws:lambda", !Ref "AWS::Region", ! "Ref": "AWS::AccountId", "function:binxio-cfn-secret-provider" ] ]
rDBMonitoringRole:
Type: AWS::IAM::Role
Condition: EnhancedMonitoring
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: monitoring.rds.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: "MyAppRDSEnhancedMonitoring"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:PutRetentionPolicy
Resource:
- arn:aws:logs:*:*:log-group:RDS*
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
- logs:GetLogEvents
Resource:
- arn:aws:logs:*:*:log-group:RDS*:log-stream:*
rDBServerInstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref pDBAllocatedStorage
AllowMajorVersionUpgrade: False
AutoMinorVersionUpgrade: True
BackupRetentionPeriod: 35
CopyTagsToSnapshot: True
DBInstanceClass: !Ref pDBInstanceClass
DBParameterGroupName: !Ref rParameterGroup
DBSubnetGroupName: !Ref rDBSubnetGroup
Engine: !Ref pDBEngine
EngineVersion: !Ref pDBEngineVersion
LicenseModel: license-included
MasterUserPassword: !GetAtt [ rDBPassword, "Secret" ]
MasterUsername: !Ref pDBMasterUsername
# MonitoringInterval: !If [ EnhancedMonitoring, !Ref pProdMonitoringInterval, !Ref pDevMonitoringInterval ]
MonitoringRoleArn:
Fn::If:
- EnhancedMonitoring
- !GetAtt [ rDBMonitoringRole, Arn ]
- !Ref AWS::NoValue
MultiAZ: !If [ MultiAZ, true, false ]
Port: !Ref pDBServerPort
PubliclyAccessible: False
StorageEncrypted: True
StorageType: gp2
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
VPCSecurityGroups:
- Fn::ImportValue: !Sub "${pApplicationName}:sg:data"
Conditions:
MultiAZ: !Equals [ !Ref pMultiAZ, true ]
EnhancedMonitoring: !Equals [ !Ref pEnhancedMonitoring, true ]