RDS PostgreSQL database with secure firewall configuration, encryption, multi AZ, backup enabled, and alerting.
Install Node.js and npm first!
npm i @cfn-modules/rds-postgres
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Database:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
ClientSgModule: !GetAtt 'ClientSg.Outputs.StackName' # required
AlertingModule: '' # optional
HostedZoneModule: '' # optional
BastionModule: '' # optional
KmsKeyModule: '' # optional
SecretModule: '' # optional
DBSnapshotIdentifier: '' # optional
DBAllocatedStorage: '5' # optional
DBInstanceClass: 'db.t4g.micro' # optional
DBName: '' # optional
DBBackupRetentionPeriod: '30' # optional
DBMasterUsername: 'master' # optional
DBMasterUserPassword: '' # required if neither DBSnapshotIdentifier nor SecretModule is set
DBMultiAZ: 'true' # optional
SubDomainNameWithDot: 'postgres.' # optional
# Set this to the version of PostgreSQL you want to use.
# You can run the following command to get the list of PostgreSQL versions supported by AWS RDS:
# aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
EngineVersion: '14.12'
EnableIAMDatabaseAuthentication: 'false' # optional
TemplateURL: './node_modules/@cfn-modules/rds-postgres/module.yml'
Name | Description | Default | Required? | Allowed values |
---|---|---|---|---|
VpcModule | Stack name of vpc module | yes | ||
ClientSgModule | Stack name of client-sg module where traffic is allowed from on port 5432 to the database | yes | ||
AlertingModule | Stack name of alerting module | no | ||
HostedZoneModule | Stack name of module implementing HostedZone | no | ||
BastionModule | Stack name of module implementing Bastion | no | ||
KmsKeyModule | Stack name of kms-key module | no | ||
SecretModule | Stack name of secret module | no | ||
DBSnapshotIdentifier | Name or Amazon Resource Name (ARN) of the DB snapshot from which you want to restore (leave blank to create an empty database) | no | ||
DBAllocatedStorage | The allocated storage size, specified in GB (ignored when DBSnapshotIdentifier is set, value used from snapshot) | 5 | no | [5-16384] |
DBInstanceClass | The instance type of the database | db.t4g.micro | no | |
DBName | Name of the database (ignored when DBSnapshotIdentifier is set, value used from snapshot) | auto generated value | no | |
DBBackupRetentionPeriod | The number of days to keep snapshots of the database | 35 | no | [0-35] |
DBMasterUsername | The master user name for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot) | master | no | |
DBMasterUserPassword | The master password for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot; also ignored if SecretModule is set). | yes (no if DBSnapshotIdentifier is set) | ||
DBMultiAZ | Specifies if the database instance is deployed to multiple Availability Zones for HA | true | no | [true, false] |
SubDomainNameWithDot | Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! | test. | no | |
EngineVersion | The PostgreSQL version. | yes |
Set this to the version of PostgreSQL you want to use. You can run the following command to get the list of PostgreSQL versions supported by AWS RDS:aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
|
|
EnableIAMDatabaseAuthentication | Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts). | false | no | [true, false] |
- Scalable: RDS instances capacity (CPU, RAM, network, ...) is limited by design
- Monitoring: Network In+Out is not monitored according to capacity of instance type